I use a subdomain for uploads and i am curious if anyone knows the best way
to only allow access to only the upload url and block / deny everything
else.
location / {
deny all;
}
location ~ \.php$ {
deny all;
if ( $args ~
'option=com_hwdmediashare&task=addmedia.upload([a-zA-Z0-9-_=&])' ) {
fastcg
Thanks itpp2012 i downloaded the htpassword from the apachelounge.com builds
:) works great now.
Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,254125,254189#msg-254189
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/l
c0nw0nk Wrote:
---
> I hate to bring bugs into this topic but seems possible that this is
> something Windows related.
>
> But auth_basic is not working.
[...]
> admin:Wjki8C1VIunc2
>
> So that would be
> Username : admin
> Pass : lol123
>
> Bu
I hate to bring bugs into this topic but seems possible that this is
something Windows related.
But auth_basic is not working.
I have not tested on a official NGINX build i am using itpp2012's builds
what could be why it is not working but this is my config.
location ~ ^/(administrator) {
auth_b
Hello!
On Mon, Oct 20, 2014 at 07:24:27PM +0200, Stefanita Rares Dumitrescu wrote:
>
> On 20/10/2014 07:46, Maxim Dounin wrote:
> >I always wonder why people think that hiding versions improves
> >security.
> >
> >http://en.wikipedia.org/wiki/Security_through_obscurity
> >
> >
> Usually this is
for scanners/indexes of public services your might search for "shodan"
for the valid use of security trhough obscurity:
"My thoughts on this are that obscuring information is helpful to security
in many cases as it can force an attacker to generate more "noise" which can
be detected.
Where obsc
On 20/10/2014 07:46, Maxim Dounin wrote:
I always wonder why people think that hiding versions improves
security.
http://en.wikipedia.org/wiki/Security_through_obscurity
Usually this is done as a preventive measure against 0days if you're not
around to fix stuff for instance. automated scann
Hello!
On Mon, Oct 20, 2014 at 09:37:51AM -0400, c0nw0nk wrote:
> Yeah sorry about that Maxim i don't actualy use the allow ip feature i
> accidently hashed out the #deny all; and this forum does not let us edit our
> posts.
This is because it's not a forum, it's a mailing list.
> Other than th
I just read on the Wiki why you missed out putting head in the limit_except
block.
"Allowing the GET method makes the HEAD method also allowed."
Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,254125,254167#msg-254167
___
nginx mailing list
n
Yeah sorry about that Maxim i don't actualy use the allow ip feature i
accidently hashed out the #deny all; and this forum does not let us edit our
posts.
Other than that the following that you posted.
if ($request_method !~ ^(GET|HEAD|POST)$ ) {
return 444;
}
For nginx itself this is not needed
Hello!
On Sat, Oct 18, 2014 at 10:51:20PM -0400, c0nw0nk wrote:
> So since i searched the Nginx Forum i can't find anyone who has posted a
> topic for Nginx security rules or examples so i will be the first to share
> my examples regardless of how bad of a idea some people may think that is.
>
>
I have come across that same page before the one that is interesting me
right now is based of mex's comment on Security in header responses.
https://gist.github.com/plentz/6737338
# config to don't allow the browser to render the page inside an frame or
iframe
# and avoid clickjacking http://en.w
Paste in google:
Top 20 Nginx WebServer Best Security Practices
Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,254125,254142#msg-254142
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
i think it's a nice idea and surely will participate with some stuff
like securtiy-headers (CSP/X-Frame-Options etc)
single issues/questions mgith still be discussed on-list,
and it should be no problem to post updates here from
time to time.
cheers,
mex
Posted at Nginx Forum:
http://fo
Hi c0nw0nk,
ping me offlist if you don’t already have a wiki account and i’ll get you set
up.
sarah
> On Oct 19, 2014, at 9:14 AM, c0nw0nk wrote:
>
> Thanks mex i will submit a wiki page how long do they take to get added or
> approved ? Also one of the main reasons i posted it here was just
Thanks mex i will submit a wiki page how long do they take to get added or
approved ? Also one of the main reasons i posted it here was just to have
everyone share what they use and some different and custom stuff.
Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,254125,254137#msg-254137
hi,
i'd suggest you collect your snippets in the nginx-wiki
http://wiki.nginx.org/
and link your collecftion back to http://wiki.nginx.org/Configuration
thus it will be easier to maintain and extend.
cheers,
mex
Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,254125,254136#msg-2
I also came across the following what will completely drop Nginx server and
PHP / ASP.NET etc Powered by headers.
http {
more_clear_headers 'Server';
more_clear_headers 'X-Powered-By';
http://wiki.nginx.org/HttpHeadersMoreModule#more_clear_headers
Posted at Nginx Forum:
http://forum.nginx.org/r
So since i searched the Nginx Forum i can't find anyone who has posted a
topic for Nginx security rules or examples so i will be the first to share
my examples regardless of how bad of a idea some people may think that is.
So the first security addition is to block direct IP access to my server
co
19 matches
Mail list logo
