Collaborate Disseminate
I am on a 192.x.x.x network and have a local server that hosts some webapps for the local users of the network. The server is running:
Ubuntu
VPN
Nginx Reverse Proxy with the site.conf including: allow 192.168.1.0/24; deny all;
Locally g… Continue reading LAN Only Webserver
I discovered that my website has this issue and I wasn’t able to fix this. I
tried several things like to checking if parent prefixed locations for Nginx alias directives end with a directory separator , but no luck so far. Merge_slashes … Continue reading Directory traversal fix for nginx config
Since NGINX does not support sending HTTP/2 requests upstream, what are the present NGINX reverseproxy users doing to mitigate HTTP Request Smuggling vulnerability?
I understand that the best way to prevent HTTP Request Smuggling is by sen… Continue reading What are NGINX reverseproxy users doing to prevent HTTP Request smuggling?
I just finished installing Nginx on my EC2 Ubuntu Server (AWS) and everything looks normal.
I tested it on my browser by accessing my EC2 public IP. I can see Nginx’s welcome message.
It’s not a big deal, but still bothering me.
My questio… Continue reading Should we enable UFW for EC2 (Ubuntu Server) instance with Nginx?
I have nginx as reverse proxy and apache in the back, a firewall setup to enable just http and https, and ssh.
netstat -tlupna gives me tens of lines with multiple TIME_WAIT or ESTABLISHED lines coming from plenty of IPs:80 and IPs:443 int… Continue reading How to stop multiple port access attempts – multiple TIME_WAIT and ESTABLISHED lines on ports 80, 443, etc… from external IPs
I have the following setup Nginx + php-fpm, Nginx is running on port 80 and 443.
Recently I noticed that connections were made from this servers port 80 to a remote machine on port 580x. [ src port is 80 (Nginx) and dst port is 580x]
Has s… Continue reading Possible VNC-over-HTTP exploit involving Nginx?
I’m trying to configure a
SecAction rule to help me tune ModSecurity 3 following this How to tune your WAF installation to reduce false positives tutorial, but the rule seems to be ignored and the msg is not printed either on access.log or… Continue reading Why is my SecAction rule being ignored?
Approov introduced the Approov Alliance and Integration Program to ensure that the critical elements of comprehensive mobile app API protection are rigorously tested and work together harmoniously and seamlessly to avoid both data leakage and exposure … Continue reading Approov Alliance and Integration Program offers security solutions to protect APIs
F5 announced several new developments that underscore its support for customers managing the accelerating pace of digital transformation and the critical role of open source technology in driving modern digital experiences. “Over the past year we’ve pr… Continue reading F5 announces new projects to scale modern application architectures
I have a website where I am blocking it from being loaded via iframe into other websites.
What I want is to keep this in place, but allow certain URLs from my website, to be iframed anywhere.
For example, allowing these to be iframed:
htt… Continue reading X-Permitted-Cross-Domain-Policies – allow certain URL patterns