gmer3.itd.sterling.com/home.htm in the access log

Thomas Ward teward at thomas-ward.net
Thu Jun 3 21:20:47 UTC 2021


You should create your own thread for this issue, Fatma, as it has 
nothing to do with the issue that Benn was having.


Thomas


On 6/3/21 5:07 PM, Fatma MAZARI wrote:
> Hi,
> I have a question,
> I wanna use nginx and ffmpeg to serve chunks to clients without using 
> or sending .m3u file to client. How can i do this lease?
> * ffmpeg copy streams in local ( in /home/STREAMS/channel/stream%d.ts 
> ==> /home/STREAMS/channel/stream1.ts , 
> /home/STREAMS/channel/stream2.ts , /home/STREAMS/channel/stream3.ts ....)
> * I want nginx to serve clients chunk by chunk in a continuous  way 
> without serving m3u file (the client must wait for the next chunk)  .
> Thank you ,  Please I need your help
> Fatma.
>
> Le jeu. 3 juin 2021 à 22:02, Thomas Ward <teward at thomas-ward.net 
> <mailto:teward at thomas-ward.net>> a écrit :
>
>     Let's dissect an HTTP request that is sent to your NGINX server.
>
>     Assume for a moment it's '/cr-bin/mp.exe' that's the request but
>     there's extra headers.  The full HTTP request looks like this
>     (CURL format output, but also what NGINX spits in debug mode):
>
>     POST /cr-bin/mp.exe
>     referer: example.com/foobar.html <http://example.com/foobar.html>
>     content-type: text/json
>     content-length: 2345
>
>     The actual URL request in this case would have been
>     http://your-nginx-server/cr-bin/mp.exe
>     <http://your-nginx-server/cr-bin/mp.exe> with a POST to there, and
>     that is passed through to your system per your proxy_pass rules, etc.
>
>     Where your logs are getting "gmer3.itd.sterling.com/home.htm
>     <http://gmer3.itd.sterling.com/home.htm>" is from that *referer*
>     header.  I.E. you would see "example.com/foobar.html
>     <http://example.com/foobar.html>" if the referer header in the
>     request was the example above.
>
>     This has **nothing** to do with your configuration. Whatever
>     'poster' is doing to post the items to your system is passing a
>     referer header in the POST with the contents
>     "gmer3.itd.sterling.com/home.htm
>     <http://gmer3.itd.sterling.com/home.htm>". If this is some other
>     site/system you'll see any number of potential referer items. 
>     It's also entirely possible that this is your hostname, or
>     something specific to your Poster program itself setting the
>     referer header in the POST that it sends to your server.
>
>     This, again, has nothing to do with your NGINX configuration and
>     everything with how Poster is structuring the POST request
>     (including any headers it's sending in the request).
>
>
>
>     Thomas
>
>
>     On 6/3/21 2:52 PM, Benn Boulton wrote:
>>
>>     Hi,
>>
>>     Currently… The posts are coming from the  same computer that is
>>     hosting NGINX  that passes the requests to an external server.
>>
>>     Eventually…  NGINX will be run on the same computer with Apache
>>     and will also function as a load balancer for multiple servers.
>>     One being the same as NGINX and other external  servers.
>>
>>     The posts are from a custom poster process that is an .EXE run
>>     from the windows command prompt or a process that calls the
>>     POSTER executable.
>>
>>     C:\POSTER> Poster h:http://localhost/cr-bin/mp.exe
>>     <http://localhost/cr-bin/mp.exe> f:test.txt
>>
>>     h: is the host to send to
>>
>>     f: is the file with the payload to be sent to the final
>>     destination which is the mp.exe on the server listed in the
>>     proxy_pass parameter.
>>
>>     Everything looks to work as it should.  But the
>>     ‘gmer3.itd.sterling.com/home.htm
>>     <http://gmer3.itd.sterling.com/home.htm>’ Log entries are just
>>     not what I expect to see.
>>
>>     I  am installing NGINX to rate limit a customer that is sending
>>     multiple posts so fast that we occasionally miss one, and hope
>>     this will resolve that.
>>
>>     Again, the proxy redirect is working, just the log entries is
>>     what prompted my asking.
>>
>>     Thanks,
>>
>>     - Benn
>>
>>     *From:* nginx <nginx-bounces at nginx.org>
>>     <mailto:nginx-bounces at nginx.org> *On Behalf Of *Moshe Katz
>>     *Sent:* Thursday, June 3, 2021 1:29 PM
>>     *To:* nginx at nginx.org <mailto:nginx at nginx.org>
>>     *Subject:* Re: gmer3.itd.sterling.com/home.htm
>>     <http://gmer3.itd.sterling.com/home.htm> in the access log
>>
>>     Benn,
>>
>>     I guess my explanation wasn't clear enough, so I'll try again.
>>
>>     That value is not coming from anywhere in your server's
>>     configuration - it has nothing to do with proxy_pass or anything
>>     else. It is the value of the "Referer" header that is in the
>>     incoming request.
>>
>>     First, are these log lines from requests that you are making to
>>     the server yourself, or are they coming from someone else?
>>
>>     If it is your own traffic, where are you making your requests
>>     from? Is it a page in a web browser, or is it some other tool?
>>
>>     If it is a web browser, that is usually the URL of the web page
>>     that is open in the browser. For example, if I have a website at
>>     `example.com/page.html`
>>     <https://url.emailprotection.link/?bDBb9TVOKiqDPh_SUvfalWM90G6wcWScPnK_EVq6xVxh-Jq5ndDGgvfcC5U_tqxpluRe5jF35zSgN416HI1RIHw~~>
>>     with a form on it that submits to your server, the value in that
>>     place in the logs will be `https://example.com/page.html`
>>     <https://url.emailprotection.link/?bMe1AJs-bSscT1yazCR9XS0kzX52Qa1-DwoIBV-QK8xxhHB1slVsgthl_uC3ltg7Vu05wQoXQi9lo9go4OQWCbA~~>
>>     so that your server can see where the request came from.
>>
>>     Moshe
>>
>>     On Thu, Jun 3, 2021 at 1:18 PM Benn Boulton
>>     <bboulton at skippingstone.com <mailto:bboulton at skippingstone.com>>
>>     wrote:
>>
>>         Hello Moshe,
>>
>>         Thanks for the reply.  I guess I was not clear enough in my
>>         post.  I know the /cr-bin/mp.exe is part of the POST request.
>>
>>          What I do not understand is where the
>>         gmer3.itd.sterling.com/home.htm
>>         <https://url.emailprotection.link/?bD5H3QzZ3V5r-EeQ1owgpRQF9oV5l2NRIm985JaimcuSK9Ouf7HkyYPBjb_5XEDTDFQOhTH2rYvU2h1CLfmBEfM8_cgt7-mqSW8-5oZbZzhsOjFEa1jMAMRarOyYb8wct>
>>         is coming from. It is not my proxy_pass value.
>>
>>         It is not part of the POST request or part of the nginx
>>         proxy_pass or any thing I can find in my configuration.
>>
>>         Is my post being sent to both my proxy_pass value and this
>>         site in the log? Do I have a hacked nginx?
>>
>>         -Benn
>>
>>         *From:* nginx <nginx-bounces at nginx.org
>>         <mailto:nginx-bounces at nginx.org>> *On Behalf Of *Moshe Katz
>>         *Sent:* Thursday, June 3, 2021 12:14 PM
>>         *To:* nginx at nginx.org <mailto:nginx at nginx.org>
>>         *Subject:* Re: gmer3.itd.sterling.com/home.htm
>>         <https://url.emailprotection.link/?bD5H3QzZ3V5r-EeQ1owgpRQF9oV5l2NRIm985JaimcuSK9Ouf7HkyYPBjb_5XEDTDFQOhTH2rYvU2h1CLfmBEfM8_cgt7-mqSW8-5oZbZzhsOjFEa1jMAMRarOyYb8wct>
>>         in the access log
>>
>>         Benn,
>>
>>         That part of the log is not the request URL, it is the
>>         referrer header. The path that was requested on your server
>>         is before that - a POST request to "/cr-bin/mp.exe". The
>>         referrer (which the HTTP standard actually misspells as
>>         "referer") is the web page that is making this request to
>>         your server.
>>
>>         Moshe
>>
>>         On Thu, Jun 3, 2021 at 12:08 PM Benn Boulton
>>         <bboulton at skippingstone.com
>>         <mailto:bboulton at skippingstone.com>> wrote:
>>
>>             Hello,
>>
>>             I have just installed the NGINX service to help rate
>>             limit connections to my Apache server on Windows.
>>
>>             NGNIX 1.19.10 on Windows 10 64 bit
>>
>>             Everything seems to be working fine but I am getting
>>             access log entries that I do not understand for the pages
>>             I am redirecting.
>>
>>             I am running a process that posts to the server. NGNIX is
>>             processing the request and passing it to the destination
>>             server but it is not gmer3.itd.sterling.com/home.htm
>>             <https://url.emailprotection.link/?bD5H3QzZ3V5r-EeQ1owgpRQF9oV5l2NRIm985JaimcuSK9Ouf7HkyYPBjb_5XEDTDFQOhTH2rYvU2h1CLfmBEfM8_cgt7-mqSW8-5oZbZzhsOjFEa1jMAMRarOyYb8wct>
>>             as shown in the access log entries below.
>>
>>             Any Idea why
>>
>>             127.0.0.1 - t_skipstone [03/Jun/2021:10:30:07 -0400]
>>             "POST /cr-bin/mp.exe HTTP/1.1" 200 569
>>             "gmer3.itd.sterling.com/home.htm
>>             <https://url.emailprotection.link/?bD5H3QzZ3V5r-EeQ1owgpRQF9oV5l2NRIm985JaimcuSK9Ouf7HkyYPBjb_5XEDTDFQOhTH2rYvU2h1CLfmBEfM8_cgt7-mqSW8-5oZbZzhsOjFEa1jMAMRarOyYb8wct>"
>>             "brow v1.0 CCI"
>>
>>             127.0.0.1 - t_skipstone [03/Jun/2021:10:31:07 -0400]
>>             "POST /cr-bin/mp.exe HTTP/1.1" 200 569
>>             "gmer3.itd.sterling.com/home.htm
>>             <https://url.emailprotection.link/?bD5H3QzZ3V5r-EeQ1owgpRQF9oV5l2NRIm985JaimcuSK9Ouf7HkyYPBjb_5XEDTDFQOhTH2rYvU2h1CLfmBEfM8_cgt7-mqSW8-5oZbZzhsOjFEa1jMAMRarOyYb8wct>"
>>             "brow v1.0 CCI"
>>
>>             127.0.0.1 - t_skipstone [03/Jun/2021:10:33:35 -0400]
>>             "POST /cr-bin/mp.exe HTTP/1.1" 200 569
>>             "gmer3.itd.sterling.com/home.htm
>>             <https://url.emailprotection.link/?bD5H3QzZ3V5r-EeQ1owgpRQF9oV5l2NRIm985JaimcuSK9Ouf7HkyYPBjb_5XEDTDFQOhTH2rYvU2h1CLfmBEfM8_cgt7-mqSW8-5oZbZzhsOjFEa1jMAMRarOyYb8wct>"
>>             "brow v1.0 CCI"
>>
>>             127.0.0.1 - t_skipstone [03/Jun/2021:10:37:42 -0400]
>>             "POST /cr-bin/mp.exe HTTP/1.1" 200 569
>>             "gmer3.itd.sterling.com/home.htm
>>             <https://url.emailprotection.link/?bD5H3QzZ3V5r-EeQ1owgpRQF9oV5l2NRIm985JaimcuSK9Ouf7HkyYPBjb_5XEDTDFQOhTH2rYvU2h1CLfmBEfM8_cgt7-mqSW8-5oZbZzhsOjFEa1jMAMRarOyYb8wct>"
>>             "brow v1.0 CCI"
>>
>>             127.0.0.1 - t_skipstone [03/Jun/2021:10:55:03 -0400]
>>             "POST /cr-bin/mp.exe HTTP/1.1" 200 569
>>             "gmer3.itd.sterling.com/home.htm
>>             <https://url.emailprotection.link/?bD5H3QzZ3V5r-EeQ1owgpRQF9oV5l2NRIm985JaimcuSK9Ouf7HkyYPBjb_5XEDTDFQOhTH2rYvU2h1CLfmBEfM8_cgt7-mqSW8-5oZbZzhsOjFEa1jMAMRarOyYb8wct>"
>>             "brow v1.0 CCI"
>>
>>             127.0.0.1 - t_skipstone [03/Jun/2021:10:56:34 -0400]
>>             "POST /cr-bin/mp.exe HTTP/1.1" 200 569
>>             "gmer3.itd.sterling.com/home.htm
>>             <https://url.emailprotection.link/?bD5H3QzZ3V5r-EeQ1owgpRQF9oV5l2NRIm985JaimcuSK9Ouf7HkyYPBjb_5XEDTDFQOhTH2rYvU2h1CLfmBEfM8_cgt7-mqSW8-5oZbZzhsOjFEa1jMAMRarOyYb8wct>"
>>             "brow v1.0 CCI"
>>
>>             Thanks
>>
>>             *Benn *
>>
>>             _______________________________________________
>>             nginx mailing list
>>             nginx at nginx.org <mailto:nginx at nginx.org>
>>             http://mailman.nginx.org/mailman/listinfo/nginx
>>             <https://url.emailprotection.link/?b0r-C9_AUw48-Ch5rHbhyfCAxCuaEcGez1jSw3TSmi_yMSerkqszEs29ZeJ-9XHhKXFPzhIWSbHbDCNUmj6Tzf9mgNn_Pt2ohe5UJSMuWw0QP3IvnnyCmFlsv4r_rtY2d>
>>
>>         _______________________________________________
>>         nginx mailing list
>>         nginx at nginx.org <mailto:nginx at nginx.org>
>>         http://mailman.nginx.org/mailman/listinfo/nginx
>>         <https://url.emailprotection.link/?b0r-C9_AUw48-Ch5rHbhyfCAxCuaEcGez1jSw3TSmi_yMSerkqszEs29ZeJ-9XHhKXFPzhIWSbHbDCNUmj6Tzf9mgNn_Pt2ohe5UJSMuWw0QP3IvnnyCmFlsv4r_rtY2d>
>>
>>
>>     _______________________________________________
>>     nginx mailing list
>>     nginx at nginx.org  <mailto:nginx at nginx.org>
>>     http://mailman.nginx.org/mailman/listinfo/nginx  <http://mailman.nginx.org/mailman/listinfo/nginx>
>     _______________________________________________
>     nginx mailing list
>     nginx at nginx.org <mailto:nginx at nginx.org>
>     http://mailman.nginx.org/mailman/listinfo/nginx
>     <http://mailman.nginx.org/mailman/listinfo/nginx>
>
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20210603/a01c4147/attachment-0001.htm>


More information about the nginx mailing list