Collaborate Disseminate
I have an Nginx reverse proxy that connects to different servers in the back-end according to the SNI. Recently it was pointed to me that if I add a header X-Forwarded-Host to something like https://evildomain.com would result in a redirec… Continue reading How exploitable is a redirect caused by sending a malicious X-Forwarded-Host header?
Researchers aren’t aware of active exploitation in the wild, but they warn the risk for publicly exposed and unpatched Ingress Nginx controllers is extremely high.
The post String of defects in popular Kubernetes component puts 40% of cloud environments at risk appeared first on CyberScoop.
I’m trying to set up an Nginx proxy that uses a private key stored in SoftHSM through a SSH socket connection. The setup is as follows:
[SoftHSM Container] —–ssh -R …… –> [Nginx Proxy Container]
The Nginx proxy is configured to… Continue reading Nginx Fails to Load PKCS#11 Key—But Works with strace. Why?
I am confused about the TLS handshake process in TLS 1.2 and TLS 1.3.
When configuring Nginx with SSL enabled, does the ssl_certificate_key play a role in the TLS handshake itself, or is it only used for server identity verification?
I hav… Continue reading (nginx) ssl_certificate_key in Handshake of TLS 1.2 and 1.3
I have a situation where a webserver behind a network firewall is ran inside of Docker containers. It is setup in this order:
Caddy webserver – acts as WAF, GEOIP block, IP blacklist, HTTP Security Headers modifications, TLS termination, … Continue reading Is reducing the webserver stack from Caddy, NGINX and PHP-FPM to only Caddy and PHP-FPM a reduction in layered-security?
I am new to SSL configuration.
I bought 3 yrs SSL from domain.com for nginx conf and downloaded the given certs, I found there were 4 files:
maydomain.com.crt
SSL_DV_CertificateAuthorityRoot.crt
SSL_DV_IntermediateCA_2.crt
SSL_DV_Intermed… Continue reading I bought SSL from domain privider but no privkey found how to generate privkey [closed]
I am setting up a nginx proxy. It requires to use HSM for TLS offloading. So I configure nginx that enables ssl_engine pkcs11;; instead of indicating ssl_certificate_key file path, I use pkcs11 URI to point to the private key in HSM. It is… Continue reading How nginx proxy to communicate with remote softHSM for offloading?
I would like to extract the session key, master key and premaster key in TLS connection. In my case nginx plays TLS termination. So I want to see those key in nginx side. Here is my nginx.conf
user nginx;
worker_processes 1;
env SSLKEYLO… Continue reading How to retrieve TLS shared key in SSLKEYLOGFILE?
I received this Logwatch report:
Connection attempts using mod_proxy:
xx.xx.xxx.xx -> codeforces.com:443: 1 Time(s)
A total of 2 possible successful probes were detected (the following URLs
contain strings that match one or mor… Continue reading Can anyone provide any advice on this Logwatch analysis?
I have installed a Nginx WAF with Modsecurity CRS. This WAF protects a backend WordPress.
One request from one of the plugins generated a false positive on the Modsecurity with the rule id 933120.
I identified it in the audit log, studied … Continue reading How do I unblock a request uri in Modsecurity CRS?