ine' keyword, a hash ('sha256-...'), or a nonce ('nonce-...') is
required to enable inline execution.
I am able to generate sha256/nonce from code but how to validate and set in
response header in Nginx.
On Mon, Jun 10, 2019, 6:39 AM Sathish Kumar wrote:
> Hi,
>
> I
Hi,
I would like to enable Content Security Policy header on Nginx for our
website to protect from data injection attacks and XSS. Can I add like the
below config?. If anybody hit our URL they will know the allowed domains in
the header.
Is there any other bettery way to do this?
add_header Cont
Hi Team,
We would like to fix the HTTPS pinning vulnerability on our Nginx and
Mobile application Android/iOS. If I enable on Nginx, do we need to add the
pinning keys on our application and have to rotate the pinning keys
everytime when the SSL cert is renewed.
Please advise.
___
4AM +0800, Sathish Kumar wrote:
>
> Hi there,
>
> I am not certain what server_name values correspond to what IP addresses
> or ports used; and I am not certain what nginx servers use ssl and what
> ones don't.
>
> If you don't get an answer to your question, perhaps
:;
}
Still the /var/log/nginx/ghi.access.log loaded with the requests which
comes to def.com. Can you help me fix this issue.
Thanks & Regards
Sathish Kumar.V
On Fri, May 24, 2019 at 8:07 AM Sathish Kumar wrote:
> Hi Team,
>
> Please ignore my previous email. Kindly ch
/nginx/ghi.access.log.
Thanks & Regards
Sathish Kumar.V
On Fri, May 24, 2019 at 8:04 AM Sathish Kumar wrote:
> Hi Team,
>
> I am already setting below headers.
> server 1
> server_name abc.com;
> access_log /var/log/nginx/abc.access.log;
> error_log /var/log
On Fri, May 24, 2019 at 7:35 AM Sathish Kumar wrote:
> Hi Rozitis,
>
> Thanks for your reply.
>
>
>
>
> On Thu, May 23, 2019, 10:58 PM Reinis Rozitis wrote:
>
>> > Instead of IP address, if we use FQDN with https, do we have to
>> validate the SSL ce
Hi Rozitis,
Thanks for your reply.
On Thu, May 23, 2019, 10:58 PM Reinis Rozitis wrote:
> > Instead of IP address, if we use FQDN with https, do we have to validate
> the SSL certificate on Proxy_Pass?.
>
> By default the certificate validation is turned off (and nginx just uses
> the ssl fo
Hi Team,
Currently, we are using the below config to route the requests from one
server to another backend server.
Server1
location /abc {
proxy_pass https://1.1.1.1/abc;
}
Server 2 (1.1.1.1)
location /abc {
proxy_pass http://127.0.0.1:/abc;
}
Instead of IP address, if we use FQDN with ht
r.
On Fri, Feb 15, 2019, 8:25 PM Sathish Kumar wrote:
> Hi All,
>
> Is it possible to enable gzip and etag to solve caching problem.
>
> On Thu, Feb 14, 2019, 10:00 AM Sathish Kumar
>> Hi All,
>>
>> How can I achieve caching html files only for this location conte
Hi Andrey,
Thanks a lot for the solution, it working great in our Prod. You saved my
day!!!.
On Fri, Aug 10, 2018, 8:46 PM Andrey Oktyabrskiy wrote:
> On 10.08.2018 15:17, Andrey Oktyabrskiy wrote:
> > ### /etc/nginx/inc/cors_options.inc
> > if ($request_method = 'OPTIONS') {
> >add_header
Hi All,
To fix Cross site scripting (XSS), I am trying to add below config but I am
not seeing cookie in the response headers. Cookie in the browser still
showing as not secure and not http.
We are using Nginx as reverse proxy to Jetty and running a java application
on it.
Below is the nginx con
Hi All,
Is it possible to enable gzip and etag to solve caching problem.
On Thu, Feb 14, 2019, 10:00 AM Sathish Kumar Hi All,
>
> How can I achieve caching html files only for this location context /abc/*
> and not for other context path.
>
>
> On Thu, Feb 14, 2019, 7:26 AM Sa
Hi All,
How can I achieve caching html files only for this location context /abc/*
and not for other context path.
On Thu, Feb 14, 2019, 7:26 AM Sathish Kumar Hi Peter,
>
> Thanks, I am looking for the same solution but to enable only for html
> files.
>
> On Thu, Feb 14, 2019
following to
> your location definition:
>
> add_header Cache-Control 'no-store';
>
> You can use Developer Tool in Chrome to check that it is working.
>
>
> Peter
>
>
> Sent from my iPhone
>
> On Feb 13, 2019, at 11:56 AM, Sathish Kumar wrote:
Hi All,
We have Nginx in front of our Application server. We would like to disable
caching for html files.
Sample config file:
location /abc/ {
proxy_pass http://127.0.0.1:8080;
}
We noticed few html files get stored in Chrome local disk cache and would
like to fix this issue. Can
Hi All,
I would like to use cloudfront.net content inside my webapp and its
throwing Access-Control-Allow-Origin error and have added the header for
single host on Nginx to make it work now.
The problem is we have multiple environments which is trying to do the same
and I have to whitelisted all
o do the lookup and create country code for you
> to use for blocking.
>
> On Wed, May 23, 2018 at 6:51 PM, Sathish Kumar wrote:
>
>> How can I get the client IP address if the request is coming through load
>> balancer or Proxy and pass it to default nginx geoip module to blo
ird
> party geoip2 module for two reasons:
> 1) maxmind deprecated geoip1 db.
> 2)geoip2 module can do what you wanted, and the geo lookup can be based on
> any variables, such as $http_x_forwarded_for
> Frank
>
> On Mon, May 21, 2018 at 6:37 PM Sathish Kumar wrote:
>
>>
he way to block ip's can also be used for PTR records, I think.
> Also as wildcard.
>
> On 21.05.2018 05:49, Sathish Kumar wrote:
> > Hi All,
> >
> > I have a requirement to block certain countries coming to our website.
> > I managed to achieved it using the
Hi All,
I have a requirement to block certain countries coming to our website. I
managed to achieved it using the ngx_http_geoip_module. I have a problem
now, if the request comes through Amazon API Gateway, how can I read the
X-forwarded-for header or block these request too.
nginx.conf
map $ge
/allowed_downloads/ {
internal;
alias /data/downloads/;
autoindex on;
}
}
Later reload nginx service.
credits: shawn-c (stackoverflow)
Thanks & Regards
Sathish.V
On Sat, May 19, 2018 at 9:39 AM Sathish Kumar wrote:
> Hi Igor,
>
> I tried your config and getting e
/;
> autoindex on;
> if ($forbidlisting) {
> rewrite ^/(.*) /noindex_root/$1 last;
> }
> }
> location /noindex_root/ {
> internal;
> alias /downloads/;
> }
>
>
>
> On 18.05.2018 19:32, Sathish Kumar wrot
/downloads {
> alias /downloads/;
> autoindex on;
> if ($forbidlisting) {
> rewrite /downloads(.*) /noindex_downloads/$1 last;
> }
> }
> location /noindex_downloads/ {
> internal;
> alias /downloads/;
> }
>
>
> I tried it and it work
t; if you want to allow multiple IP addresses, it might be better idea to use
> map. eg:
>
> map $remote_addr $allowed {
> default 0;
> 1.1.1.1 1;
> 2.2.2.2 1;
> }
>
> and then in in the download location block
>
> if ($allowed =
oHflwc-poQ&r=wvXEDjvtDPcv7AlldT5UvDx32KXBEM6um_lS023SJrs&m=fKmL-eoW-L4wbuOH4Cy1Z_3ZWkTmrmgNPGNe6O6FIV4&s=_hMwYrlV1QXfU7fEvfqx9BnEUgUoadjGtTqav5fo_7M&e=>.
> if you want to allow multiple IP addresses, it might be better idea to use
> map. eg:
>
> map $remote_addr $allowed
> 1.1.1.1 1;
> 2.2.2.2 1;
> }
>
> and then in in the download location block
>
> if ($allowed = 1) {
> autoindex on;
> }
>
> Thanks,
> Prajith
>
> On 18 May 2018 at 05:35, Sathish Kumar wrote:
>
>> Hi Team,
>>
>
Hi Team,
We have a requirement to allow directory listing from few servers and
disallow from other ip addresses and all IP addresses should be able to
download all files inside the directory.
Can somebody provide the correct nginx config for the same.
location / {
root /downloads;
autoindex on;
28 matches
Mail list logo
