Re: NGINX not checking OCSP for revoked certificates

2016-10-14 Thread Zeal Vora
the number or greater than the > number of ca's and I had to get all the crl's for each CA and concat > into a crl file. > > > > On 14 October 2016 at 16:49, Zeal Vora wrote: > > Thanks Maxim. > > > > I tried changing the ssl_verify_depth to 1 from val

Re: NGINX not checking OCSP for revoked certificates

2016-10-13 Thread Zeal Vora
certificates are allowed ). Just for bit more info, I downloaded the CRL from ADCS which is in form of test.crl which I convert it to .pem format with openssl. On Thu, Oct 13, 2016 at 6:27 PM, Maxim Dounin wrote: > Hello! > > On Thu, Oct 13, 2016 at 03:07:25PM +0530, Zeal Vora wrote:

NGINX not checking OCSP for revoked certificates

2016-10-13 Thread Zeal Vora
Hi We've implemented basic Certificate Based Authentication for Nginx. However whenever the certificate is revoked, Nginx still allows the client ( with revoked certificate ) to access the website. I verified manually with openssl with OCSP URI and OCSP seems to be working properly. Nginx doesn'

Whitelisting IPs from Certificate Based Authentication

2016-08-16 Thread Zeal Vora
Hi We have a Certificate Based Authentication for one of our websites. We want that if users visit from Office IP's then they should not have to go via Certificate Based Authentication. Rest for all, Authentication is necessary. What would be the ideal way of doing this ? I believe $remote_addr

Re: basic question about

2016-07-28 Thread Zeal Vora
Hi Andrea, The 404 Forbidden error is because of the permission of that particular file / directory . NGINX process should be able to read that file in /home/a/all/index.html. Cheers! Zeal On Tue, Jul 26, 2016 at 4:47 PM, ndrini wrote: > I have this server block in a EC2 nginx webserver. > >

Re: Blocking all the URL except 1

2016-06-24 Thread Zeal Vora
200; } } server { listen 80; server_name example.com; location = / { proxy_pass http://app:server; } location / { return 404; } } On Thu, Jun 23, 2016 at 10:19 PM, Edho Arief wrote: > Hi, > > On Fri, Jun 24, 2016, at 01:47, Zeal Vora wrot

Blocking all the URL except 1

2016-06-23 Thread Zeal Vora
Hi We have a Nginx Box which acts as a reverse proxy to backend applications. We only want to allow traffic on http://example.com which internally redirects to specific application. Other then that, every other URI should be blocked. For example :- example.comAllowed example.com/tes

Re: Vulnerability related Doubts in Nginx

2016-03-22 Thread Zeal Vora
.1 but the reported fix is in nginx-1.8.1-1.26 for which I can't find any SRPM / tar.gz file. On Tue, Mar 22, 2016 at 5:43 PM, Valentin V. Bartenev wrote: > On Tuesday 22 March 2016 17:35:19 Zeal Vora wrote: > > Hi > > > > We are running Nginx version 1.8 ( nginx-1.8.1-1.amz

Vulnerability related Doubts in Nginx

2016-03-22 Thread Zeal Vora
Hi We are running Nginx version 1.8 ( nginx-1.8.1-1.amzn1.ngx.x86_64 ) in our servers. So in the Vulnerability Assessment, Nessus gave report that it is vulnerable. *Current version :-*nginx-1.8.1-1.amzn1.ngx.x86_64 *Fix Version ( According to Nessus ) :-* nginx-1.8.1-1.26.amzn1 I don