My site is vulnerable to the SSL FREAK attacks.
jinwon42
nginx-forum at nginx.us
Mon Apr 13 07:50:50 UTC 2015
my site is vulnerable to the SSL FREAK attacks.
i have a setting problem.
my setting is....
I want all request "http" --> "https"
But, some location is "https" --> "http".
ALL Location : https
/companyBrand.do : http only
What's problem?
---------------------------------------------------------------------------------------------------
map $request_uri $example_org_preferred_proto {
default "https";
~^/mobile/rsvPayOnlyResult2.do "http";
~^/kor/cartel.do "http";
}
server {
listen 443 ssl;
listen 80;
server_name www.test.com;
charset utf-8;
#ssl on;
ssl_certificate D:/nginx-1.7.10/ssl/cert.pem;
ssl_certificate_key D:/nginx-1.7.10/ssl/nopasswd.pem;
ssl_verify_client off;
ssl_session_timeout 5m;
ssl_protocols SSLv3 TLSv1;
ssl_ciphers AES256-SHA:HIGH:!EXPORT:!eNULL:!ADH:RC4+RSA;
ssl_prefer_server_ciphers on;
error_page 400 /error/error.html;
error_page 403 /error/error.html;
error_page 404 /error/error.html;
if ($scheme != $example_org_preferred_proto) {
return 301 $example_org_preferred_proto://$server_name$request_uri;
}
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For
$proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_buffering off;
proxy_connect_timeout 60;
proxy_read_timeout 60;
proxy_pass http://wwwtestcom;
proxy_ssl_session_reuse off;
}
}
Posted at Nginx Forum: http://forum.nginx.org/read.php?2,257984,257984#msg-257984
More information about the nginx
mailing list