wargio
commented
1 year ago interesting. how i can reproduce this?
Closed mrbaiwei closed 1 year ago
wargio
commented
1 year ago interesting. how i can reproduce this?
mrbaiwei
commented
1 year ago I found the reason for the problem, and the reason is the matching order of the 403 error page.
location ~* ^/(.*)\.html$) {
proxy_pass http://127.0.0.1:80;
}
location /RequestDenied {
return 403;
}
error_page 403 /x403.html;
location ~ ^/x403.html$ {
root /etc/nginx/error;
}solve with the following configuration
location ~ ^/x403.html$ {
root /etc/nginx/error;
}
location ~* ^/(.*)\.html$) {
proxy_pass http://127.0.0.1:80;
}
location /RequestDenied {
return 403;
}
error_page 403 /x403.html;interesting. so is not a naxsi issue per se, but a configuration issue with nginx.
wargio
commented
1 year ago also i suggest to mark /RequestDenied as internal
mrbaiwei
commented
1 year ago also i suggest to mark
/RequestDeniedas internal
Ok, thank you. This issue has troubled me for a long time, to the point where I have had to restart nginx regularly.
wargio
commented
1 year ago sorry to hear that.
After enabling the naxsi module, in certain cases, the communication IP remains in CLOSE_WAIT state without being released. This issue occurs in the new version of nginx, and it is suspected to be a compatibility problem.
netstat -tunp|grep nginx|grep CLOSE_WAIT|wc -l 40108