On 18/10/19 9:47 pm, J. Lewis Muir wrote:
And in your example, you were doing a return inside an "if" which is
noted as being safe in a location context.
Phew! Thank you for the advice.
P.V.Anthony
___
nginx mailing list
nginx@nginx.org
http://mailm
On 18/10/19 2:59 pm, Patrick wrote:
The `if' part should be fine. The problem would be someone crafting a
URL that skips past the `=' check and yet is still parsed as `id=2' by
the underlying app.
Can the underlying old app also be changed to log an attack, and throw a
444 when it gets an `id'
Please disregard or delete this post. The problem was with my setup. It
works fine. Thanks.
Posted at Nginx Forum:
https://forum.nginx.org/read.php?2,285923,285941#msg-285941
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/li
On 10/18, P.V.Anthony wrote:
> On 18/10/19 5:26 am, Jeff Dyke wrote:
> > I know this is not an answer to your question, but it begs another,
> > mainly due to the if statement. How many of these are you going to
> > have? https://www.nginx.com/resources/wiki/start/topics/depth/ifisevil/
> >
> > Y
> I'm not a big fan of the location that sets the 418 error_page to the
> @foo_front_controller named location, but I don't know of any other way
> to essentially do a "return @foo_front_controller". Is there a better
> way?
Use "try_files" instead with a filename that will never exist (i.e.
unde
Hi Lewis,
>
> Are you serving over HTTPS?
>
Yes, all content over HTTPS
> Can you create an MCVE (minimal, complete, and verifiable example) for
> a
> ".txt" file over HTTP? For a ".txt" file over HTTPS? For a ".ivp"
> file
> over HTTP? For a ".ivp" file over HTTPS?
>
Sorry, I don't know how
On 2019-10-18 13:57, P.V.Anthony wrote:
> Like netsec and using "if" in the config.
The `if' part should be fine. The problem would be someone crafting a
URL that skips past the `=' check and yet is still parsed as `id=2' by
the underlying app.
Can the underlying old app also be changed to log an
