nginx and Apache killer
Maxim Dounin
mdounin at mdounin.ru
Sun Aug 28 08:46:26 UTC 2011
Hello!
On Sat, Aug 27, 2011 at 09:34:11PM -0430, Juan Angulo Moreno wrote:
> Hi,
>
> I use nginx 1.0 in my server (with fastcgi + php5 support), it runs
> several website using wordpress. Today my harddisk is full (this run
> in VPS service). error.log file occupied 6.8 Gb and mysql server is
> frozen. How I can prevent that if someone applies the Apache killer
> script to my nginx stop filling the disk?.
Usual aproach is to rotate logs periodically and/or control
logging level via error_log directive. And this isn't specific to
any particular script, this is just administration basics.
Maxim Dounin
>
> Thanks you!
>
> 2011/8/27 Igor Sysoev <igor at sysoev.ru>:
> > Following "Apache Killer" discussions and the advisory from 2011-08-24
> > (Advisory: Range header DoS vulnerability Apache HTTPD 2.x CVE-2011-3192)
> > we'd like to clarify a couple of things in regards to nginx behavior
> > either in standalone or "combo" (nginx+apache) modes.
> >
> > First of all, nginx doesn't favor HEAD requests with compression,
> > so the exact mentioned attack doesn't work against a standalone
> > nginx installation.
> >
> > If you're using nginx in combination with proxying to apache backend,
> > please check your configuration to see if nginx actually passes range
> > requests to the backend:
> >
> > 1) If you're using proxying WITH caching then range requests are not
> > sent to backend and your apache should be safe.
> >
> > 2) If you're NOT using caching then you might be vulnerable to the attack.
> >
> > In order to mitigate this attack when your installation includes
> > apache behind nginx we recommend you the following:
> >
> > 1. Refer to the above mentioned security advisory CVE-2011-3192 for apache
> > and implement described measures accordingly.
> >
> > 2. Consider using nginx configuration below (in server{} section of
> > configuration). This particular example filters 5 and more ranges
> > in the request:
> >
> > if ($http_range ~ "(?:\d*\s*-\s*\d*\s*,\s*){5,}") {
> > return 416;
> > }
> >
> > We'd also like to notify you that for standalone nginx installations
> > we've produced the attached patch. This patch prevents handling
> > malicious range requests at all, instead outputting just the entire file
> > if the total size of all ranges is greater than the expected response.
> >
> >
> > --
> > Igor Sysoev
> >
> > _______________________________________________
> > nginx mailing list
> > nginx at nginx.org
> > http://mailman.nginx.org/mailman/listinfo/nginx
> >
> >
>
>
>
> --
> Juan A. Moreno
> http://apostols.net
> Fingerprint GPG: 0FEE E0BF 2904 FE77 1682 2171 C842 DBF1 34BC CD04
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
More information about the nginx
mailing list