Re: [EXTERNAL] Re: Help request about Log4j attack attempts and NGINX logs meaning

2021-12-29 Thread Slaughter, Justin D
Nginx is returning a 200 because the request is a "GET /", and I am assuming your nginx configurations allow GETs to "/". Justin On 29/12/2021, 10:20 AM, "nginx on behalf of Mauro Tridici" wrote: CAUTION: The e-mail below is from an external source. P

Re: limit_rate for POST targets ?

2015-04-11 Thread Justin
hmm that is rate limiting req/s i am looking for an exact limit_rate equivalent - which is bytes/second. > On 11 Apr 2015, at 10:13 pm, itpp2012 wrote: > > Lua would be a way to go, > ea. https://github.com/fanhattan/lua-resty-rate-limit > > Posted at Nginx Forum: > http://forum.nginx.org/re

Re: limit_rate for POST targets ?

2015-04-11 Thread Justin
limit_rate it only applies to GET ( and works great ) "response transmission to a client" but not POST (reading data from a client) > On 11 Apr 2015, at 9:24 pm, B.R. wrote: > > The docs suggest using 'if', even though it is uncertain under which > conditions this directive works/should be us

Re: Problem with big files

2014-06-16 Thread Justin Dorfman
> > I use a patch > Maxim provided some time ago allowing range requests to receive HTTP 206 if > a resource is not in cache but it's determined to be cacheable... Can you please link to this patch? Regards, Justin Dorfman <http://www.twitter.com/jdorfman> Director

Re: Return JSON for 404 error instead of html

2014-05-13 Thread Justin Dorfman
application/octet-stream it is =p Regards, Justin Dorfman <http://www.twitter.com/jdorfman> Director of Developer Relations MaxCDN <http://twitter.com/MaxCDNDeveloper> Email / IM: jdorf...@maxcdn.com Mobile: 818.485.1458 Twitter: @jdorfman <http://www.twitter.com/jdorfman>

Re: Return JSON for 404 error instead of html

2014-05-13 Thread Justin Dorfman
Out of curiosity, would the mime/content type show up as application/json or text/plain? Regards, Justin Dorfman <http://www.twitter.com/jdorfman> Director of Developer Relations MaxCDN <http://twitter.com/MaxCDNDeveloper> Email / IM: jdorf...@maxcdn.com Mobile: 818.485.

Re: Query strings duplicating on 301 redirect

2014-05-05 Thread Justin Dorfman
@Richard Interesting. I shall give that a try. Regards, Justin Dorfman <http://www.twitter.com/jdorfman> Director of Developer Relations MaxCDN <http://twitter.com/MaxCDNDeveloper> Email / IM: jdorf...@maxcdn.com Mobile: 818.485.1458 Twitter: @jdorfman <http://www.twitter.com

Re: Query strings duplicating on 301 redirect

2014-05-05 Thread Justin Dorfman
Thanks Francis, worked perfectly. Regards, Justin Dorfman <http://www.twitter.com/jdorfman> Director of Developer Relations MaxCDN <http://twitter.com/MaxCDNDeveloper> Email / IM: jdorf...@maxcdn.com Mobile: 818.485.1458 Twitter: @jdorfman <http://www.twitter.com/jdorfman&g

Query strings duplicating on 301 redirect

2014-05-05 Thread Justin Dorfman
v=2 Nginx config: location / { if ($scheme = http) { rewrite ^ https://$http_host$request_uri permanent; } Any ideas? Thanks in advance. Regards, Justin Dorfman <http://www.twitter.com/jdorfman> ___ nginx mailing list nginx@nginx.org http://m

Re: Very slow dns lookup using proxy_pass

2014-01-03 Thread justin
Hi Jonathan, Using time is the only way I know how to demonstrate this: FIRST TIME TOOK: 5.8 seconds ➜ ~ time curl -i -u demo: https://api.mydomain.com/v1/ HTTP/1.1 200 OK Server: nginx Date: Sat, 04 Jan 2014 04:07:50 GMT Content-Type: application/json Transfer-Encoding: chunked Connection: ke

Very slow dns lookup using proxy_pass

2014-01-03 Thread justin
I am seeing very slow DNS lookup times ( > 2 seconds ) using proxy_pass, even though dig response times on the server are quick. Here is the nginx configuration block: location ~ ^/v1/(?.*) { resolver 8.8.4.4 4.4.4.4 valid=300s; resolver_timeout 10s; proxy_pass https://$remote_user.

Re: bug in spdy - 499 response code on long running requests

2013-12-22 Thread justin
Thanks for the response Bahaa. Great information. Would you say the behavior that nginx queues the ping reply and doesn't send it until it gets a response from upstream is a bug? We've had to disabled SPDY until the double request issue gets resolved. Hoping that SPDY protocol version 3 support in

Using 127.0.0.1 in resolver

2013-12-20 Thread justin
Using: resolver 127.0.0.1 valid=300s; Does not work. I assume this would simply uses the DNS servers listed in /etc/resolv.conf? Thanks. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,245748,245748#msg-245748 ___ nginx mailing list nginx@ng

spdy protocol version 3 support

2013-12-19 Thread justin
Any update or eta on when we can expect spdy protocol version 3 in the 1.5.X branch? Thanks. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,245732,245732#msg-245732 ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/list

Re: SSL OCSP stapling won't enable

2013-12-16 Thread justin
Thanks so much, that worked perfectly using http://pastebin.com/gnWDSQ8Z. Danke! Posted at Nginx Forum: http://forum.nginx.org/read.php?2,245528,245598#msg-245598 ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx

Re: SSL OCSP stapling won't enable

2013-12-15 Thread justin
Steve, Yeah, I am getting OCSP response: no response sent. Should I try ssl_stapling_verify off; Any other ideas? Thanks. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,245528,245549#msg-245549 ___ nginx mailing list nginx@nginx.org http://

SSL OCSP stapling won't enable

2013-12-13 Thread justin
According to ssllabs.com SSL OCSP stapling is not enabled, even though I have the following in my http block: ssl_stapling on; ssl_stapling_verify on; ssl_trusted_certificate /etc/pki/tls/certs/ca-bundle.trust.crt; resolver 8.8.4.4 8.8.8.8 valid=600s; resolver_timeout 15s; Any idea why?

Re: Random 502 bad gateway with php-fpm, why?

2013-11-15 Thread justin
Hey Tony. Can you link to the stackoverflow posts? I wish php-fpm told me what happened. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,244669,244724#msg-244724 ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo

Random 502 bad gateway with php-fpm, why?

2013-11-14 Thread justin
My PHP application went down for a few hours with 502 bad gateway. In the nginx error log all I see is: 2013/11/14 10:02:16 [error] 1466#0: *57964 recv() failed (104: Connection reset by peer) while reading response header from upstream I fixed it by restarting php-fpm. However, what caused this?

Re: limit_req_zone limit by location/proxy

2013-11-13 Thread Justin Deltener
Rolled into production and after tens of thousands of page requests only 3 were smacked down and all were bogus security scanners or "bad dudes" MISSION ACCOMPLISHED! Thanks a ton Maxim! On Wed, Nov 13, 2013 at 10:20 AM, Justin Deltener wrote: > I'll give that a try. I real

Re: limit_req_zone limit by location/proxy

2013-11-13 Thread Justin Deltener
I'll give that a try. I really appreciate your help Maxim! On Wed, Nov 13, 2013 at 10:01 AM, Maxim Dounin wrote: > Hello! > > On Wed, Nov 13, 2013 at 09:09:55AM -0600, Justin Deltener wrote: > > > Aha, that is the lightbulb moment. > > > > So if we're ta

Re: limit_req_zone limit by location/proxy

2013-11-13 Thread Justin Deltener
et the default rate to 1/m and set the burst to whatever you like.. Does that make sense? On Wed, Nov 13, 2013 at 7:40 AM, Maxim Dounin wrote: > Hello! > > On Wed, Nov 13, 2013 at 07:17:36AM -0600, Justin Deltener wrote: > > [...] > > > current requests..which is what i

Re: limit_req_zone limit by location/proxy

2013-11-13 Thread Justin Deltener
tive under a single proxy location directive. 5) Thanks for the link, but I have read that document a hundred times and there is still a ton that it doesn't cover. I appreciate your response Maxim! On Wed, Nov 13, 2013 at 5:27 AM, Maxim Dounin wrote: > Hello! > > On Tue, No

limit_req_zone limit by location/proxy

2013-11-12 Thread Justin Deltener
For the life of me I can't seem to get my configuration correct to limit requests. I'm running nginx 1.5.1 and have it serving up static content and pushing all non-existent requests to the apache2 proxy backend for serving up. I don't want to limit any requests to static content but do want to lim

Multiple DNS servers in resolver directive

2013-10-14 Thread justin
The documentation is not clear. Can I provide two IP addresses in the resolver config directive? Example: resolver 208.67.222.222 208.67.220.220; Posted at Nginx Forum: http://forum.nginx.org/read.php?2,243692,243692#msg-243692 ___ nginx mailing li

Re: bug in spdy - 499 response code on long running requests

2013-10-11 Thread justin
Just upgraded to nginx 1.5.6 and still seeing this behavior where long running requests are being called twice with SPDY enabled. As soon as I disabled SPDY it goes away. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,240278,243634#msg-243634 ___

An official yum repo for 1.5x

2013-10-11 Thread justin
[nginx] name=nginx repo baseurl=http://nginx.org/packages/centos/6/$basearch/ gpgcheck=0 enabled=1 Is the 1.4x branch. Is it possible to get an official 1.5x repo? Thanks. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,243633,243633#msg-243633 _

Re: Getting forward secrecy enabled

2013-10-02 Thread justin
Yeah, anyway to get the official yum repo to support ECDHE when they compile. Seems like a basic thing they should already do already. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,243341,243398#msg-243398 ___ nginx mailing list nginx@nginx.

Re: Getting forward secrecy enabled

2013-10-01 Thread justin
I don't compile nginx, I get it from the official CentOS repo: [nginx] name=nginx repo baseurl=http://nginx.org/packages/centos/6/$basearch/ gpgcheck=0 enabled=1 Posted at Nginx Forum: http://forum.nginx.org/read.php?2,243341,243350#msg-243350 ___ ngi

Re: Getting forward secrecy enabled

2013-10-01 Thread justin
Comparing the result from makepw.com and my site, I am missing the following cipher suites: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030) ECDH 256 bits (eq. 3072 bits RSA) FS 256 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) ECDH 256 bits (eq. 3072 bits RSA) FS 128 TLS_ECDHE_RSA_WITH_A

Re: Getting forward secrecy enabled

2013-10-01 Thread justin
Sucks the forum software cutting of the cipher list string, here is what I am using in a gist: https://gist.github.com/nodesocket/8d4cc41c91466ae17b80 Posted at Nginx Forum: http://forum.nginx.org/read.php?2,243341,243346#msg-243346 ___ nginx mailing

Re: Getting forward secrecy enabled

2013-10-01 Thread justin
I tried what was recommended by (http://www.mare-system.de/guide-to-nginx-ssl-spdy-hsts/#perfect-forward-secrecy): But still missing: IE 11 / Win 8.1 (FAIL) IE 8-10 / Win 7 (NO FS) IE 7 / Vista (NO FS) Here is my exact config: ssl_prefer_se

Getting forward secrecy enabled

2013-10-01 Thread justin
On ssllabs.com I am getting the following, even though I am using all the recommend settings. http://i.imgur.com/TlsKMzP.png Here are my nginx settings: ssl_prefer_server_ciphers on; ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SH

Preferred way to do redirects (rewrite or return)

2013-09-23 Thread justin
What is the preferred way to do redirects? I know of two solutions: rewrite "^/help/?$" https://support.mydomain.com permanent; or location ^/help/?$ { return 301 https://support.mydomain.com; } I think I like using a location block and a return statement. Which is faster though and the stand

Using if statements in a location block with set

2013-09-06 Thread justin
Is the following going to work as expected: location /v1/users { rewrite ^/users/(.*)/accounts$ /v1/users/$1/accounts break; if ($server_name = 'js.mydomain.com') { set $backend "api.mydomain.com"; } if ($server_name = 'js-s.mydomain.com') {

Proxying requests based on $http_authorization (API Key)

2013-08-19 Thread justin
Hello. We are looking to proxy requests to different backends using upstream based on http basic auth. I.E. the API key of the request. I am thinking I need to first get the API key from the raw http request ($http_authorization). Then do a lookup in redis for the backend to forward too. We are a

Re: Hide raw regular expression from $_SERVER['server_name']

2013-08-04 Thread justin
Great fix Igor. Thanks. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,241519,241531#msg-241531 ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx

Re: Hide raw regular expression from $_SERVER['server_name']

2013-08-03 Thread justin
J, The "HOST" http-header is correct, I am just wondering if I can modify or prevent the raw regular expression being exposed in $_SERVER['server_nam']. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,241519,241522#msg-241522 ___ nginx mailin

Hide raw regular expression from $_SERVER['server_name']

2013-08-03 Thread justin
I am using a regular expression in a server_name: server_name ~^(?!web2\.)(?.+)\.mydomain\.com$; In PHP, or any language for that matter, if I: echo $_SERVER['server_name']; //~^(?!web2\.)(?.+)\.mydomain\.com$ I get the raw regular expression back. Is it possible to mas

Re: bug in spdy - 499 response code on long running requests

2013-06-24 Thread justin
Valentin, Unfortunately I did not build nginx --with-debug, additionally it would be somewhat tedious and hard to replicate the issue. However, if needed, I can recompile nginx on a development server and see if I can replicate this error condition with spdy enabled. However the setup would be te

bug in spdy - 499 response code on long running requests

2013-06-22 Thread justin
We sometimes have long running HTTPS requests, over 2 minutes, and occasionally would see 499 response codes, and duplicate (double run) transactions. After digging around and testing, it was discovered this only occurs with spdy support enabled. If we turn off spdy in the server block, the 499 res

Re: HTTP status code 499 from long running requests

2013-06-03 Thread justin
9:09:55PM -0400, justin wrote: > > > Hello, I have long running requests upwards of five minutes that are > called > > via ajax (jQuery) (XHR), and hitting a backend PHP script. > > > > I am seeing very strange behavior, intermittently calling the script > twice, &g

HTTP status code 499 from long running requests

2013-06-01 Thread justin
Hello, I have long running requests upwards of five minutes that are called via ajax (jQuery) (XHR), and hitting a backend PHP script. I am seeing very strange behavior, intermittently calling the script twice, even though in Chrome developers tools I only see a single XHR request in the network p

Re: "bug in glibc"

2013-03-31 Thread Justin Cormack
On Sun, Mar 31, 2013 at 4:12 PM, Igor Sysoev wrote: > On Mar 31, 2013, at 14:33 , Justin Cormack wrote: > > > There is a note in src/os/unix/ngx_user.c about a bug in glibc for > crypt_r: > > > > /* work around the glibc bug */ > > cd.current_salt

"bug in glibc"

2013-03-31 Thread Justin Cormack
for it rather than always including this code; I have not been able to find it in the glibc bug tracker though. Thanks Justin ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx

Re: Regular expression used in server_name directive

2013-03-03 Thread justin
My bad, stupid mistake, forgot the ^. Working fine now. Thanks. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,236870,236887#msg-236887 ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx

Re: Regular expression used in server_name directive

2013-03-03 Thread justin
No, simply doing server_name ~^(?.+)\.mydomain\.com$; Works. This may be a bug with nginx? The new regular expression is valid and should work. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,236870,236881#msg-236881 ___ nginx mailing list n

Re: Regular expression used in server_name directive

2013-03-03 Thread justin
I need a variable set that I use in the rest of the server {} block. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,236870,236878#msg-236878 ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx

Re: Regular expression used in server_name directive

2013-03-03 Thread justin
I actually have a working regular expression which should work now: server_name ^(?!web3\.)(?.+)\.mydomain\.com$; But for some odd reason when I restart nginx, I am getting: nginx: [emerg] unknown "account" variable This should work though, right? Posted at Nginx Forum: http://forum.ngin

Regular expression used in server_name directive

2013-03-03 Thread justin
I am using a regular expression with a capture group in my server_name directive. It looks like: server_name (?.+)\.mydomain\.com$ The problem is that I want to expand it slightly and say anything except web3.mydomain.com. I.E. something.mydomain.com matches, but web3.mydomain.com does no