Tag: Proxy
Problems related to proxy configurations or usage
| ID | Title | Description | Category | Technology | Tags |
|---|---|---|---|---|---|
| CRE-2025-0054 Low Impact: 7/10 Mitigation: 5/10 | NGINX upstream connection timeout | NGINX reports an upstream timeout error when it cannot establish or maintain a connection to backend services within the configured timeout threshold. This occurs when backend services are unresponsive, overloaded, or when the timeout values are set too low for normal operation conditions. The error indicates that NGINX attempted to proxy a request to an upstream server, but the connection or read operation timed out before completion. | Proxy Timeout Problems | nginx | NginxTimeoutProxyBackend IssueNetworking |
| CRE-2025-0055 Medium Impact: 8/10 Mitigation: 3/10 | Nginx upstream buffer size too small | Nginx reports that an upstream server is sending headers that exceed the configured buffer size limits. This typically happens when the upstream application sends responses with large headers, cookies, or other header fields that don't fit in the default buffer allocation. When this occurs, Nginx cannot properly proxy the response to clients, resulting in HTTP errors. | Web Server Problems | nginx | NginxConfigurationProxyHeader SizeBuffer |
| CRE-2025-0138 Low Impact: 5/10 Mitigation: 4/10 | Supabase Self-Hosted: API Rate Limit Exceeded and Request Throttling | Detects when Supabase API requests are being rate-limited due to excessive traffic or aggressive client behavior. This results in HTTP 429 responses and can indicate DDoS attacks, misconfigured clients, or insufficient rate limiting configuration for the application's traffic patterns. | API Problems | kong | SupabaseRate LimitingThrottlingProxyPerformanceSelf-HostedPublic |
| CRE-2025-0142 Medium Impact: 6/10 Mitigation: 5/10 | Supabase Self-Hosted: SSL Certificate Missing or Invalid Configuration | Detects when Supabase services fail due to missing, invalid, or improperly configured SSL certificates. This affects HTTPS endpoints, secure WebSocket connections, and can prevent clients from establishing secure connections to the self-hosted Supabase instance. | Configuration Problem | kong | SupabaseSslTLSCertificate VerificationSecurityConfigurationProxySelf-HostedSSL CertificatePublic |