Rocksolid Light

Welcome to novaBBS

register   nodelist   faq  

Your account also provides newsreader access to all groups at news.i2pn2.org port 119 or 563 (TLS)


rocksolid / Security / Re: nginx is great

SubjectAuthor
* long live return code 444Anonymous
+- Re: long live return code 444Retro Guy
+* ZonesAnonymous
|`- Re: ZonesRetro Guy
+* nginx is greatAnonymous
|`- Re: nginx is greatAnonUser
`- Re: long live return code 444anon

1
Subject: long live return code 444
From: pos...@anon.com (Anonymous)
Newsgroups: rocksolid.shared.security
Organization: def5
Date: Sun, 26 Jul 2020 22:58 UTC
Path: i2pn2.org!rocksolid2!def5!.POSTED.bogusentry!not-for-mail
From: pos...@anon.com (Anonymous)
Newsgroups: rocksolid.shared.security
Subject: long live return code 444
Date: Sun, 26 Jul 2020 15:58:22 -0700
Organization: def5
Message-ID: <opsec.703.16vmh7@anon.com>
Content-Type: text/plain; charset=UTF-8
Injection-Info: def5.org; posting-host="bogusentry:192.168.1.189";
logging-data="25743"; mail-complaints-to="usenet@def5.org"
View all headers
https://nginx.org/en/docs/http/ngx_http_rewrite_module.html#return

Block certain kinds of ddos at application level simply by dropping the connection with your reverse http proxy. works like a charm, simpler and more effective than lowlevel blocking attempts (like with iptables).

You can base the criteria which connection to drop on all kind of shit like user-agent, url, request method or any other var you can access. Also you can use combinations of them to fingerprint annoying bots.

And nginxs non standard return code 444 simply drops the connection without giving any answer, thus not wasting any more server resoources like cpu time or open sockets or giving more information to potential attackers.

Fucking awesome ! nginx just rocks.

--
Posted on def2


Subject: Re: long live return code 444
From: retro....@rocksolidbbs.com (Retro Guy)
Newsgroups: rocksolid.shared.security
Organization: Rocksolid Light
Date: Mon, 27 Jul 2020 08:20 UTC
Path: i2pn2.org!.POSTED!not-for-mail
From: retro....@rocksolidbbs.com (Retro Guy)
Newsgroups: rocksolid.shared.security
Subject: Re: long live return code 444
Date: Mon, 27 Jul 2020 08:20:14 +0000
Organization: Rocksolid Light
Message-ID: <4fbc28ca82cf5d7628dd03beef312c86$1@www.novabbs.com>
References: <opsec.703.16vmh7@anon.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Info: i2pn2.org; posting-account="retrobbs1";
logging-data="12045"; mail-complaints-to="usenet@i2pn2.org"
User-Agent: Rocksolid Light (news.novabbs.com/getrslight)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on novabbs.com
X-Rslight-Site: $2y$10$eQnkal1MD7UFw5SBd.oqKubsrx4VoCH4oWpcdfQRECrUJ8hb7qWcW
View all headers
Anonymous wrote:

https://nginx.org/en/docs/http/ngx_http_rewrite_module.html#return

Block certain kinds of ddos at application level simply by dropping the connection with your reverse http proxy. works like a charm, simpler and more effective than lowlevel blocking attempts (like with iptables).

I use zones to limit requests and a few other ways of blocking. It works great. I wasn't familiar with the code you mention here, I need to check it out.

Fucking awesome ! nginx just rocks.

Been really impressed with nginx so far!

Retro Guy

--
Posted on: Rocksolid Light
www.novabbs.com


Subject: Zones
From: pos...@anon.com (Anonymous)
Newsgroups: rocksolid.shared.security
Organization: def5
Date: Mon, 27 Jul 2020 18:25 UTC
Path: i2pn2.org!rocksolid2!def5!.POSTED.bogusentry!not-for-mail
From: pos...@anon.com (Anonymous)
Newsgroups: rocksolid.shared.security
Subject: Zones
Date: Mon, 27 Jul 2020 11:25:11 -0700
Organization: def5
Message-ID: <opsec.705.1js4ni@anon.com>
References: <opsec.703.16vmh7@anon.com>
Content-Type: text/plain; charset=UTF-8
Injection-Info: def5.org; posting-host="bogusentry:192.168.1.189";
logging-data="28547"; mail-complaints-to="usenet@def5.org"
View all headers
I use zones to limit requests

I looked at zones as well, but if you cannot use the ip (because it is a service on tor), than your are kind of stuck in some situations.
In my case I used a combination of the URL and the posting method to get rid of some annoying script kids.

--
Posted on def2


Subject: nginx is great
From: pos...@anon.com (Anonymous)
Newsgroups: rocksolid.shared.security
Organization: def5
Date: Sat, 1 Aug 2020 22:13 UTC
Path: i2pn2.org!rocksolid2!def5!.POSTED.bogusentry!not-for-mail
From: pos...@anon.com (Anonymous)
Newsgroups: rocksolid.shared.security
Subject: nginx is great
Date: Sat, 01 Aug 2020 15:13:19 -0700
Organization: def5
Message-ID: <opsec.711.2dzng2@anon.com>
References: <opsec.703.16vmh7@anon.com>
Content-Type: text/plain; charset=UTF-8
Injection-Info: def5.org; posting-host="bogusentry:192.168.1.189";
logging-data="13208"; mail-complaints-to="usenet@def5.org"
View all headers
nginx is great for sure, and it also comes with some pitfalls (concerning the configuration). the nginx team was so fed up with those that they put together a page dedicated to what not to do. It's really great and it saved me some headaches already:
https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/#passing-uncontrolled-requests-to-php
Also good to read:
https://www.nginx.com/resources/wiki/start/topics/depth/ifisevil/
https://agentzh.blogspot.com/2011/03/how-nginx-location-if-works.html

--
Posted on def2


Subject: Re: nginx is great
From: AnonU...@rslight.i2p (AnonUser)
Newsgroups: rocksolid.shared.security
Organization: Rocksolid Light
Date: Wed, 5 Aug 2020 01:13 UTC
Path: i2pn2.org!rocksolid2!.POSTED.localhost!not-for-mail
From: AnonU...@rslight.i2p (AnonUser)
Newsgroups: rocksolid.shared.security
Subject: Re: nginx is great
Date: Wed, 5 Aug 2020 01:13:23 +0000
Organization: Rocksolid Light
Message-ID: <baa1f124146a0b8ca5f51f388e28258b$1@rslight.i2p>
References: <opsec.703.16vmh7@anon.com> <opsec.711.2dzng2@anon.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Info: novabbs.org; posting-account="retrobbs1"; posting-host="localhost:127.0.0.1";
logging-data="1723"; mail-complaints-to="usenet@novabbs.org"
User-Agent: Rocksolid Light (news.novabbs.com/getrslight)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on novabbs.org
X-Rslight-Site: $2y$10$cWFddsd6Cj6RgMu6Pzi2Oecq9pN7/tF2wS9GFTCqv3.ks9VkGlE5O
View all headers
Anonymous wrote:

nginx is great for sure, and it also comes with some pitfalls (concerning the configuration). the nginx team was so fed up with those that they put together a page dedicated to what not to do. It's really great and it saved me some headaches already:
https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/#passing-uncontrolled-requests-to-php

Interesting, and pretty nicely written. Standarize and simplify are good goals.

Also good to read:
https://www.nginx.com/resources/wiki/start/topics/depth/ifisevil/
https://agentzh.blogspot.com/2011/03/how-nginx-location-if-works.html

Haven't checked these out yet.

--
Posted on: Rocksolid Light
rslight.i2p


Subject: Re: Zones
From: retro....@rocksolidbbs.com (Retro Guy)
Newsgroups: rocksolid.shared.security
Organization: Rocksolid Light
Date: Wed, 5 Aug 2020 04:51 UTC
Date: Wed, 5 Aug 2020 04:51:45 +0000
Subject: Re: Zones
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on novabbs-new-nyc1
From: retro....@rocksolidbbs.com (Retro Guy)
Newsgroups: rocksolid.shared.security
X-Rslight-Site: $2y$10$UY4PVXjk7xYkQ1Q5TvsOP.m9pIa8VxQsxFV6s3n6x7OVfgdgC34jS
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
User-Agent: Rocksolid Light (news.novabbs.com/getrslight)
References: <opsec.703.16vmh7@anon.com> <opsec.705.1js4ni@anon.com>
Organization: Rocksolid Light
Message-ID: <dae9ba9695017ce0efcbee5554f12fab$1@www.novabbs.com>
View all headers
Anonymous wrote:

I use zones to limit requests

I looked at zones as well, but if you cannot use the ip (because it is a service on tor), than your are kind of stuck in some situations.
In my case I used a combination of the URL and the posting method to get rid of some annoying script kids.

It's nice to be able to throttle spiders, and it's not difficult if you have an ip address. Even i2p provides a specific ip for each identity, so it works. With tor, you can't really throttle without throttling everyone.

--
Posted on: novaBBS
www.novabbs.com



Subject: Re: long live return code 444
From: ano...@anon.com (anon)
Newsgroups: rocksolid.shared.security
Organization: def5
Date: Wed, 5 Aug 2020 19:01 UTC
Path: i2pn2.org!rocksolid2!def5!POSTED.localhost!not-for-mail
From: ano...@anon.com (anon)
Newsgroups: rocksolid.shared.security
Message-ID: <95b9482bebb165b27724bb50470eadf4@def4>
Subject: Re: long live return code 444
Date: Wed, 05 Aug 2020 19:01:34+0000
Organization: def5
In-Reply-To: <opsec.703.16vmh7@anon.com>
References: <opsec.703.16vmh7@anon.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
View all headers

With tor, you can't really throttle without throttling everyone.

Yes, and with the method mentioned in the op you can actually kill the buggers connections instead of just throttling.

--
Posted on def4


1
rocksolid light 0.6.6
clearnet i2p tor