Hi folks,
Long time no releases. We've been very busy setting up the OpenResty
Inc. commercial company in the US. That's why we've been quiet in the
last few months. The good news is that we now have a strong full-time
engineering team that can work on both the OpenResty open source
platform and h
I do not know if your detailed explanation was aimed to me, or to the list
in general, but I got all that already as far as I am concerned.
To me, when an attempt is made to an upstream group where no peer can be
selected, a 502 should be returned for that request, and no upstream having
been sel
I guess logging would work I just need to capture the full request and
response to replay later. Is there a standard way to do this or plugin
available ?
On Fri, Apr 21, 2017 at 10:42 AM, Joel Parker
wrote:
> The only other thing I was thinking of was to double proxy through
> localhost. i.e.
The only other thing I was thinking of was to double proxy through
localhost. i.e. user -> proxy -> localhost proxy -> upstream server. Seems
like it is pretty convoluted but is it still possible ?
On Fri, Apr 21, 2017 at 10:30 AM, Robert Paprocki <
rpapro...@fearnothingproductions.net> wrote:
>
Is what compatible? Nginx logging? I don't think so, Nginx logs are
intended to be human readable. Related docs:
http://nginx.org/en/docs/http/ngx_http_log_module.html#log_format
On Fri, Apr 21, 2017 at 8:25 AM, Joel Parker
wrote:
> Is it compatible with something like log2pcap ? or I just need
Is it compatible with something like log2pcap ? or I just need to set the
format somehow to be compatible with it.
Joel Parker
On Fri, Apr 21, 2017 at 10:21 AM, Robert Paprocki <
rpapro...@fearnothingproductions.net> wrote:
> Unless wireshark has access to the private key (and PFC isn't enabled)
Unless wireshark has access to the private key (and PFC isn't enabled), you're
best bet would be to log the data from nginx directly, rather than trying to
examine the raw bytes on the wire.
> On Apr 21, 2017, at 08:10, Joel Parker wrote:
>
> I currently have a config that allows me to termin
I currently have a config that allows me to terminate TLSv1.2 and decrypt
it. Then it re-encrypts the packets with a different cert before sending to
the upstream servers. I want to "look" at the decrypted packets before they
are encrypted but I am not sure the best way to accomplish this.
Hello!
On Thu, Apr 20, 2017 at 05:31:22PM -0400, shivramg94 wrote:
> Hi All,
>
> When we issue a reload to Nginx binary ( -s reload), what
> are the steps involved inthe spawning of new set of worker processes?
>
> Is it something like, while the older worker processes are still running or
> a
>It's worth to try libmodsecurity (aka ModSecurity 3.x) + nginx connector
>instead:
>https://github.com/SpiderLabs/ModSecurity/tree/v3/master
>https://github.com/SpiderLabs/ModSecurity-nginx
>Please note that libmodsecurity does not support all of ModSecurity 2.x
>features:
>https://github.com
I currently have a config that allows me to terminate TLSv1.2 and decrypt
it. Then it re-encrypts the packets with a different cert before sending to
the upstream servers. I want to "look" at the decrypted packets before they
are encrypted but I am not sure the best way to accomplish this.
> On 21 Apr 2017, at 12:29, Dino Edwards wrote:
>
> Hi Andrei,
>
> Which version of modsecurity are you using with nginx?
>
> I’m using 2.9.1
It's worth to try libmodsecurity (aka ModSecurity 3.x) + nginx connector
instead:
https://github.com/SpiderLabs/ModSecurity/tree/v3/master
https://
Hi Andrei,
Which version of modsecurity are you using with nginx?
I’m using 2.9.1
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Hi Dino,
> On 20 Apr 2017, at 21:42, Dino Edwards wrote:
>
> Hello,
>
> I have compiled nginx 1.12.0 with modsecurity on a Ubuntu 16.04 server and
> I’m running it as a reverse proxy in front of an Apache webserver which hosts
> a variety of different type of websites. After enabling modsecu
14 matches
Mail list logo
