Questions regarding spdy module, browser behaviour and "access forbidden by rule"

Valentin V. Bartenev vbart at
Wed Sep 3 20:23:32 UTC 2014

On Wednesday 03 September 2014 20:18:50 georg wrote:
> However, using Iceweasel 31.0-1~bpo70+1 (out of wheezy-backports), the
> browser console reads various 403 forbidden, and the nginx log is
> telling me the cause: "[...] 25108#0: *200 access forbidden by rule,
> client: XX.XX.XX.XX, server:, request: "GET
> /lib/exe/js.php?tseed=1395165407 HTTP/1.1 [...]".
> I've got no clue how to debug this, to be honest. I didn't made any
> change, just upgrading one of the involved browsers.
> Could this be an incompatibility with this new Iceweasel version?
> Any ideas for this?

That's very strange.  Could you provide a debug log?

> And one more question: I've tried (because of these failures) to enable
> spdy just on some vhosts, but it seems, enabling spdy in one of these
> makes all vhosts using it. Is this correct? Could I circumvent this
> using two ips, one spdy enabled, and one spdy disabled?

Yes, this is correct and documented:
Note, that it "allows accepting SPDY connections on this port".

And yes, two ips will help.

  wbr, Valentin V. Bartenev

More information about the nginx mailing list