Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - isJesusHere

Pages1
#1
Web Proxy Filtering and Caching / Re: nginx start and configcheck extremely slow
August 05, 2022, 01:36:08 PM
ok, so i figured out what it was. Somehow routing to that one VM within the subnet isn't working anymore by default. Setting a static route to the VM in opnsense fixed it. Really weird.

A few more infos for somebody else troubleshooting or wanting to fix this:
Opnsense with VLAN 10.10.0.0/24, mgmt net 192.168.178.0/24 (local network of ISP router).
access to VMs within VLAN with routes set to mgmt address setup in ISP router
With these static routes, I could access the VMs by IP from mgmt-net, but nginx couldn't. Where it now needs a static route, it didn't before 22.7. Maybe this is wanted for more granular routing control.

also this was the reason why nginx reload took so long, for anybody asking.
#2
Web Proxy Filtering and Caching / Re: nginx start and configcheck extremely slow
August 03, 2022, 03:30:02 PM
So that seemed to have worked. Now nginx reloads quick again, but I can only access one of my two upstream servers. Both within the same subnet. If i change the IP of the faulty upstream server I can access it again. Don't know how that's possible. Haven't changed anything else.
#3
Web Proxy Filtering and Caching / nginx start and configcheck extremely slow
July 30, 2022, 06:55:26 PM
Haven't had this problem in at least a year. Then, upgrade to 22.7 and it's back.
Restarting nginx from webui or cli will take ages (+5min).

But as soon as I restore a snapshot from 22.1 everything works just fine. Zero changes except the update.

Running opnsense in a esxi vm.

I've submitted a crash report via the webui and put the URL to this topic in the description. Don't know if it'll help
#4
General Discussion / Re: Where do custom NAXSI basic rule (whitelist rule) conditions get applied?
November 28, 2021, 01:30:38 PM
Well yeah, but in the nginx config only the basics of the basic-rule are included.
I attached a screenshot of the basic rule I created, added to a policy, and added that to a location and applied.
vs what shows in the location block
Code Select
BasicRule wl:1100 "mz:RAW_BODY";
note that it's missing
Code Select
X-Plex-Token=[0-9a-zA-Z]*. I'm new to naxsi, so i don't know if it's applied somewhere else, just that i can't find any other reference to the constraints I've made other than in the opnsense config
#5
General Discussion / Where do custom NAXSI basic rule (whitelist rule) conditions get applied?
November 28, 2021, 01:14:45 AM
So I'm currently setting up my WAF for various web apps and the nginx WebUI gives options to add conditions like "only match this specific GET argument, but only if it matches this regex" but when generating the nginx.conf i only see the "only this specific GET argument" part and not the regex.
Example:in the webui i have a rule setup that matches a GET argument named url but only if it's value matches
Code Select
X-Plex-Token=[0-9a-zA-Z]*. Now in the nginx conf it only shows
Code Select
BasicRule wl:1103 "mz:$ARGS_VAR:url";.
I don't see any links to include other configs, where it could specify what exactly to match.
Anybody know what I'm missing?
Pages1