Hello -
Nginx is reporting invalid incoming headers with RFC-compliant headers that
use a '.' (meaning, a period) within the name.
As an example, I am curling to a very basic proxy setup while trailing the
error log:
The following is valid:
# curl -vvvH "a-b-c: 999" localhost:81/test/v01
* Abo
On Mon, 19 Mar 2018 12:31:20 +
"Friscia, Michael" wrote:
> Just a thought before I start crafting one. I am creating a
> location{} block with the intention of populating it with a ton of
> requests I want to terminate immediately with a 444 response. Before
> I start, I thought I’d ask to se
I’d use wrk2 or httperf to recreate a spike that hits an http endpoint. If you
don’t see a spike but see one with https then you know ssl is one factor.
It’s also interesting that this happens st around 23000 connections. If you
reduce workr count to one or two
And still see max connections aro
Hello!
On Mon, Mar 19, 2018 at 03:04:14PM +0100, Abilio Marques wrote:
> After working a bit more on the issue, I also found that:
>
>- Using a new pair of key/certificate makes the problem not to show
>anymore. So, some files will make it fail, some files make it work. The
>files ar
Hi Matthew,
On 19/03/2018 17:38, Matthew Smith wrote:
> Hello,
>
> The host has 30G total memory. Nginx usage is being measured by
> summing the Pss values from /proc/$pid/smaps for all worker processes.
>
> Do you have any suggestions for differentiating between the two
> issues that might prev
Have you considered using something like mod_security to manage this sort of
thing?
From: nginx [mailto:nginx-boun...@nginx.org] On Behalf Of Friscia, Michael
Sent: Monday, March 19, 2018 9:17 AM
To: nginx@nginx.org
Subject: [IE] Re: Aborting malicious requests
Thank you Gary, I really appreciat
Hello,
The host has 30G total memory. Nginx usage is being measured by summing the
Pss values from /proc/$pid/smaps for all worker processes.
Do you have any suggestions for differentiating between the two issues that
might prevent memory from being returned to the system?
Thanks!
On Thu, Mar 1
Thank you Gary, I really appreciate you moving me in the right direction.
Sent from my iPhone with all its odd spell checks
On Mar 19, 2018, at 9:36 AM, Gary
mailto:li...@lazygranch.com>> wrote:
Your basic idea is right, but what you want to do is use a "map." I will follow
up with more detail
Hi,
After working a bit more on the issue, I also found that:
- Using a new pair of key/certificate makes the problem not to show
anymore. So, some files will make it fail, some files make it work. The
files are of different length, so it seems to be correlated to that.
- Using LD_PRE
Your basic idea is right, but what you want to do is use a "map." I will follow up with more details when I can pull the code off my server. I 444 a number of services that I don't use. I have a script to find the IP addresses of those that trigger a 444 from access.log. If they come from a data
Hello!
On Mon, Mar 19, 2018 at 01:51:55AM -0700, Frank Liu wrote:
> Congratulations on the grpc support! Since h2/h2c are used to
> talk to upstream grpc servers , does that mean we will also see
> proxy_pass support http/2?
There are no such plans.
If you really want to use HTTP/2 to non-gRP
Just a thought before I start crafting one. I am creating a location{} block
with the intention of populating it with a ton of requests I want to terminate
immediately with a 444 response. Before I start, I thought I’d ask to see if
anyone has a really good one I can use as a base.
For example,
Congratulations on the grpc support! Since h2/h2c are used to talk to upstream
grpc servers , does that mean we will also see proxy_pass support http/2?
> On Mar 18, 2018, at 3:03 AM, Maxim Konovalov wrote:
>
> Hello,
>
> for those who don't follow nginx-devel@.
>
> We also published a blog p
13 matches
Mail list logo
