Questions regarding spdy module, browser behaviour and "access forbidden by rule"
georg at riseup.net
Wed Sep 3 18:18:50 UTC 2014
[Not sure if this is the right list, because I'm uncertain if the
following is intended behaviour or a problem in nginx or the involved
browsers. So would be happy if you guys could me give some advice and a
pointer in case, this mail should better be directed elsewhere; if so,
sorry for the noise.]
[Iceweasel is the name of Firefox in Debian.]
I've got a server running a current Debian Wheezy and nginx
1.6.1-1~bpo70+1. Like this suggests, the packages (nginx-common and
nginx-extras) are installed from wheezy-backports. This server got one
private ip, the traffic to and from the public internet gets routed by
haproxy on a different machine.
I've tried out the spdy module to test how this changes page load times etc.
On the webserver I'm hosting some static content, an etherpad and a
dokuwiki. I've put the configuration for the dokuwiki vhost at .
This works just fine with Chromium 35.0.1916.153-1~deb7u1 (out of
wheezy) and Iceweasel 24.8.0esr-1~deb7u1 (out of wheezy), no problems
loged, neither in the browser, nor in the nginx logs.
However, using Iceweasel 31.0-1~bpo70+1 (out of wheezy-backports), the
browser console reads various 403 forbidden, and the nginx log is
telling me the cause: "[...] 25108#0: *200 access forbidden by rule,
client: XX.XX.XX.XX, server: wiki.example.com, request: "GET
/lib/exe/js.php?tseed=1395165407 HTTP/1.1 [...]".
I've got no clue how to debug this, to be honest. I didn't made any
change, just upgrading one of the involved browsers.
Could this be an incompatibility with this new Iceweasel version?
Any ideas for this?
And one more question: I've tried (because of these failures) to enable
spdy just on some vhosts, but it seems, enabling spdy in one of these
makes all vhosts using it. Is this correct? Could I circumvent this
using two ips, one spdy enabled, and one spdy disabled?
Thanks in advance,
P.S.: Nginx is awesome - thanks for your work!
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 259 bytes
Desc: OpenPGP digital signature
More information about the nginx