0

I'm using google compute engine as a proxy server using nginx. I make several POST requests to it and it redirects them to a third party server.

The issue is, from today I started getting unexpected responses for my all POST requests through proxy server - "hello Guest, How Can I help You?" however, making a request directly to the third party server is giving proper response and restarting nginx server fixed the issue.

So, is my server is compromised or this message is given by nginx ? and if it is compromised then how can I avoid this in future

Marco
  • 1,709
  • 3
  • 17
  • 31
Abhay Sehgal
  • 51
  • 3
  • My guess is this is a rate limiting response from the 3rd party service. Restarting nginx might give it enough time to go below the rate limit. Sending a POST request manually could do the same or it might be okay because it's from a different user-agent. Honestly, it's hard to say since we do not know which 3rd party service you're using. You may want to check their TOS or API guides for more information. – drg Feb 10 '20 at 19:13

1 Answers1

0

It's not a standard response. But you would need to check your HTTP logs and see where it came from to identify if it was local or the 3rd party service.

Your Nginx logs will be set in your conf file under access_log and this log should hold the info you need.

Nginx by default is fairly robust, I would be surprised if you were compromised if it was just doing proxy things for you and the only external access was 80/443.

Lucas
  • 31
  • 3