Questions regarding spdy module, browser behaviour and "access forbidden by rule"
Valentin V. Bartenev
vbart at nginx.com
Wed Sep 3 20:23:32 UTC 2014
On Wednesday 03 September 2014 20:18:50 georg wrote:
> However, using Iceweasel 31.0-1~bpo70+1 (out of wheezy-backports), the
> browser console reads various 403 forbidden, and the nginx log is
> telling me the cause: "[...] 25108#0: *200 access forbidden by rule,
> client: XX.XX.XX.XX, server: wiki.example.com, request: "GET
> /lib/exe/js.php?tseed=1395165407 HTTP/1.1 [...]".
> I've got no clue how to debug this, to be honest. I didn't made any
> change, just upgrading one of the involved browsers.
> Could this be an incompatibility with this new Iceweasel version?
> Any ideas for this?
That's very strange. Could you provide a debug log?
> And one more question: I've tried (because of these failures) to enable
> spdy just on some vhosts, but it seems, enabling spdy in one of these
> makes all vhosts using it. Is this correct? Could I circumvent this
> using two ips, one spdy enabled, and one spdy disabled?
Yes, this is correct and documented: http://nginx.org/r/listen
Note, that it "allows accepting SPDY connections on this port".
And yes, two ips will help.
wbr, Valentin V. Bartenev
More information about the nginx