<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p>Let's dissect an HTTP request that is sent to your NGINX server.</p>
<p>Assume for a moment it's '/cr-bin/mp.exe' that's the request but
there's extra headers. The full HTTP request looks like this
(CURL format output, but also what NGINX spits in debug mode):</p>
<p>POST /cr-bin/mp.exe<br>
referer: example.com/foobar.html<br>
content-type: text/json<br>
content-length: 2345</p>
<p>The actual URL request in this case would have been
<a class="moz-txt-link-freetext" href="http://your-nginx-server/cr-bin/mp.exe">http://your-nginx-server/cr-bin/mp.exe</a> with a POST to there, and
that is passed through to your system per your proxy_pass rules,
etc.</p>
<p>Where your logs are getting "gmer3.itd.sterling.com/home.htm" is
from that *referer* header. I.E. you would see
"example.com/foobar.html" if the referer header in the request was
the example above.</p>
<p>This has **nothing** to do with your configuration. Whatever
'poster' is doing to post the items to your system is passing a
referer header in the POST with the contents
"gmer3.itd.sterling.com/home.htm". If this is some other
site/system you'll see any number of potential referer items.
It's also entirely possible that this is your hostname, or
something specific to your Poster program itself setting the
referer header in the POST that it sends to your server.</p>
<p>This, again, has nothing to do with your NGINX configuration and
everything with how Poster is structuring the POST request
(including any headers it's sending in the request).</p>
<p><br>
</p>
<p><br>
</p>
<p>Thomas</p>
<p><br>
</p>
<div class="moz-cite-prefix">On 6/3/21 2:52 PM, Benn Boulton wrote:<br>
</div>
<blockquote type="cite"
cite="mid:62bf383d2f504c4c8cbb83b8c671a97f@skippingstone.com">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta name="Generator" content="Microsoft Word 15 (filtered
medium)">
<style>@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}span.EmailStyle18
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;}div.WordSection1
{page:WordSection1;}</style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal">Hi,<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Currently… The posts are coming from the
same computer that is hosting NGINX that passes the requests
to an external server.<o:p></o:p></p>
<p class="MsoNormal">Eventually… NGINX will be run on the same
computer with Apache and will also function as a load balancer
for multiple servers. One being the same as NGINX and other
external servers.<o:p></o:p></p>
<p class="MsoNormal">The posts are from a custom poster process
that is an .EXE run from the windows command prompt or a
process that calls the POSTER executable.<o:p></o:p></p>
<p class="MsoNormal">C:\POSTER> Poster
h:<a class="moz-txt-link-freetext" href="http://localhost/cr-bin/mp.exe">http://localhost/cr-bin/mp.exe</a> f:test.txt<o:p></o:p></p>
<p class="MsoNormal">h: is the host to send to<o:p></o:p></p>
<p class="MsoNormal">f: is the file with the payload to be sent
to the final destination which is the mp.exe on the server
listed in the proxy_pass parameter.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Everything looks to work as it should. But
the ‘gmer3.itd.sterling.com/home.htm’ Log entries are just not
what I expect to see.<o:p></o:p></p>
<p class="MsoNormal">I am installing NGINX to rate limit a
customer that is sending multiple posts so fast that we
occasionally miss one, and hope this will resolve that.<o:p></o:p></p>
<p class="MsoNormal">Again, the proxy redirect is working, just
the log entries is what prompted my asking.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Thanks, <o:p></o:p></p>
<p class="MsoNormal">- Benn<o:p></o:p></p>
<div style="border:none;border-top:solid #E1E1E1
1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b>From:</b> nginx
<a class="moz-txt-link-rfc2396E" href="mailto:nginx-bounces@nginx.org"><nginx-bounces@nginx.org></a> <b>On Behalf Of
</b>Moshe Katz<br>
<b>Sent:</b> Thursday, June 3, 2021 1:29 PM<br>
<b>To:</b> <a class="moz-txt-link-abbreviated" href="mailto:nginx@nginx.org">nginx@nginx.org</a><br>
<b>Subject:</b> Re: gmer3.itd.sterling.com/home.htm in the
access log<o:p></o:p></p>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal">Benn,<o:p></o:p></p>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">I guess my explanation wasn't clear
enough, so I'll try again.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">That value is not coming from anywhere
in your server's configuration - it has nothing to do with
proxy_pass or anything else. It is the value of the
"Referer" header that is in the incoming request.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">First, are these log lines from
requests that you are making to the server yourself, or
are they coming from someone else?<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">If it is your own traffic, where are
you making your requests from? Is it a page in a
web browser, or is it some other tool?<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">If it is a web browser, that is usually
the URL of the web page that is open in the browser. For
example, if I have a website at `<a
href="https://url.emailprotection.link/?bDBb9TVOKiqDPh_SUvfalWM90G6wcWScPnK_EVq6xVxh-Jq5ndDGgvfcC5U_tqxpluRe5jF35zSgN416HI1RIHw~~"
moz-do-not-send="true">example.com/page.html`</a> with a
form on it that submits to your server, the value in that
place in the logs will be `<a
href="https://url.emailprotection.link/?bMe1AJs-bSscT1yazCR9XS0kzX52Qa1-DwoIBV-QK8xxhHB1slVsgthl_uC3ltg7Vu05wQoXQi9lo9go4OQWCbA~~"
moz-do-not-send="true">https://example.com/page.html`</a>
so that your server can see where the request came from.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">Moshe<o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<div>
<p class="MsoNormal">On Thu, Jun 3, 2021 at 1:18 PM Benn
Boulton <<a href="mailto:bboulton@skippingstone.com"
moz-do-not-send="true">bboulton@skippingstone.com</a>>
wrote:<o:p></o:p></p>
</div>
<blockquote style="border:none;border-left:solid #CCCCCC
1.0pt;padding:0in 0in 0in
6.0pt;margin-left:4.8pt;margin-right:0in">
<div>
<div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">Hello
Moshe,<o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">Thanks
for the reply. I guess I was not clear enough in my
post. I know the /cr-bin/mp.exe is part of the POST
request.
<o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> What
I do not understand is where the <a
href="https://url.emailprotection.link/?bD5H3QzZ3V5r-EeQ1owgpRQF9oV5l2NRIm985JaimcuSK9Ouf7HkyYPBjb_5XEDTDFQOhTH2rYvU2h1CLfmBEfM8_cgt7-mqSW8-5oZbZzhsOjFEa1jMAMRarOyYb8wct"
target="_blank" moz-do-not-send="true">gmer3.itd.sterling.com/home.htm</a>
is coming from. It is not my proxy_pass value.<o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">It
is not part of the POST request or part of the nginx
proxy_pass or any thing I can find in my
configuration.<o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">Is
my post being sent to both my proxy_pass value and
this site in the log? Do I have a hacked nginx?<o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">-Benn<o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
<div style="border:none;border-top:solid #E1E1E1
1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><b>From:</b>
nginx <<a href="mailto:nginx-bounces@nginx.org"
target="_blank" moz-do-not-send="true">nginx-bounces@nginx.org</a>>
<b>On Behalf Of </b>Moshe Katz<br>
<b>Sent:</b> Thursday, June 3, 2021 12:14 PM<br>
<b>To:</b> <a href="mailto:nginx@nginx.org"
target="_blank" moz-do-not-send="true">nginx@nginx.org</a><br>
<b>Subject:</b> Re: <a
href="https://url.emailprotection.link/?bD5H3QzZ3V5r-EeQ1owgpRQF9oV5l2NRIm985JaimcuSK9Ouf7HkyYPBjb_5XEDTDFQOhTH2rYvU2h1CLfmBEfM8_cgt7-mqSW8-5oZbZzhsOjFEa1jMAMRarOyYb8wct"
target="_blank" moz-do-not-send="true">
gmer3.itd.sterling.com/home.htm</a> in the access
log<o:p></o:p></p>
</div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
<div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">Benn,<o:p></o:p></p>
<div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">That
part of the log is not the request URL, it is the
referrer header. The path that was requested on
your server is before that - a POST request to
"/cr-bin/mp.exe". The referrer (which the HTTP
standard actually misspells as "referer") is the
web page that is making this request to your
server.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;margin-bottom:12.0pt">Moshe<o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
<div>
<div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">On
Thu, Jun 3, 2021 at 12:08 PM Benn Boulton <<a
href="mailto:bboulton@skippingstone.com"
target="_blank" moz-do-not-send="true">bboulton@skippingstone.com</a>>
wrote:<o:p></o:p></p>
</div>
<blockquote style="border:none;border-left:solid
#CCCCCC 1.0pt;padding:0in 0in 0in
6.0pt;margin-left:4.8pt;margin-top:5.0pt;margin-right:0in;margin-bottom:5.0pt">
<div>
<div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">Hello,<o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">I
have just installed the NGINX service to help
rate limit connections to my Apache server on
Windows.<o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">NGNIX
1.19.10 on Windows 10 64 bit<o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">Everything
seems to be working fine but I am getting
access log entries that I do not understand
for the pages I am redirecting.<o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">I
am running a process that posts to the server.
NGNIX is processing the request and passing it
to the destination server but it is not
<a
href="https://url.emailprotection.link/?bD5H3QzZ3V5r-EeQ1owgpRQF9oV5l2NRIm985JaimcuSK9Ouf7HkyYPBjb_5XEDTDFQOhTH2rYvU2h1CLfmBEfM8_cgt7-mqSW8-5oZbZzhsOjFEa1jMAMRarOyYb8wct"
target="_blank" moz-do-not-send="true">
gmer3.itd.sterling.com/home.htm</a> as shown
in the access log entries below.<o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">Any
Idea why<o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">127.0.0.1
- t_skipstone [03/Jun/2021:10:30:07 -0400]
"POST /cr-bin/mp.exe HTTP/1.1" 200 569 "<a
href="https://url.emailprotection.link/?bD5H3QzZ3V5r-EeQ1owgpRQF9oV5l2NRIm985JaimcuSK9Ouf7HkyYPBjb_5XEDTDFQOhTH2rYvU2h1CLfmBEfM8_cgt7-mqSW8-5oZbZzhsOjFEa1jMAMRarOyYb8wct"
target="_blank" moz-do-not-send="true">gmer3.itd.sterling.com/home.htm</a>"
"brow v1.0 CCI"<o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">127.0.0.1
- t_skipstone [03/Jun/2021:10:31:07 -0400]
"POST /cr-bin/mp.exe HTTP/1.1" 200 569 "<a
href="https://url.emailprotection.link/?bD5H3QzZ3V5r-EeQ1owgpRQF9oV5l2NRIm985JaimcuSK9Ouf7HkyYPBjb_5XEDTDFQOhTH2rYvU2h1CLfmBEfM8_cgt7-mqSW8-5oZbZzhsOjFEa1jMAMRarOyYb8wct"
target="_blank" moz-do-not-send="true">gmer3.itd.sterling.com/home.htm</a>"
"brow v1.0 CCI"<o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">127.0.0.1
- t_skipstone [03/Jun/2021:10:33:35 -0400]
"POST /cr-bin/mp.exe HTTP/1.1" 200 569 "<a
href="https://url.emailprotection.link/?bD5H3QzZ3V5r-EeQ1owgpRQF9oV5l2NRIm985JaimcuSK9Ouf7HkyYPBjb_5XEDTDFQOhTH2rYvU2h1CLfmBEfM8_cgt7-mqSW8-5oZbZzhsOjFEa1jMAMRarOyYb8wct"
target="_blank" moz-do-not-send="true">gmer3.itd.sterling.com/home.htm</a>"
"brow v1.0 CCI"<o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">127.0.0.1
- t_skipstone [03/Jun/2021:10:37:42 -0400]
"POST /cr-bin/mp.exe HTTP/1.1" 200 569 "<a
href="https://url.emailprotection.link/?bD5H3QzZ3V5r-EeQ1owgpRQF9oV5l2NRIm985JaimcuSK9Ouf7HkyYPBjb_5XEDTDFQOhTH2rYvU2h1CLfmBEfM8_cgt7-mqSW8-5oZbZzhsOjFEa1jMAMRarOyYb8wct"
target="_blank" moz-do-not-send="true">gmer3.itd.sterling.com/home.htm</a>"
"brow v1.0 CCI"<o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">127.0.0.1
- t_skipstone [03/Jun/2021:10:55:03 -0400]
"POST /cr-bin/mp.exe HTTP/1.1" 200 569 "<a
href="https://url.emailprotection.link/?bD5H3QzZ3V5r-EeQ1owgpRQF9oV5l2NRIm985JaimcuSK9Ouf7HkyYPBjb_5XEDTDFQOhTH2rYvU2h1CLfmBEfM8_cgt7-mqSW8-5oZbZzhsOjFEa1jMAMRarOyYb8wct"
target="_blank" moz-do-not-send="true">gmer3.itd.sterling.com/home.htm</a>"
"brow v1.0 CCI"<o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">127.0.0.1
- t_skipstone [03/Jun/2021:10:56:34 -0400]
"POST /cr-bin/mp.exe HTTP/1.1" 200 569 "<a
href="https://url.emailprotection.link/?bD5H3QzZ3V5r-EeQ1owgpRQF9oV5l2NRIm985JaimcuSK9Ouf7HkyYPBjb_5XEDTDFQOhTH2rYvU2h1CLfmBEfM8_cgt7-mqSW8-5oZbZzhsOjFEa1jMAMRarOyYb8wct"
target="_blank" moz-do-not-send="true">gmer3.itd.sterling.com/home.htm</a>"
"brow v1.0 CCI"<o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">Thanks<o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><b><span
style="color:#1B3E6F">Benn
</span></b><o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">_______________________________________________<br>
nginx mailing list<br>
<a href="mailto:nginx@nginx.org" target="_blank"
moz-do-not-send="true">nginx@nginx.org</a><br>
<a
href="https://url.emailprotection.link/?b0r-C9_AUw48-Ch5rHbhyfCAxCuaEcGez1jSw3TSmi_yMSerkqszEs29ZeJ-9XHhKXFPzhIWSbHbDCNUmj6Tzf9mgNn_Pt2ohe5UJSMuWw0QP3IvnnyCmFlsv4r_rtY2d"
target="_blank" moz-do-not-send="true">http://mailman.nginx.org/mailman/listinfo/nginx</a><o:p></o:p></p>
</blockquote>
</div>
</div>
</div>
<p class="MsoNormal">_______________________________________________<br>
nginx mailing list<br>
<a href="mailto:nginx@nginx.org" target="_blank"
moz-do-not-send="true">nginx@nginx.org</a><br>
<a
href="https://url.emailprotection.link/?b0r-C9_AUw48-Ch5rHbhyfCAxCuaEcGez1jSw3TSmi_yMSerkqszEs29ZeJ-9XHhKXFPzhIWSbHbDCNUmj6Tzf9mgNn_Pt2ohe5UJSMuWw0QP3IvnnyCmFlsv4r_rtY2d"
target="_blank" moz-do-not-send="true">http://mailman.nginx.org/mailman/listinfo/nginx</a><o:p></o:p></p>
</blockquote>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
nginx mailing list
<a class="moz-txt-link-abbreviated" href="mailto:nginx@nginx.org">nginx@nginx.org</a>
<a class="moz-txt-link-freetext" href="http://mailman.nginx.org/mailman/listinfo/nginx">http://mailman.nginx.org/mailman/listinfo/nginx</a></pre>
</blockquote>
</body>
</html>