On Wed, Sep 21, 2016 at 05:28:26PM -0400, c0nw0nk wrote:
Hi there,
> Thanks for the information so based of what that resource says and from what
> I understand surely that field should only say "anonymous" or "username" if
> on those files / folders in my Nginx config I use "auth_basic" ?
No.
Hi, here's some clarifications:
What is the thing writing to nginx? (stunnel, I think)
stunnel according to the setup:
Transmission remote GUI:443 -> sshttp:443 -> stunnel:1443 ->
nginx:127.0.0.1:443 (no ssl, with listen ... proxy_protocol,
port_in_redirect on)
How is it configured?
[tls]
accept
Thanks a lot Francis.
Apparently nginx was once started as root. So automatically the ownership of
the temp folders got changed to nginx user.
This explains the sudden permission change even though I had set it
explictly.
Thanks for your help.
Cheers,
Sushma
Posted at Nginx Forum:
https://forum
Hi,
link to patch is not working, could you please provide the new one?
Posted at Nginx Forum:
https://forum.nginx.org/read.php?2,20,269746#msg-269746
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Hello,
i have a script where i can upload files. the uri is like
https://example.com/foo/bar.pl
the location looks like
location ~ ^/foo/(.*.\.pl|cgi)$ {
...
}
then a upload url is generatred
https://example.com/foo/u/f28c104/df3d-45ce/example.txt
the location for the uploaded files looks li
I'm just a bit surprised that "port_in_redirect off" does not also
work. But that's ok -- I'm often surprised.
There's a "if" in src/http/ngx_http_header_filter_module.c which changes
port's value from 443 to 0 when on ssl + port initially 443 so
https://adrhc.go.ro/ffp_0.7_armv5 would redirect to
Is there something like a release timeline for HTTP/2 server push feature in
Nginx? It would help make https connections faster and get rid of one TCP
roundtrip.
Posted at Nginx Forum:
https://forum.nginx.org/read.php?2,269749,269749#msg-269749
___
ngi
I have files by myself.
the part of my conf looks like
location ~ ^/foo/(.*.\.pl|cgi)$ {
...
}
location ~ ^/foo/d/(.+?)(/.*)$ {
try_files foo /foo/dl.pl;
}
foo is a non existent file, so always dl.pl is executed
On 22.09.2016 13:13, basti wrote:
> Hello,
>
> i have a script where i can up
Hello,
It seems that when nginx creates unix domain sockets as a result of the listen
directive it assigns rw permissions for all users.
This is probably because the bind() call which creates the file follows the
process umask. Nginx sets the umask to 0 which is the most relaxed setting.
Is the
Nginx readers,
i have a webdav like server that serv files, and access it through nginx,
it is actually a subversion repo, so the files (and directory) are listed
in an
ugly html page, not recursively.
/directory/files1
/directory/files2
[..]
I am fishing for ideas to do something like
location
Hello!
On Wed, Sep 21, 2016 at 02:28:59PM -0400, Tim wrote:
> This may not be the right list but do you know if the Windows
> nginx binaries will be relinked to pick up the new openssl-1.0.2
> which will be released tomorrow (Sept 22)?
As far as I can see, the only issue marked as "high" doesn
On Thu, Sep 22, 2016 at 05:54:35AM -0400, adrhc wrote:
Hi there,
> What is the thing writing to nginx? (stunnel, I think)
> stunnel according to the setup:
I strongly suspect that your stunnel is not doing what you want it to do.
If you "tcpdump" the traffic out of stunnel; or if you replace ng
I ran one of these website inspection services on my website and it was deemed
to be subject to Clickjacking. This might be a false positive since I don't use
frames, but the info on this link was enough to make the error go away. I chose
"DENY" since I don't use frames.
https://geekflare.com/
Hello!
On Thu, Sep 22, 2016 at 01:12:21PM +, Manole, Sorin wrote:
> Hello,
>
> It seems that when nginx creates unix domain sockets as a result
> of the listen directive it assigns rw permissions for all users.
> This is probably because the bind() call which creates the file
> follows the
https://www.owasp.org/index.php/Clickjacking_Defense_Cheat_Sheet
Inside your tags.
body{display:none !important;}
if (self === top) {
var antiClickjack = document.getElementById("antiClickjack");
antiClickjack.parentNode.removeChild(antiClickjack);
} else {
top.locat
I saw that, but I took the path of least resistance. The method I mentioned was
sufficient to pass the tinfoilsecurity.com test.
To tinfoils's credit, they provided three references on Clickjacking, one of
which is the website you suggested.
Original Message
From: c0nw0nk
Sent: Thursday, S
If you read the OWASP page it will also mention about header stripping etc
and proxies that will remove the X-Frames headers there is no real way to
stop proxies framing your site but the X-Frame-Options combined with that
JavaScript is a good way to start it will stop the majority.
Also break the
I serve no ads. I even pulled my piwik so that my sites can be surfed no
script.
Can you clickjack an encrypted page? How would the browser handle two certs?
Original Message
From: c0nw0nk
Sent: Thursday, September 22, 2016 1:57 PM
To: nginx@nginx.org
Reply To: nginx@nginx.org
Subject: Re:
18 matches
Mail list logo