Whitelist certain query string results in infinite redirect loop

2016-08-03 Thread jwxie
Hi. Our login page accepts a query parameter called client_id. Suppose we have three applications and their respective client_ids are: client_id=external-app client_id=internal-app1 client_id=internal-app2 You may guess... behind the scene we do an oauth login that's why "client_id" is in the ur

Re: Configuring nginx for both static pages and fcgi simultaneously

2016-08-03 Thread Maxim Dounin
Hello! On Wed, Aug 03, 2016 at 07:07:53PM +0200, B.R. wrote: > I disagree: it is a good feature to check for script file existence before > calling PHP on it with something like: > try_files [...] =404; > It helps mitigating attacks by avoiding to pave the way to undue files > being interpreted.

access log debugging

2016-08-03 Thread Ian Evans
Not sure if it's the heat and I'm tired... Had access logs off for a long time. Decided to start it up again to try and track down a bot issue. Added access_log /var/log/nginx/access.log; to my server config. Restarted. It creates a log file. Notice it has root:root permissions, while the er

Re: NGINX http-secure-link 403 !!

2016-08-03 Thread shahzaib mushtaq
Looks like, its working now. Added root directive under server {} section & link got loaded into the browser though 403 still occurs in terminal when calling with curl (not much to worry about i guess) . On Wed, Aug 3, 2016 at 10:17 PM, shahzaib mushtaq wrote: > H, > > Can you please help to fix

Re: NGINX http-secure-link 403 !!

2016-08-03 Thread shahzaib mushtaq
H, Can you please help to fix it ? expire= is already fixed but issue still persists. Regards. Shahzaib On Wed, Aug 3, 2016 at 9:30 PM, shahzaib mushtaq wrote: > Hi, > > Thanks for response though i already had fixed this mistake, during > copy/paste the commands on this forum made a typo. Her

Re: Configuring nginx for both static pages and fcgi simultaneously

2016-08-03 Thread B.R.
I disagree: it is a good feature to check for script file existence before calling PHP on it with something like: try_files [...] =404; It helps mitigating attacks by avoiding to pave the way to undue files being interpreted. That only works if the filesystem containing PHP scripts is accessible f

Re: NGINX http-secure-link 403 !!

2016-08-03 Thread shahzaib mushtaq
Hi, Thanks for response though i already had fixed this mistake, during copy/paste the commands on this forum made a typo. Here you can see i've created date + md5 but still 403 error : http://prntscr.com/c1690d On Wed, Aug 3, 2016 at 9:21 PM, Maxim Dounin wrote: > Hello! > > On Wed, Aug 03, 2

Re: NGINX http-secure-link 403 !!

2016-08-03 Thread Maxim Dounin
Hello! On Wed, Aug 03, 2016 at 08:38:36PM +0500, shahzaib mushtaq wrote: > Hi, > > We've configured nginx --with-http_secure_link_module to secure the mp4 > links. Currently we're testing it with very basic settings. Following is > brief explanation of our lab : > > A test.mp4 file is located u

NGINX http-secure-link 403 !!

2016-08-03 Thread shahzaib mushtaq
Hi, We've configured nginx --with-http_secure_link_module to secure the mp4 links. Currently we're testing it with very basic settings. Following is brief explanation of our lab : A test.mp4 file is located under directory /tunefiles/files/test.mp4 . Our objective is to access this file over secu

Re: Auth_digest not working

2016-08-03 Thread Maxim Dounin
Hello! On Tue, Aug 02, 2016 at 05:55:13PM +0200, Matthias Fechner wrote: > Am 01.08.2016 um 00:53 schrieb Maxim Dounin: > > The auth_digest module is a 3rd party one. And the message > > suggests there is a bug in it, or it's not compatible with the > > current version of nginx. > > > > You ma