gmer3.itd.sterling.com/home.htm in the access log
Thomas Ward
teward at thomas-ward.net
Thu Jun 3 21:20:47 UTC 2021
You should create your own thread for this issue, Fatma, as it has
nothing to do with the issue that Benn was having.
Thomas
On 6/3/21 5:07 PM, Fatma MAZARI wrote:
> Hi,
> I have a question,
> I wanna use nginx and ffmpeg to serve chunks to clients without using
> or sending .m3u file to client. How can i do this lease?
> * ffmpeg copy streams in local ( in /home/STREAMS/channel/stream%d.ts
> ==> /home/STREAMS/channel/stream1.ts ,
> /home/STREAMS/channel/stream2.ts , /home/STREAMS/channel/stream3.ts ....)
> * I want nginx to serve clients chunk by chunk in a continuous way
> without serving m3u file (the client must wait for the next chunk) .
> Thank you , Please I need your help
> Fatma.
>
> Le jeu. 3 juin 2021 à 22:02, Thomas Ward <teward at thomas-ward.net
> <mailto:teward at thomas-ward.net>> a écrit :
>
> Let's dissect an HTTP request that is sent to your NGINX server.
>
> Assume for a moment it's '/cr-bin/mp.exe' that's the request but
> there's extra headers. The full HTTP request looks like this
> (CURL format output, but also what NGINX spits in debug mode):
>
> POST /cr-bin/mp.exe
> referer: example.com/foobar.html <http://example.com/foobar.html>
> content-type: text/json
> content-length: 2345
>
> The actual URL request in this case would have been
> http://your-nginx-server/cr-bin/mp.exe
> <http://your-nginx-server/cr-bin/mp.exe> with a POST to there, and
> that is passed through to your system per your proxy_pass rules, etc.
>
> Where your logs are getting "gmer3.itd.sterling.com/home.htm
> <http://gmer3.itd.sterling.com/home.htm>" is from that *referer*
> header. I.E. you would see "example.com/foobar.html
> <http://example.com/foobar.html>" if the referer header in the
> request was the example above.
>
> This has **nothing** to do with your configuration. Whatever
> 'poster' is doing to post the items to your system is passing a
> referer header in the POST with the contents
> "gmer3.itd.sterling.com/home.htm
> <http://gmer3.itd.sterling.com/home.htm>". If this is some other
> site/system you'll see any number of potential referer items.
> It's also entirely possible that this is your hostname, or
> something specific to your Poster program itself setting the
> referer header in the POST that it sends to your server.
>
> This, again, has nothing to do with your NGINX configuration and
> everything with how Poster is structuring the POST request
> (including any headers it's sending in the request).
>
>
>
> Thomas
>
>
> On 6/3/21 2:52 PM, Benn Boulton wrote:
>>
>> Hi,
>>
>> Currently… The posts are coming from the same computer that is
>> hosting NGINX that passes the requests to an external server.
>>
>> Eventually… NGINX will be run on the same computer with Apache
>> and will also function as a load balancer for multiple servers.
>> One being the same as NGINX and other external servers.
>>
>> The posts are from a custom poster process that is an .EXE run
>> from the windows command prompt or a process that calls the
>> POSTER executable.
>>
>> C:\POSTER> Poster h:http://localhost/cr-bin/mp.exe
>> <http://localhost/cr-bin/mp.exe> f:test.txt
>>
>> h: is the host to send to
>>
>> f: is the file with the payload to be sent to the final
>> destination which is the mp.exe on the server listed in the
>> proxy_pass parameter.
>>
>> Everything looks to work as it should. But the
>> ‘gmer3.itd.sterling.com/home.htm
>> <http://gmer3.itd.sterling.com/home.htm>’ Log entries are just
>> not what I expect to see.
>>
>> I am installing NGINX to rate limit a customer that is sending
>> multiple posts so fast that we occasionally miss one, and hope
>> this will resolve that.
>>
>> Again, the proxy redirect is working, just the log entries is
>> what prompted my asking.
>>
>> Thanks,
>>
>> - Benn
>>
>> *From:* nginx <nginx-bounces at nginx.org>
>> <mailto:nginx-bounces at nginx.org> *On Behalf Of *Moshe Katz
>> *Sent:* Thursday, June 3, 2021 1:29 PM
>> *To:* nginx at nginx.org <mailto:nginx at nginx.org>
>> *Subject:* Re: gmer3.itd.sterling.com/home.htm
>> <http://gmer3.itd.sterling.com/home.htm> in the access log
>>
>> Benn,
>>
>> I guess my explanation wasn't clear enough, so I'll try again.
>>
>> That value is not coming from anywhere in your server's
>> configuration - it has nothing to do with proxy_pass or anything
>> else. It is the value of the "Referer" header that is in the
>> incoming request.
>>
>> First, are these log lines from requests that you are making to
>> the server yourself, or are they coming from someone else?
>>
>> If it is your own traffic, where are you making your requests
>> from? Is it a page in a web browser, or is it some other tool?
>>
>> If it is a web browser, that is usually the URL of the web page
>> that is open in the browser. For example, if I have a website at
>> `example.com/page.html`
>> <https://url.emailprotection.link/?bDBb9TVOKiqDPh_SUvfalWM90G6wcWScPnK_EVq6xVxh-Jq5ndDGgvfcC5U_tqxpluRe5jF35zSgN416HI1RIHw~~>
>> with a form on it that submits to your server, the value in that
>> place in the logs will be `https://example.com/page.html`
>> <https://url.emailprotection.link/?bMe1AJs-bSscT1yazCR9XS0kzX52Qa1-DwoIBV-QK8xxhHB1slVsgthl_uC3ltg7Vu05wQoXQi9lo9go4OQWCbA~~>
>> so that your server can see where the request came from.
>>
>> Moshe
>>
>> On Thu, Jun 3, 2021 at 1:18 PM Benn Boulton
>> <bboulton at skippingstone.com <mailto:bboulton at skippingstone.com>>
>> wrote:
>>
>> Hello Moshe,
>>
>> Thanks for the reply. I guess I was not clear enough in my
>> post. I know the /cr-bin/mp.exe is part of the POST request.
>>
>> What I do not understand is where the
>> gmer3.itd.sterling.com/home.htm
>> <https://url.emailprotection.link/?bD5H3QzZ3V5r-EeQ1owgpRQF9oV5l2NRIm985JaimcuSK9Ouf7HkyYPBjb_5XEDTDFQOhTH2rYvU2h1CLfmBEfM8_cgt7-mqSW8-5oZbZzhsOjFEa1jMAMRarOyYb8wct>
>> is coming from. It is not my proxy_pass value.
>>
>> It is not part of the POST request or part of the nginx
>> proxy_pass or any thing I can find in my configuration.
>>
>> Is my post being sent to both my proxy_pass value and this
>> site in the log? Do I have a hacked nginx?
>>
>> -Benn
>>
>> *From:* nginx <nginx-bounces at nginx.org
>> <mailto:nginx-bounces at nginx.org>> *On Behalf Of *Moshe Katz
>> *Sent:* Thursday, June 3, 2021 12:14 PM
>> *To:* nginx at nginx.org <mailto:nginx at nginx.org>
>> *Subject:* Re: gmer3.itd.sterling.com/home.htm
>> <https://url.emailprotection.link/?bD5H3QzZ3V5r-EeQ1owgpRQF9oV5l2NRIm985JaimcuSK9Ouf7HkyYPBjb_5XEDTDFQOhTH2rYvU2h1CLfmBEfM8_cgt7-mqSW8-5oZbZzhsOjFEa1jMAMRarOyYb8wct>
>> in the access log
>>
>> Benn,
>>
>> That part of the log is not the request URL, it is the
>> referrer header. The path that was requested on your server
>> is before that - a POST request to "/cr-bin/mp.exe". The
>> referrer (which the HTTP standard actually misspells as
>> "referer") is the web page that is making this request to
>> your server.
>>
>> Moshe
>>
>> On Thu, Jun 3, 2021 at 12:08 PM Benn Boulton
>> <bboulton at skippingstone.com
>> <mailto:bboulton at skippingstone.com>> wrote:
>>
>> Hello,
>>
>> I have just installed the NGINX service to help rate
>> limit connections to my Apache server on Windows.
>>
>> NGNIX 1.19.10 on Windows 10 64 bit
>>
>> Everything seems to be working fine but I am getting
>> access log entries that I do not understand for the pages
>> I am redirecting.
>>
>> I am running a process that posts to the server. NGNIX is
>> processing the request and passing it to the destination
>> server but it is not gmer3.itd.sterling.com/home.htm
>> <https://url.emailprotection.link/?bD5H3QzZ3V5r-EeQ1owgpRQF9oV5l2NRIm985JaimcuSK9Ouf7HkyYPBjb_5XEDTDFQOhTH2rYvU2h1CLfmBEfM8_cgt7-mqSW8-5oZbZzhsOjFEa1jMAMRarOyYb8wct>
>> as shown in the access log entries below.
>>
>> Any Idea why
>>
>> 127.0.0.1 - t_skipstone [03/Jun/2021:10:30:07 -0400]
>> "POST /cr-bin/mp.exe HTTP/1.1" 200 569
>> "gmer3.itd.sterling.com/home.htm
>> <https://url.emailprotection.link/?bD5H3QzZ3V5r-EeQ1owgpRQF9oV5l2NRIm985JaimcuSK9Ouf7HkyYPBjb_5XEDTDFQOhTH2rYvU2h1CLfmBEfM8_cgt7-mqSW8-5oZbZzhsOjFEa1jMAMRarOyYb8wct>"
>> "brow v1.0 CCI"
>>
>> 127.0.0.1 - t_skipstone [03/Jun/2021:10:31:07 -0400]
>> "POST /cr-bin/mp.exe HTTP/1.1" 200 569
>> "gmer3.itd.sterling.com/home.htm
>> <https://url.emailprotection.link/?bD5H3QzZ3V5r-EeQ1owgpRQF9oV5l2NRIm985JaimcuSK9Ouf7HkyYPBjb_5XEDTDFQOhTH2rYvU2h1CLfmBEfM8_cgt7-mqSW8-5oZbZzhsOjFEa1jMAMRarOyYb8wct>"
>> "brow v1.0 CCI"
>>
>> 127.0.0.1 - t_skipstone [03/Jun/2021:10:33:35 -0400]
>> "POST /cr-bin/mp.exe HTTP/1.1" 200 569
>> "gmer3.itd.sterling.com/home.htm
>> <https://url.emailprotection.link/?bD5H3QzZ3V5r-EeQ1owgpRQF9oV5l2NRIm985JaimcuSK9Ouf7HkyYPBjb_5XEDTDFQOhTH2rYvU2h1CLfmBEfM8_cgt7-mqSW8-5oZbZzhsOjFEa1jMAMRarOyYb8wct>"
>> "brow v1.0 CCI"
>>
>> 127.0.0.1 - t_skipstone [03/Jun/2021:10:37:42 -0400]
>> "POST /cr-bin/mp.exe HTTP/1.1" 200 569
>> "gmer3.itd.sterling.com/home.htm
>> <https://url.emailprotection.link/?bD5H3QzZ3V5r-EeQ1owgpRQF9oV5l2NRIm985JaimcuSK9Ouf7HkyYPBjb_5XEDTDFQOhTH2rYvU2h1CLfmBEfM8_cgt7-mqSW8-5oZbZzhsOjFEa1jMAMRarOyYb8wct>"
>> "brow v1.0 CCI"
>>
>> 127.0.0.1 - t_skipstone [03/Jun/2021:10:55:03 -0400]
>> "POST /cr-bin/mp.exe HTTP/1.1" 200 569
>> "gmer3.itd.sterling.com/home.htm
>> <https://url.emailprotection.link/?bD5H3QzZ3V5r-EeQ1owgpRQF9oV5l2NRIm985JaimcuSK9Ouf7HkyYPBjb_5XEDTDFQOhTH2rYvU2h1CLfmBEfM8_cgt7-mqSW8-5oZbZzhsOjFEa1jMAMRarOyYb8wct>"
>> "brow v1.0 CCI"
>>
>> 127.0.0.1 - t_skipstone [03/Jun/2021:10:56:34 -0400]
>> "POST /cr-bin/mp.exe HTTP/1.1" 200 569
>> "gmer3.itd.sterling.com/home.htm
>> <https://url.emailprotection.link/?bD5H3QzZ3V5r-EeQ1owgpRQF9oV5l2NRIm985JaimcuSK9Ouf7HkyYPBjb_5XEDTDFQOhTH2rYvU2h1CLfmBEfM8_cgt7-mqSW8-5oZbZzhsOjFEa1jMAMRarOyYb8wct>"
>> "brow v1.0 CCI"
>>
>> Thanks
>>
>> *Benn *
>>
>> _______________________________________________
>> nginx mailing list
>> nginx at nginx.org <mailto:nginx at nginx.org>
>> http://mailman.nginx.org/mailman/listinfo/nginx
>> <https://url.emailprotection.link/?b0r-C9_AUw48-Ch5rHbhyfCAxCuaEcGez1jSw3TSmi_yMSerkqszEs29ZeJ-9XHhKXFPzhIWSbHbDCNUmj6Tzf9mgNn_Pt2ohe5UJSMuWw0QP3IvnnyCmFlsv4r_rtY2d>
>>
>> _______________________________________________
>> nginx mailing list
>> nginx at nginx.org <mailto:nginx at nginx.org>
>> http://mailman.nginx.org/mailman/listinfo/nginx
>> <https://url.emailprotection.link/?b0r-C9_AUw48-Ch5rHbhyfCAxCuaEcGez1jSw3TSmi_yMSerkqszEs29ZeJ-9XHhKXFPzhIWSbHbDCNUmj6Tzf9mgNn_Pt2ohe5UJSMuWw0QP3IvnnyCmFlsv4r_rtY2d>
>>
>>
>> _______________________________________________
>> nginx mailing list
>> nginx at nginx.org <mailto:nginx at nginx.org>
>> http://mailman.nginx.org/mailman/listinfo/nginx <http://mailman.nginx.org/mailman/listinfo/nginx>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org <mailto:nginx at nginx.org>
> http://mailman.nginx.org/mailman/listinfo/nginx
> <http://mailman.nginx.org/mailman/listinfo/nginx>
>
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20210603/a01c4147/attachment-0001.htm>
More information about the nginx
mailing list