Interesting: [Wayback/Archive] nginxinc/kic-reference-architectures: MARA: Modern Application Reference Architecture
Archive for the ‘nginx’ Category
nginxinc/kic-reference-architectures: MARA: Modern Application Reference Architecture
Posted by jpluimers on 2025/01/16
Posted in *nix, *nix-tools, Cloud Development, Development, nginx, Power User, Software Development, Systems Architecture, Web Development | Leave a Comment »
Cool nginx playground by b0rk (Julia Evans)
Posted by jpluimers on 2024/08/28
This is a really cool interactive [Wayback/Archive] nginx playground!
It starts with a default nginx configuration which you can edit and spins up a docker container for each run showing the results of that configuration.
How cool is that to learn how nginx works (:
This is how I found out about it:
Share this:
Posted in *nix, *nix-tools, Conference Topics, Conferences, Development, Event, nginx, Power User, Software Development, Web Development | Leave a Comment »
showthedocs
Posted by jpluimers on 2021/02/18
is a documentation browser that finds the relevant docs for your code. It works by parsing the code and connecting parts of it to their explanation in the docs
, and supports these languages:
- SQL
- postgresql
- mysql
- Configuration
- nginx
- gitconfig
You can enter any language text, then click the language, followed by clicking the “SHOW ME THE DOCS!” button, for which an example is further below.
The site has an open architecture, allowing to plug in more languages and documentation:
- [WayBack] showthedocs – how to contribute, with examples on the current structure:
- [WayBack] add support for git config files · idank/showthedocs@14bcc72 · GitHub: Docs scraped off git-scm.com. Parser is built with pyparsing.
- [WayBack] showthedocs/ast.py at master · idank/showthedocs · GitHub
- [WayBack] showthedocs/common.py at master · idank/showthedocs · GitHub: Context
- [WayBack] showthedocs/common.py at master · idank/showthedocs · GitHub: lexer import
- [WayBack] showthedocs/nginx.py at master · idank/showthedocs · GitHub
- [WayBack] showthedocs/getdocs at master · idank/showthedocs · GitHub
- [WayBack] showthedocs – about
- [WayBack] GitHub – idank/showthedocs
gitconfig example
So for instance the below ./git/config file leads to this result [WayBack] where you can click on all the coloured areas for easy navigation through the documentation:
Share this:
Posted in *nix, *nix-tools, Database Development, Development, DVCS - Distributed Version Control, git, MySQL, nginx, PostgreSQL, Power User, Software Development | Leave a Comment »
GitHub – yandex/gixy: Nginx configuration static analyzer
Posted by jpluimers on 2018/10/26
[WayBack] GitHub – yandex/gixy: Nginx configuration static analyzer
Gixy is a tool to analyze Nginx configuration. The main goal of Gixy is to prevent security misconfiguration and automate flaw detection.
…
Right now Gixy can find:
- [ssrf] Server Side Request Forgery
- [http_splitting] HTTP Splitting
- [origins] Problems with referrer/origin validation
- [add_header_redefinition] Redefining of response headers by “add_header” directive
- [host_spoofing] Request’s Host header forgery
- [valid_referers] none in valid_referers
- [add_header_multiline] Multiline response headers
- [alias_traversal] Path traversal via misconfigured alias
You can find things that Gixy is learning to detect at Issues labeled with “new plugin”
This helps you prevent an nginx configuration issue that can server too many static content by using ../ in the web request which got a lot of attention last week, but was in fact already found during 2016 HCTF by Aklis, and presented by Orange Tsai (twitter/github/blog) various times in 2018, including [WayBack] hack.lu 2018.
.
Related:
- [WayBack] htctf 你没走过的套路 – Th1s’s Bl0g which has a very good Google Translate
- Earlier presentation by Orange Tsai at blackhat 2018 USA: [WayBack] us-18-Orange-Tsai-Breaking-Parser-Logic-Take-Your-Path-Normalization-Off-And-Pop-0days-Out-2.pdf
- [WayBack] x0rz en Twitter: “Nginx off-by-slash vulnerability, cool trick presented by @orange_8361 at #hacklu… “
- [WayBack] Orange Tsai on Twitter: “Be careful the Nginx configuration, or use https://github.com/yandex/gixy to scan your configuration!… “
- [WayBack] Orange: This is 🍊 speaking
- [WayBack] Talks – hack.lu 2018
- hack.lu 2018 videos are being uploaded at https://www.youtube.com/channel/UCI6B0zYvK-7FdM0Vgh3v3Tg/videos
- [WaBack] Hier ein Hackerterrorcybercyber gegen nginx. twitter… – Kristian Köhntopp – Google+
–jeroen
Share this:
Posted in *nix, DevOps, nginx, Power User, Security | Leave a Comment »
The Wiert Corner - irregular stream of stuff 