Reverse Proxy Security Risks

A fresh look on reverse proxy related attacks | Acunetix

In recent years, several researches have been published about attacks deliberately or directly related to reverse proxies. While implementing various reverse-proxy checks on the scanner, I started analyzing implementations of reverse proxies.
Initially, I wanted to analyze how both reverse proxies and web servers parse requests, find out inconsistencies in the process between them and use this knowledge for some kind of bypasses. Unfortunately, I was stuck with analyzing web servers and application servers due to too many possible variations. For example, Apache web server behaves differently depending on how you connect it with PHP. Also, an implementation of a web application, framework or middleware used by a web application can influence the requests parsing process as well. In the end I realized that some attacks are still little-known or completely unknown.
The goal of this research is to portray the bigger picture of potential attacks on a reverse proxy or the backend servers behind it. In the main part of the article, I will show some examples of vulnerable configurations and exploitation of attacks on various reverse proxies, but the second goal of the research is to share the raw data about various implementations of reverse proxies so you can find your ways/tricks (depending on a backend server in each specific situation).
Terms
Actually, the research is not only about reverse proxies, but also about load balancers, cache proxies, WAFs and other intermediate servers between a user and web application which parses and forwards requests. However I haven’t found a good term which correctly describes such a server and is well-known in the community, so I will use “reverse proxy” even when I talk about load balancers or cache proxy. I will call a web application behind a reverse proxy a back-end server. Be aware that a backend server is so-called an origin server (this will make sense when we start talking about caching).
What is reverse proxy?
How proxies work
The basic idea of a reverse proxy is quite simple. It’s an intermediate server between a user and a back-end server. The purpose of it can be quite different: it can route requests depending on the URL to various backends or it can just be there “to protect” against some attacks or simply to analyze traffic. The implementations can be different too, but the main sequence of steps is quite the same.
A reverse proxy must receive a request, it must process it, perform some action on it and forward to a backend.
Processing of a request consists of several main steps:
Parsing
When a reverse proxy receives a request, it must parse it: to get a verb, a path, a HTTP version, host header and other headers and body.
GET /path HTTP/1. 1
Host:
Header: something
Everything may look quite simple, but if you dive into details, you will see implementations are different.
Some examples:
– If a reverse supports Absolute-URI, how will it parse it? Does Absolute-URI have a higher priority than Host header? :
GET other_host_header/path HTTP/1. 1
– URL consists of `scheme:[//authority]path[? query][#fragment], and browsers don’t send #fragment. But how must a reverse proxy handle #fragment?
Nginx throws fragment off, Apache returns a 400 error (due to # in the path), some others handle it as a usual symbol.
– How does it handle symbols which must be URL-encoded?
GET /[0x01] HTTP/1. 1
URL decoding
Due to standards, symbols with a special meaning in the URL must be URL-encoded (%-encoding), like the double quote (“) or “greater than” sign (>). But practically, any symbol can be URL-encoded and sent in a path part. Many web servers perform URL-decoding while processing a request, so next requests will be treated in the same way by them.
GET / HTTP/1. 1
GET%2f%69%6e%64%65%78%2e%70%68%70 HTTP/1. 1
Path normalization
Many web servers support path normalization. Main cases are well-known:
/long/.. /path/here -> /path/here
/long/. /path/here -> /long/path/here
But what about /..? For Apache, it’s an equivalent of /.. /, but for Nginx it means nothing.
/long/path/here/.. -> /long/path/ – Apache
/long/path/here/.. -> /long/path/here/.. – Nginx
The same with // (“empty” directory). Nginx converts it to just one slash /, but, if it’s not the first slash, Apache treats it as a directory.
//long//path//here -> /long/path/here – Nginx
//long/path/here -> /long/path/here – Apache
/long//path/here -> /long//path/here – Apache
Here are some additional (weird) features which are supported by some web servers. For example: support of path parameters – /.. ;/ is valid for Tomcat and Jetty or traversal with backslash (\.. \).
b) Applying rules and performing actions on a request
Once a request is processed, the reverse proxy can perform some actions on the request due to its configuration. Important to note that in many cases, rules of a reverse proxy are path (location) based. If the path is pathA, do one thing, if pathB – do another.
Depending on the implementation or on the configuration, a reverse proxy applies rules based on a processed (parsed, URL-decoded, normalized) path or on an unprocessed path (rare case). It’s also important for us to note if it is case-sensitive or not. For example, will the next paths be treated equally by a reverse proxy? :
/path1/ == /Path1/ == /p%61th1/ == /lala/.. /path1/
C) Forwarding to a back-end
The reverse proxy has processed a request, found appropriate rules for it and performed necessary actions. Now it must send (forward) it to a backend. Will it send the processed request or initial request? Obviously, if it has modified the request, then it sends the modified version, but in this case, it must perform all the necessary steps, for example, to perform URL-encoding of special symbols. But what if the reverse proxy just forwards all requests to only one backend, maybe forwarding the initial request is a good idea?
As you can see all these steps are quite obvious and there are not so many variations. Still, there are differences in implementations, which we, as attackers, can use for our goals.
Therefore, the idea of all attacks described below is that a reverse proxy processes a request, finds and applies rules and forwards it to a backend. If we find an inconsistency between the way a reverse proxy processes a request and the way a backend server processes it, we are then able to create such a request(path) which is interpreted like one path by the reverse proxy and a completely different path by the backend. So, we will be able to bypass or to forcefully apply some rules of the reverse proxy.
Here are some examples
Nginx
Nginx is a well-known web server, but is also very popular as a reverse proxy. Nginx supports Absolute-URI with an arbitrary scheme and higher priority than a Host header. Nginx parses, URL-decodes and normalizes a request path. Then it applies location-based rules depending on the processed path.
But it looks like Nginx has two main behaviors and each of them has its own interesting features:
With trailing slash
location / {
proxy_pass backend_server/;}
In this configuration, Nginx forwards all requests to the `backend_server`. It sends the processed request to the backend, meaning that Nginx must URL-encode the necessary symbols. The interesting thing for an attacker is that Nginx doesn’t encode all the symbols which browsers usually do. For example, it doesn’t URL-encode ‘ ” < >.
Even if there is a web application (back-end server) which takes a parameter from a path and which is vulnerable to XSS, an attacker cannot exploit it, because modern browsers (except dirty tricks with IE) URL-encode these symbols. But if there is Nginx as a reverse proxy, an attacker can force a user to send a URL-encoded XSS payload in the path. The Nginx decodes it and sends the decoded version to the backend server, which makes exploitation of XSS possible.
Browser -> -> Nginx -> backend_server/path/<"xss_here">/ -> WebApp
Without trailing slash
proxy_pass backend_server;}
The only difference between this config and the previous one is the lack of the trailing slash. Although seemingly insignificant, it forces Nginx to forward an unprocessed request to the backend. So if you send /any_path/.. /to_%61pp#/path2, after processing of the request, Nginx will try to find a rule for `/to_app`, but it will send /any_path/.. /to_%61pp#/path2 to the backend. Such behavior is useful to find inconsistencies.
Haproxy
Haproxy is a load balancer (with HTTP support). It doesn’t make much sense to compare it to Nginx, but it will give you an idea of a different approach.
Haproxy makes minimal processing of a request. So there is no “real” parsing, URL-decoding, normalization. It doesn’t support Absolute-URI either.
Therefore, it takes everything (with few exceptions) between a verb and HTTP version (GET! i<@>? lala=#anything HTTP/1. 1) and, after applying rules, forwards it to a backend server. However it supports path-based rules and allows it to modify requests and responses.
How proxies are used
While I was working on this research, analyzing various configurations of reverse proxies, I came to the conclusion that we can both bypass and apply rules of a reverse proxy. Therefore, to understand the real potential of reverse proxy related attacks, we must have a look at their abilities.
First of all, a reverse proxy has access to both a request and a response (including those which it sends/receives from a backend server). Secondly, we need a good understanding of all the features which a reverse proxy supports and how people configure them.
How can a reverse proxy handle a request? :
Routing to endpoint. It means that a reverse proxy receives a request on one path (/app1/), but forwards the request to a completely different one (/any/path/app2/) on a backend. Or it forwards the request to a specific backend depending on a Host header value.
Rewriting path/query. This is similar to the previous one, but usually involves different internal mechanisms (regexp)
Denying access. When a reverse proxy blocks a request to a certain path.
Headers modification. In some cases, a reverse proxy may add or change headers of the request. It could be a cool feature for an attacker, but it’s hard to exploit with a black box approach.
How can a reverse proxy handle a response? :
Cache. Many reverse proxies support caching of response.
Headers modification. Sometimes a reverse proxy adds or modifies response headers (even security related), because it cannot be done on a backend server
Body modification. Reverse proxies will sometimes modify the body too. Edge Side Includes (ESI) is an example of when this can happen.
All this is important for to see more potential attacks, but also understand that in many cases we don’t need to bypass, but apply rules. Which leads to a new type of attacks on reverse proxies – proxy rules misusing.
Server-Side attacks
Bypassing restriction
The most well known case about reverse proxy related attacks.
When someone restricts access (3. Denying access), an attacker needs to bypass it.
Here is an example.
Let’s imagine that there are Nginx as a reverse-proxy and Weblogic as a backend server. Nginx blocks access to an administrative interface of Weblogic (everything that starts with /console/).
Configuration:
location /console/ {
deny all;
return 403;}
proxy_pass weblogic;}
As you can see, `proxy_pass` here is without trailing slash, which means that a request is forwarded unprocessed. Another important thing to bypass the restriction is that Weblogic treats `#` as a usual symbol. Therefore, an attacker can access the administrative interface of Weblogic by sending such a request:
GET /#/.. /console/ HTTP/1. 1
When Nginx starts processing the request, it throws off everything after #, so it skips the /console/ rule. It then forwards the same unprocessed path (/#/.. /console/) to the Weblogic, the Weblogic processes the path and after path normalization, we are left with/console/.
Request Misrouting
It’s about “1. Routing to endpoint” and, in some cases, “2. Rewriting path/query”.
When a reverse proxy forwards requests only to one endpoint, it can make an illusion that an attacker cannot reach other endpoints on a backend or that it cannot reach a completely different backend.
Example 1.
Let’s have a look at similar combinations: Nginx+Weblogic. In this case, Nginx proxies requests only to a certain endpoint of Weblogic (weblogic/to_app). So only requests, which come to a path /to_app on Nginx, are forwarded to the same path on Weblogic. In this situation, it may look like Weblogic’s administrative interface (console) or other paths are not accessible for an attacker.
location /to_app {
In order to misroute requests to other paths, we need to know two things again. Firstly, the same as in the example above – `proxy_pass` is without a trailing slash.
Secondly, Weblogic supports “path parameters” (). For example, /path/to/app/here;param1=val1, and param1 will be accessible in a web app through API.
I think many are aware about this feature (especially after the Orange Tsai’s presentation from BlackHat in the context of Tomcat. Tomcat allows to perform really “weird” traversals like /.. ;/.. ;/. But Weblogic treats path parameters differently, as it treats everything after the first; as a path parameter. Does it mean that this feature is useless for an attacker?
Nope. Let’s have a look at this “magic” which allows accessing any path on Weblogic in this configuration.
GET /any_path_on_weblogic;/.. /to_app HTTP/1. 1
When Nginx receives such a request, it normalizes the path. From /any_path_on_weblogic;/.. /to_app it gets /to_app which successfully applied to the rule. But Nginx forwards /any_path_on_weblogic;/.. /to_app and Weblogic, during parsing, treats everything after; as a path parameter, so Weblogic sees /any_path_on_weblogic. If it’s necessary, an attacker can go “deeper” by increasing the amount of /.. /` after `;.
Example 2.
This one is about a “bug” of Nginx. But this “bug” is just a consequence of how Nginx works (so will not be fixed)
A rule location /to_app means that all paths which start with /to_app (prefix) fall under the rule. So, /to_app, /to_app/, /to_app_anything (including special symbols) fall under it. Also, everything after this prefix(/to_app) will be taken and then concatenated with value in proxy_pass.
Look at the next config. Nginx, after processing `/to_app_anything`, will forward the request to server/any_path/_anything
proxy_pass server/any_path/;}
If we put both features together, we will see that we can go to any path one level higher on almost any backend. We just need to send:
GET /to_app.. /other_path HTTP/1. 1
Nginx applies /to_app rule, gets everything(.. /other_path) after the prefix, concatenates it with a value from `proxy_pass`, so it forwards server/any_path/.. /other_path to a backend. If the backend normalizes the path, we can reach a completely different endpoint.
Actually, this trick is similar to a well-known alias trick. However, the idea here is to show an example of possible misusing of reverse proxy’s features.
Example 3.
As I mentioned before, it’s a common case when a reverse proxy routes requests to different backends depending on the Host header in a request.
Let’s have a look at Haproxy configuration which says that all requests with in the Host header must be proxied to a backend example1_backend – 192. 168. 78. 1:9999.
frontend -in
acl host_example1 hdr(host) -i
use_backend example1_backend if host_example1
backend example1_backend
server server1 192. 1:9999 maxconn 32
Does such a configuration mean that an attacker cannot access other virtual hosts of a backend server? It may look like that, but an attacker can easily do it. Because, as mentioned above, Haproxy doesn’t support Absolute URI, but most web-servers do. When Haproxy receives Absolute URI, it forwards this unprocessed Absolute URI to a backend. Therefore, just by sending next request, we can easily access other virtual hosts of the backend server.
GET unsafe-value/path/ HTTP/1. 1
Is it possible to force a reverse proxy to connect to an arbitrary backend server? I’d say that in most cases (Nginx, Haproxy, Varnish), this cannot be done, but Apache (in some configurations/versions) is vulnerable to it. As Apache “parses” a host value from ProxyPass, we can send something like GET HTTP/1. 1, so Apache sees a value “ and sends the request to “ (SSRF). Here you can see an example of such vulnerability.
Client-Side attacks
If we have a look at reverse proxy features again, we can see that all response-related have a potential for client-side attacks. It doesn’t make them useless. I’d say otherwise. But client-side attacks have additional limitations to possible inconsistencies between the reverse proxy and the web server, as the browser process a request before sending it.
Browser processing
In a client-side attack, an attacker needs to force a victim’s browser to send a special request, which will influence a response, to a server. But the browser follows the specifications and processes the path before sending it: ^The browser parses the URL (e. g. throws off a fragment part), URL-encodes all the necessary symbols (with some exceptions) and normalizes a path. Therefore, to perform such attacks, we can only use a “valid” request which must fit into the inconsistency between three components (browser, reverse proxy, backend server).
Of course, there are differences in browser implementations, plus some features which still allows us to find such inconsistencies:
For example, Chrome and IE don’t decode `%2f`, so a path like that /path/anything/.. %2f.. / will not be path normalized.
Older versions of Firefox didn’t URL-decode special symbols before normalization, but now it behaves in a similar way to Chrome.
There is information that Safari doesn’t URL-decode a path, so we can force it to sent such a path /path/%2e%2e/another_path/.
Also, IE, as usual, has some magic: it doesn’t process a path when it’s redirected with Location header.
Misusing Header modification
A common task for reverse proxy is to add, delete or modify headers from a response of a backend. In some situations, it’s much easier than modification of the backend itself. Sometimes it involves modification of security-important headers. So as attackers, we may want to force a reverse proxy to apply such rules to wrong responses (from wrong backend locations) and then use it for attacks on other users.
Let’s imagine that we have Nginx and Tomcat as a backend. Tomcat, by default, sets header `X-Frame-Options: deny`, so a browser cannot open it in an iframe. For some reason, a part of the web application (/iframe_safe/) on the Tomcat must be accessible through iframe, so Nginx is configured to delete the header `X-Frame-Options` for this part. However, there is no potential for clickjacking attacks on iframe_safe. Here is the configuration:
location /iframe_safe/ {
proxy_pass tomcat_server/iframe_safe/;
proxy_hide_header “X-Frame-Options”;}
proxy_pass tomcat_server/;}
However, as attackers, we can make a request which falls under the iframe_safe rule, but it will be interpreted by Tomcat as a completely different location. Here it is:
<br /> A browser doesn’t normalize such a path. For Nginx it falls under the iframe_safe rule. Since Tomcat supports path parameters, after path normalization, it will get `/any_other_path`. Therefore, in such a configuration, any path of Tomcat can be iframed, so an attacker can perform clickjacking attacks on users.<br /> Of course, with a similar approach, other security-related headers (e. CORS, CSP, etc) might be misused too.<br /> Caching<br /> Caching is one of the most interesting, with a good potential for various attacks, but is still a little-known feature of reverse proxies. Recently, cache-related attacks have gotten more attention in some awesome researches including Web Cache Deception and Practical Web Cache Poisoning. In my research, I’ve been focusing on caching too: I wanted to analyze various implementations of cache. As a result, I’ve got several ideas on how to improve both cache deception and cache poisoning attacks.<br /> How it works<br /> There are several factors on cache of a reverse proxy which help us with understanding attacks.<br /> The idea of caching is quite simple. In some situations, a reverse proxy stores a response from a backend in the cache and then returns the same response from the cache without accessing the backend. Some reverse proxies support caching by default, some require configuration. Generally, a reverse proxy uses as a key of cache, a concatenation of Host header value with unprocessed path/query from a request.<br /> To decide if it is Ok to cache a response or not, most reverse proxies check Cache-Control and Set-Cookie headers from a response of a backend. Reverse proxies don’t store responses with Set-Cookie at all, but Cache-Control, as it describes a caching policy and requires additional parsing. Format of Cache-control header is quite complex, but basically, it has several flags which allows caching or not, and sets for how long a response can be cached.<br /> Cache-Control header may look like these:<br /> Cache-Control: no-cache, no-store, must-revalidate<br /> Cache-Control: public, max-age=31536000<br /> The first example forbids caching by a reverse proxy, the second – allows it. The absence of a Cache-Control header usually means that a reverse proxy is allowed to store a response.<br /> Many web servers, application servers and frameworks set Cache-Control headers automatically and correctly. In most cases, if a web app uses session in an script, it will set Cache-Control headers which restricts caching, so usually programmers don’t need to think about it. However, in some situations, for example, if a web application uses its own session mechanism, Cache-Control header can be set incorrectly.<br /> Attacks<br /> A commonly used feature of a reverse proxy cache is “aggressive caching” (it’s not really an official term, but describes the idea). In some cases (for example, a backend can be too strict about caching and doesn’t allow to cache anything) an administrator, instead of changing the backend, changes rules of a reverse proxy, so it starts caching responses even with Cache-Control header which restricts caching. Usually such rules have some limitations. For example, to cache only responses of certain extensions (,, ), or from specific paths (/images/).<br /> If a reverse proxy has a path-based rule which allows aggressive caching, an attacker can create such a path which falls into the rule but will be interpreted as a completely different path by a backend server.<br /> As an example let’s take Nginx+Tomcat again. Next rule intends to force Nginx to cache all the responses from the /images directory of Tomcat.<br /> location /images {<br /> proxy_cache my_cache;<br /> proxy_pass tomcat_server;<br /> proxy_cache_valid 200 302 60m;<br /> proxy_ignore_headers Cache-Control Expires;}<br /> As attackers, we can misuse this rule to perform a web cache deception attack. All we need to do is to force a victim user to open the next URL (using img, for example):<br /> <img decoding="async" src="><br /> A victim’s browser then sends a request (with authentication cookies). Nginx sees /images, so forwards the request to Tomcat and then caches a response (it doesn’t care about Cache-Control headers). Again, for Tomcat, a path after normalization is completely different – / In this way an attacker can force Nginx to cache any page of Tomcat. To read this cached response, the attacker just needs to access the same path (/images/.. ;/) and Nginx returns the victim’s sensitive data (e. csrf token).<br /> In some way, it’s just a variation web cache deception, but not only.<br /> Let’s think about a cache poisoning attack. The attack relies on finding unkeyed values from a request which can significantly (from a security point of view) influence a response, but at the same time, this response must be cached by a reverse proxy, so Cache-Control header must be permissive. If we mix everything together, we will be able to find more ways to exploit cache poisoning attacks.<br /> Let’s imagine the situation. There is Nuster (it’s a cache proxy based on Haproxy) and a web application. The web application has a self-XSS vulnerability (which works only in an attacker’s account) in /account/attacker/. Nuster is configured to cache all the responses from /img/ directory on the web application:<br /> nuster cache on<br /> nuster rule img ttl 1d if { path_beg /img/}<br /> The attacker just needs to create a special URL (/img/.. %2faccount/attacker/), so Nuster applies an “aggressive caching” rule, still, the web app returns a response of self XSS (it sees ‘/account/attacker/`). The response with an XSS payload will be cached by Nuster (with the key: Host + /img/.. %2faccount/attacker/), so the attacker will be able to misuse this cache to XSS attack other users of the web the self-XSS, we’ve got a usual XSS.<br /> Conclusion<br /> I have showed several examples of vulnerable configurations for each attack type. But exact cases are not so important. I wanted to give a fresh look on reverse proxy related attacks. If we know how a reverse proxy works, how it processes a request and what is the difference compared to a backend server, we (as attackers) will be able to reach more endpoints or perform more sophisticated attacks on users.<br /> Regarding protections against such attacks, I see no “silver bullet” here (until we have a really good standard/specification on how to handle a request/path), but I think this project could help defenders as well. If you know your proxy and its limitations, you will be able to change its configuration accordingly.<br /> Due to my desire to share my thoughts and explain stuff, the article has become very big. Still, I had to skip a bunch of tricks, you could see them in the presentation here. And the most important point of this research – “raw” results. The research is not finished yet. I will fulfill it step by step with other software. Push requests are really appreciated.<br /> While preparing this research, I found several other kinds of similar ones, including –. Through a combination of our projects, it’s possible to almost get a matrix of possible inconsistencies.<br /> Frequently asked questions<br /> What is a reverse proxy?<br /> A reverse proxy is a server that is located between the web servers and the clients (for example, browsers). It is the first server that receives a request from the client, it analyzes it, may modify it, and then forwards it to a selected web server. They may also modify or cache responses from web servers. Reverse proxies increase security, performance, and reliability.<br /> Why are reverse proxies insecure?<br /> Different reverse proxies process requests differently. For example, they may use different priorities for conflicting or incorrect headers, they may normalize paths differently, or they may or may not URL-decode request data. All these differences cause reverse proxies to sometimes behave differently than when the same request comes to the web server.<br /> How is it possible to attack a reverse proxy?<br /> Because reverse proxy servers process a request differently compared to a web server behind it, if an attacker knows the weakness of the particular reverse proxy server type (for example, nginx or haproxy), they can send a tricky request, which will be handled differently by the reverse proxy and the web server. They can use it, for example, to bypass restrictions, route the request to a different web server, and more.<br /> How to avoid reverse proxy attacks?<br /> There is no single way to defend against reverse proxy attacks, especially because there is no standard for reverse proxy behavior and web server behavior may differ, too. If you use a reverse proxy, you should know its weaknesses and you should reconfigure it to avoid those weaknesses.<br /> Get the latest content on web security in your inbox each week.<br /> THE AUTHOR<br /> Aleksei is a security researcher and pentester with a broad experience in offensive security. He is a big fan of web hacking.<br /> <img decoding="async" src="https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcTDTPCmH83oOcu-kPUEmHxV2B0_apygTo7KLqXRJXNsXTMQRT5qgB-xEv9DkIgMlvxt0qk&usqp=CAU" alt="Reverse Proxy Servers Explained: What They Are & How to Use Them" title="Reverse Proxy Servers Explained: What They Are & How to Use Them" /></p> <h2>Reverse Proxy Servers Explained: What They Are & How to Use Them</h2> <p>What is a reverse proxy?<br /> In a computer network, a basic reverse proxy sits between a group of servers and the clients who want to use them. A client is any hardware or software that can submit requests to a server — for example, your web browser is the client you’re using to read this article, which is hosted on our servers. The reverse proxy fields all requests from the clients to the servers, and it also delivers all responses and services back from the servers to the clients. From the client’s point of view, this makes it look as though everything is coming from one place.<br /> Organizations and businesses use reverse proxies to consolidate their internet presence. Depending on how you configure it, a reverse proxy can provide one of several functions within a single server. It’s part receptionist, directing incoming requests to the right department, and part bouncer, keeping intrusive eyes away from your internal infrastructure.<br /> Forward proxies vs. reverse proxies<br /> A proxy server (or “forward proxy”) acts as an intermediary between you and the server of your choice. A proxy forwards a connection for you — it passes on your requests, receives the replies from the sites and services you’re using, then sends them to you.<br /> In contrast, a reverse proxy receives requests from a client on another network, passes it to an internal server, receives the result, then relays it back to the client. That’s the basics of how proxies work: they pass data back and forth between clients and servers.<br /> In other words, for anyone trying to discern the difference between a forward and reverse proxy, a reverse proxy is exactly the same as a proxy, only backwards: A forward proxy acts on behalf of a client, while a reverse proxy acts on behalf of the server.<br /> What are reverse proxies used for?<br /> Reverse proxies stand between clients and a network service, such as a website. The three most important features that reverse proxies provide are security, load balancing, and ease of maintenance. Reverse proxies can also play a role in identity branding and optimization.<br /> Enhance online security<br /> You can create and configure a reverse proxy to forward requests to one or more internal servers based on the nature of the client’s request. If it’s a website, one URL might be served by your customer support pages, while another might go to your shopping cart. The reverse proxy only forwards requests you want to serve. If you’re only serving web content, configure your reverse proxy to exclude all requests other than those for ports 80 and 443 — the default ports responsible for HTTP and HTTPS, respectively. This lets you divert traffic based on type, and it also means ne’er-do-wells can’t directly attack your internal services.<br /> You can also upgrade a reverse proxy to a firewall, which is a type of proxy server with extra teeth, or additional security features.<br /> Reverse proxy load balancing<br /> If an excessive amount of internet traffic is slowing down your system, you can use load balancing, which distributes your traffic over one or more servers to improve overall performance.<br /> Load balancing lets you replace your single overworked backend service with a more resilient cluster. This technique also ensures that your application no longer has a single point of failure. If one server goes down, its siblings can take over. That’s just good common sense.<br /> A reverse proxy can use a technique called round-robin DNS to direct requests through a rotating list of internal servers. It’s crude, but surprisingly effective. If you grow to have more demanding requirements, you can swap to a more sophisticated setup that incorporates load-balancing features.<br /> Improve site maintenance<br /> When your internal services are hidden from public view, it’s easier to remove services, add new ones, upgrade them, or roll them back. With a reverse proxy, the site visitor only sees and not or<br /> This makes improvements less stressful for both customers as well as professional IT staff. Rather than upgrade your one and only e-commerce site and pray it still works, you can just bring another server online with the new release. Then, configure your proxy to direct new customer sessions to the new server. Once you’re sure it works, shut down the old one. Since users are talking to your proxy and not directly to those internal services, they won’t notice the change.<br /> This process works with load-balanced servers, too. Upgrade one of them, test, and then upgrade the rest in turn. Reverse proxies mean never getting a 3 a. m. phone call because your IT department needs to restore your old website from backup.<br /> Identity branding<br /> Businesses commonly host their website’s content management system or shopping cart apps with an external service outside their own network. Rather than tell site visitors that you’re sending them to another URL for payment, you can use a reverse proxy to conceal that detail. A reverse proxy can hide the presence of external vendors, such as your cloud service provider, who provide components of your customer experience.<br /> Caching commonly-requested data to speed up performance<br /> If you serve a lot of static content, such as images and videos, you can set up a reverse proxy to cache some that content. Doing so can relieve pressure on your internal services.<br /> Are reverse proxies really secure?<br /> Adding a welcome layer of security, a reverse proxy is effective in protecting systems against web vulnerabilities. The reverse proxy sits between external clients and your internal services, preventing anyone from directly accessing your network. The less of your IT infrastructure you expose, the less traction hackers will have against your important proprietary or customer data.<br /> This lowers the risk of attacks for two reasons:<br /> Your server is better protected from bad actors.<br /> Hackers who prefer easy-to-crack websites will find yours slightly more secure and move on.<br /> Because a reverse proxy acts as the face of your web presence, it can host the certificate and handle the SSL negotiation on behalf of all your internal servers. That means you don’t need to manage multiple certificates, nor do you need encryption on your internal network.<br /> For even more security, construct an internet firewall, which is really just a proxy with extra teeth and a suspicious mind. You can swap out a basic reverse proxy with one that adds firewall features without changing how any of your internal services work.<br /> For maximum security, consider using a VPN or Tor.<br /> Reverse proxy for business, VPN for security at home<br /> Reverse proxies offer a number of advantages for businesses and website administrators. Not only do they improve server efficiency and ease of maintenance, but they also provide an important layer of additional cybersecurity. It’s important to ensure that you’re receiving a similar degree of protection at home.<br /> Avast SecureLine VPN enhances both your security and privacy while you’re online. By encrypting your internet traffic, VPN insulates you against anyone attempting to take advantage of an unsecured Wi-Fi network. It also conceals your activity from advertising trackers while allowing you to access the online content you want, no matter where in the world you are. For true online privacy with single click — or a tap on your mobile device — protect yourself with a VPN.<br /> <img decoding="async" src="https://bilderupload.net/wp-content/uploads/2021/11/sdi-cover-social-1565280549357.jpg" alt="A fresh look on reverse proxy related attacks | Acunetix" title="A fresh look on reverse proxy related attacks | Acunetix" /></p> <h2>A fresh look on reverse proxy related attacks | Acunetix</h2> <p>In recent years, several researches have been published about attacks deliberately or directly related to reverse proxies. While implementing various reverse-proxy checks on the scanner, I started analyzing implementations of reverse proxies.<br /> Initially, I wanted to analyze how both reverse proxies and web servers parse requests, find out inconsistencies in the process between them and use this knowledge for some kind of bypasses. Unfortunately, I was stuck with analyzing web servers and application servers due to too many possible variations. For example, Apache web server behaves differently depending on how you connect it with PHP. Also, an implementation of a web application, framework or middleware used by a web application can influence the requests parsing process as well. In the end I realized that some attacks are still little-known or completely unknown.<br /> The goal of this research is to portray the bigger picture of potential attacks on a reverse proxy or the backend servers behind it. In the main part of the article, I will show some examples of vulnerable configurations and exploitation of attacks on various reverse proxies, but the second goal of the research is to share the raw data about various implementations of reverse proxies so you can find your ways/tricks (depending on a backend server in each specific situation).<br /> Terms<br /> Actually, the research is not only about reverse proxies, but also about load balancers, cache proxies, WAFs and other intermediate servers between a user and web application which parses and forwards requests. However I haven’t found a good term which correctly describes such a server and is well-known in the community, so I will use “reverse proxy” even when I talk about load balancers or cache proxy. I will call a web application behind a reverse proxy a back-end server. Be aware that a backend server is so-called an origin server (this will make sense when we start talking about caching).<br /> What is reverse proxy?<br /> How proxies work<br /> The basic idea of a reverse proxy is quite simple. It’s an intermediate server between a user and a back-end server. The purpose of it can be quite different: it can route requests depending on the URL to various backends or it can just be there “to protect” against some attacks or simply to analyze traffic. The implementations can be different too, but the main sequence of steps is quite the same.<br /> A reverse proxy must receive a request, it must process it, perform some action on it and forward to a backend.<br /> Processing of a request consists of several main steps:<br /> Parsing<br /> When a reverse proxy receives a request, it must parse it: to get a verb, a path, a HTTP version, host header and other headers and body.<br /> GET /path HTTP/1. 1<br /> Host:<br /> Header: something<br /> Everything may look quite simple, but if you dive into details, you will see implementations are different.<br /> Some examples:<br /> – If a reverse supports Absolute-URI, how will it parse it? Does Absolute-URI have a higher priority than Host header? :<br /> GET other_host_header/path HTTP/1. 1<br /> – URL consists of `scheme:[//authority]path[? query][#fragment], and browsers don’t send #fragment. But how must a reverse proxy handle #fragment?<br /> Nginx throws fragment off, Apache returns a 400 error (due to # in the path), some others handle it as a usual symbol.<br /> – How does it handle symbols which must be URL-encoded?<br /> GET /[0x01] HTTP/1. 1<br /> URL decoding<br /> Due to standards, symbols with a special meaning in the URL must be URL-encoded (%-encoding), like the double quote (“) or “greater than” sign (>). But practically, any symbol can be URL-encoded and sent in a path part. Many web servers perform URL-decoding while processing a request, so next requests will be treated in the same way by them.<br /> GET / HTTP/1. 1<br /> GET%2f%69%6e%64%65%78%2e%70%68%70 HTTP/1. 1<br /> Path normalization<br /> Many web servers support path normalization. Main cases are well-known:<br /> /long/.. /path/here -> /path/here<br /> /long/. /path/here -> /long/path/here<br /> But what about /..? For Apache, it’s an equivalent of /.. /, but for Nginx it means nothing.<br /> /long/path/here/.. -> /long/path/ – Apache<br /> /long/path/here/.. -> /long/path/here/.. – Nginx<br /> The same with // (“empty” directory). Nginx converts it to just one slash /, but, if it’s not the first slash, Apache treats it as a directory.<br /> //long//path//here -> /long/path/here – Nginx<br /> //long/path/here -> /long/path/here – Apache<br /> /long//path/here -> /long//path/here – Apache<br /> Here are some additional (weird) features which are supported by some web servers. For example: support of path parameters – /.. ;/ is valid for Tomcat and Jetty or traversal with backslash (\.. \).<br /> b) Applying rules and performing actions on a request<br /> Once a request is processed, the reverse proxy can perform some actions on the request due to its configuration. Important to note that in many cases, rules of a reverse proxy are path (location) based. If the path is pathA, do one thing, if pathB – do another.<br /> Depending on the implementation or on the configuration, a reverse proxy applies rules based on a processed (parsed, URL-decoded, normalized) path or on an unprocessed path (rare case). It’s also important for us to note if it is case-sensitive or not. For example, will the next paths be treated equally by a reverse proxy? :<br /> /path1/ == /Path1/ == /p%61th1/ == /lala/.. /path1/<br /> C) Forwarding to a back-end<br /> The reverse proxy has processed a request, found appropriate rules for it and performed necessary actions. Now it must send (forward) it to a backend. Will it send the processed request or initial request? Obviously, if it has modified the request, then it sends the modified version, but in this case, it must perform all the necessary steps, for example, to perform URL-encoding of special symbols. But what if the reverse proxy just forwards all requests to only one backend, maybe forwarding the initial request is a good idea?<br /> As you can see all these steps are quite obvious and there are not so many variations. Still, there are differences in implementations, which we, as attackers, can use for our goals.<br /> Therefore, the idea of all attacks described below is that a reverse proxy processes a request, finds and applies rules and forwards it to a backend. If we find an inconsistency between the way a reverse proxy processes a request and the way a backend server processes it, we are then able to create such a request(path) which is interpreted like one path by the reverse proxy and a completely different path by the backend. So, we will be able to bypass or to forcefully apply some rules of the reverse proxy.<br /> Here are some examples<br /> Nginx<br /> Nginx is a well-known web server, but is also very popular as a reverse proxy. Nginx supports Absolute-URI with an arbitrary scheme and higher priority than a Host header. Nginx parses, URL-decodes and normalizes a request path. Then it applies location-based rules depending on the processed path.<br /> But it looks like Nginx has two main behaviors and each of them has its own interesting features:<br /> With trailing slash<br /> location / {<br /> proxy_pass backend_server/;}<br /> In this configuration, Nginx forwards all requests to the `backend_server`. It sends the processed request to the backend, meaning that Nginx must URL-encode the necessary symbols. The interesting thing for an attacker is that Nginx doesn’t encode all the symbols which browsers usually do. For example, it doesn’t URL-encode ‘ ” < >.<br /> Even if there is a web application (back-end server) which takes a parameter from a path and which is vulnerable to XSS, an attacker cannot exploit it, because modern browsers (except dirty tricks with IE) URL-encode these symbols. But if there is Nginx as a reverse proxy, an attacker can force a user to send a URL-encoded XSS payload in the path. The Nginx decodes it and sends the decoded version to the backend server, which makes exploitation of XSS possible.<br /> Browser -> -> Nginx -> backend_server/path/<"xss_here">/ -> WebApp<br /> Without trailing slash<br /> proxy_pass backend_server;}<br /> The only difference between this config and the previous one is the lack of the trailing slash. Although seemingly insignificant, it forces Nginx to forward an unprocessed request to the backend. So if you send /any_path/.. /to_%61pp#/path2, after processing of the request, Nginx will try to find a rule for `/to_app`, but it will send /any_path/.. /to_%61pp#/path2 to the backend. Such behavior is useful to find inconsistencies.<br /> Haproxy<br /> Haproxy is a load balancer (with HTTP support). It doesn’t make much sense to compare it to Nginx, but it will give you an idea of a different approach.<br /> Haproxy makes minimal processing of a request. So there is no “real” parsing, URL-decoding, normalization. It doesn’t support Absolute-URI either.<br /> Therefore, it takes everything (with few exceptions) between a verb and HTTP version (GET! i<@>? lala=#anything HTTP/1. 1) and, after applying rules, forwards it to a backend server. However it supports path-based rules and allows it to modify requests and responses.<br /> How proxies are used<br /> While I was working on this research, analyzing various configurations of reverse proxies, I came to the conclusion that we can both bypass and apply rules of a reverse proxy. Therefore, to understand the real potential of reverse proxy related attacks, we must have a look at their abilities.<br /> First of all, a reverse proxy has access to both a request and a response (including those which it sends/receives from a backend server). Secondly, we need a good understanding of all the features which a reverse proxy supports and how people configure them.<br /> How can a reverse proxy handle a request? :<br /> Routing to endpoint. It means that a reverse proxy receives a request on one path (/app1/), but forwards the request to a completely different one (/any/path/app2/) on a backend. Or it forwards the request to a specific backend depending on a Host header value.<br /> Rewriting path/query. This is similar to the previous one, but usually involves different internal mechanisms (regexp)<br /> Denying access. When a reverse proxy blocks a request to a certain path.<br /> Headers modification. In some cases, a reverse proxy may add or change headers of the request. It could be a cool feature for an attacker, but it’s hard to exploit with a black box approach.<br /> How can a reverse proxy handle a response? :<br /> Cache. Many reverse proxies support caching of response.<br /> Headers modification. Sometimes a reverse proxy adds or modifies response headers (even security related), because it cannot be done on a backend server<br /> Body modification. Reverse proxies will sometimes modify the body too. Edge Side Includes (ESI) is an example of when this can happen.<br /> All this is important for to see more potential attacks, but also understand that in many cases we don’t need to bypass, but apply rules. Which leads to a new type of attacks on reverse proxies – proxy rules misusing.<br /> Server-Side attacks<br /> Bypassing restriction<br /> The most well known case about reverse proxy related attacks.<br /> When someone restricts access (3. Denying access), an attacker needs to bypass it.<br /> Here is an example.<br /> Let’s imagine that there are Nginx as a reverse-proxy and Weblogic as a backend server. Nginx blocks access to an administrative interface of Weblogic (everything that starts with /console/).<br /> Configuration:<br /> location /console/ {<br /> deny all;<br /> return 403;}<br /> proxy_pass weblogic;}<br /> As you can see, `proxy_pass` here is without trailing slash, which means that a request is forwarded unprocessed. Another important thing to bypass the restriction is that Weblogic treats `#` as a usual symbol. Therefore, an attacker can access the administrative interface of Weblogic by sending such a request:<br /> GET /#/.. /console/ HTTP/1. 1<br /> When Nginx starts processing the request, it throws off everything after #, so it skips the /console/ rule. It then forwards the same unprocessed path (/#/.. /console/) to the Weblogic, the Weblogic processes the path and after path normalization, we are left with/console/.<br /> Request Misrouting<br /> It’s about “1. Routing to endpoint” and, in some cases, “2. Rewriting path/query”.<br /> When a reverse proxy forwards requests only to one endpoint, it can make an illusion that an attacker cannot reach other endpoints on a backend or that it cannot reach a completely different backend.<br /> Example 1.<br /> Let’s have a look at similar combinations: Nginx+Weblogic. In this case, Nginx proxies requests only to a certain endpoint of Weblogic (weblogic/to_app). So only requests, which come to a path /to_app on Nginx, are forwarded to the same path on Weblogic. In this situation, it may look like Weblogic’s administrative interface (console) or other paths are not accessible for an attacker.<br /> location /to_app {<br /> In order to misroute requests to other paths, we need to know two things again. Firstly, the same as in the example above – `proxy_pass` is without a trailing slash.<br /> Secondly, Weblogic supports “path parameters” (). For example, /path/to/app/here;param1=val1, and param1 will be accessible in a web app through API.<br /> I think many are aware about this feature (especially after the Orange Tsai’s presentation from BlackHat in the context of Tomcat. Tomcat allows to perform really “weird” traversals like /.. ;/.. ;/. But Weblogic treats path parameters differently, as it treats everything after the first; as a path parameter. Does it mean that this feature is useless for an attacker?<br /> Nope. Let’s have a look at this “magic” which allows accessing any path on Weblogic in this configuration.<br /> GET /any_path_on_weblogic;/.. /to_app HTTP/1. 1<br /> When Nginx receives such a request, it normalizes the path. From /any_path_on_weblogic;/.. /to_app it gets /to_app which successfully applied to the rule. But Nginx forwards /any_path_on_weblogic;/.. /to_app and Weblogic, during parsing, treats everything after; as a path parameter, so Weblogic sees /any_path_on_weblogic. If it’s necessary, an attacker can go “deeper” by increasing the amount of /.. /` after `;.<br /> Example 2.<br /> This one is about a “bug” of Nginx. But this “bug” is just a consequence of how Nginx works (so will not be fixed)<br /> A rule location /to_app means that all paths which start with /to_app (prefix) fall under the rule. So, /to_app, /to_app/, /to_app_anything (including special symbols) fall under it. Also, everything after this prefix(/to_app) will be taken and then concatenated with value in proxy_pass.<br /> Look at the next config. Nginx, after processing `/to_app_anything`, will forward the request to server/any_path/_anything<br /> proxy_pass server/any_path/;}<br /> If we put both features together, we will see that we can go to any path one level higher on almost any backend. We just need to send:<br /> GET /to_app.. /other_path HTTP/1. 1<br /> Nginx applies /to_app rule, gets everything(.. /other_path) after the prefix, concatenates it with a value from `proxy_pass`, so it forwards server/any_path/.. /other_path to a backend. If the backend normalizes the path, we can reach a completely different endpoint.<br /> Actually, this trick is similar to a well-known alias trick. However, the idea here is to show an example of possible misusing of reverse proxy’s features.<br /> Example 3.<br /> As I mentioned before, it’s a common case when a reverse proxy routes requests to different backends depending on the Host header in a request.<br /> Let’s have a look at Haproxy configuration which says that all requests with in the Host header must be proxied to a backend example1_backend – 192. 168. 78. 1:9999.<br /> frontend -in<br /> acl host_example1 hdr(host) -i<br /> use_backend example1_backend if host_example1<br /> backend example1_backend<br /> server server1 192. 1:9999 maxconn 32<br /> Does such a configuration mean that an attacker cannot access other virtual hosts of a backend server? It may look like that, but an attacker can easily do it. Because, as mentioned above, Haproxy doesn’t support Absolute URI, but most web-servers do. When Haproxy receives Absolute URI, it forwards this unprocessed Absolute URI to a backend. Therefore, just by sending next request, we can easily access other virtual hosts of the backend server.<br /> GET unsafe-value/path/ HTTP/1. 1<br /> Is it possible to force a reverse proxy to connect to an arbitrary backend server? I’d say that in most cases (Nginx, Haproxy, Varnish), this cannot be done, but Apache (in some configurations/versions) is vulnerable to it. As Apache “parses” a host value from ProxyPass, we can send something like GET HTTP/1. 1, so Apache sees a value “ and sends the request to “ (SSRF). Here you can see an example of such vulnerability.<br /> Client-Side attacks<br /> If we have a look at reverse proxy features again, we can see that all response-related have a potential for client-side attacks. It doesn’t make them useless. I’d say otherwise. But client-side attacks have additional limitations to possible inconsistencies between the reverse proxy and the web server, as the browser process a request before sending it.<br /> Browser processing<br /> In a client-side attack, an attacker needs to force a victim’s browser to send a special request, which will influence a response, to a server. But the browser follows the specifications and processes the path before sending it: ^The browser parses the URL (e. g. throws off a fragment part), URL-encodes all the necessary symbols (with some exceptions) and normalizes a path. Therefore, to perform such attacks, we can only use a “valid” request which must fit into the inconsistency between three components (browser, reverse proxy, backend server).<br /> Of course, there are differences in browser implementations, plus some features which still allows us to find such inconsistencies:<br /> For example, Chrome and IE don’t decode `%2f`, so a path like that /path/anything/.. %2f.. / will not be path normalized.<br /> Older versions of Firefox didn’t URL-decode special symbols before normalization, but now it behaves in a similar way to Chrome.<br /> There is information that Safari doesn’t URL-decode a path, so we can force it to sent such a path /path/%2e%2e/another_path/.<br /> Also, IE, as usual, has some magic: it doesn’t process a path when it’s redirected with Location header.<br /> Misusing Header modification<br /> A common task for reverse proxy is to add, delete or modify headers from a response of a backend. In some situations, it’s much easier than modification of the backend itself. Sometimes it involves modification of security-important headers. So as attackers, we may want to force a reverse proxy to apply such rules to wrong responses (from wrong backend locations) and then use it for attacks on other users.<br /> Let’s imagine that we have Nginx and Tomcat as a backend. Tomcat, by default, sets header `X-Frame-Options: deny`, so a browser cannot open it in an iframe. For some reason, a part of the web application (/iframe_safe/) on the Tomcat must be accessible through iframe, so Nginx is configured to delete the header `X-Frame-Options` for this part. However, there is no potential for clickjacking attacks on iframe_safe. Here is the configuration:<br /> location /iframe_safe/ {<br /> proxy_pass tomcat_server/iframe_safe/;<br /> proxy_hide_header “X-Frame-Options”;}<br /> proxy_pass tomcat_server/;}<br /> However, as attackers, we can make a request which falls under the iframe_safe rule, but it will be interpreted by Tomcat as a completely different location. Here it is:<br /> <iframe src="nginx_with_tomcat/iframe_safe/.. ;/any_other_path"><br /> A browser doesn’t normalize such a path. For Nginx it falls under the iframe_safe rule. Since Tomcat supports path parameters, after path normalization, it will get `/any_other_path`. Therefore, in such a configuration, any path of Tomcat can be iframed, so an attacker can perform clickjacking attacks on users.<br /> Of course, with a similar approach, other security-related headers (e. CORS, CSP, etc) might be misused too.<br /> Caching<br /> Caching is one of the most interesting, with a good potential for various attacks, but is still a little-known feature of reverse proxies. Recently, cache-related attacks have gotten more attention in some awesome researches including Web Cache Deception and Practical Web Cache Poisoning. In my research, I’ve been focusing on caching too: I wanted to analyze various implementations of cache. As a result, I’ve got several ideas on how to improve both cache deception and cache poisoning attacks.<br /> How it works<br /> There are several factors on cache of a reverse proxy which help us with understanding attacks.<br /> The idea of caching is quite simple. In some situations, a reverse proxy stores a response from a backend in the cache and then returns the same response from the cache without accessing the backend. Some reverse proxies support caching by default, some require configuration. Generally, a reverse proxy uses as a key of cache, a concatenation of Host header value with unprocessed path/query from a request.<br /> To decide if it is Ok to cache a response or not, most reverse proxies check Cache-Control and Set-Cookie headers from a response of a backend. Reverse proxies don’t store responses with Set-Cookie at all, but Cache-Control, as it describes a caching policy and requires additional parsing. Format of Cache-control header is quite complex, but basically, it has several flags which allows caching or not, and sets for how long a response can be cached.<br /> Cache-Control header may look like these:<br /> Cache-Control: no-cache, no-store, must-revalidate<br /> Cache-Control: public, max-age=31536000<br /> The first example forbids caching by a reverse proxy, the second – allows it. The absence of a Cache-Control header usually means that a reverse proxy is allowed to store a response.<br /> Many web servers, application servers and frameworks set Cache-Control headers automatically and correctly. In most cases, if a web app uses session in an script, it will set Cache-Control headers which restricts caching, so usually programmers don’t need to think about it. However, in some situations, for example, if a web application uses its own session mechanism, Cache-Control header can be set incorrectly.<br /> Attacks<br /> A commonly used feature of a reverse proxy cache is “aggressive caching” (it’s not really an official term, but describes the idea). In some cases (for example, a backend can be too strict about caching and doesn’t allow to cache anything) an administrator, instead of changing the backend, changes rules of a reverse proxy, so it starts caching responses even with Cache-Control header which restricts caching. Usually such rules have some limitations. For example, to cache only responses of certain extensions (,, ), or from specific paths (/images/).<br /> If a reverse proxy has a path-based rule which allows aggressive caching, an attacker can create such a path which falls into the rule but will be interpreted as a completely different path by a backend server.<br /> As an example let’s take Nginx+Tomcat again. Next rule intends to force Nginx to cache all the responses from the /images directory of Tomcat.<br /> location /images {<br /> proxy_cache my_cache;<br /> proxy_pass tomcat_server;<br /> proxy_cache_valid 200 302 60m;<br /> proxy_ignore_headers Cache-Control Expires;}<br /> As attackers, we can misuse this rule to perform a web cache deception attack. All we need to do is to force a victim user to open the next URL (using img, for example):<br /> <img decoding="async" src="><br /> A victim’s browser then sends a request (with authentication cookies). Nginx sees /images, so forwards the request to Tomcat and then caches a response (it doesn’t care about Cache-Control headers). Again, for Tomcat, a path after normalization is completely different – / In this way an attacker can force Nginx to cache any page of Tomcat. To read this cached response, the attacker just needs to access the same path (/images/.. ;/) and Nginx returns the victim’s sensitive data (e. csrf token).<br /> In some way, it’s just a variation web cache deception, but not only.<br /> Let’s think about a cache poisoning attack. The attack relies on finding unkeyed values from a request which can significantly (from a security point of view) influence a response, but at the same time, this response must be cached by a reverse proxy, so Cache-Control header must be permissive. If we mix everything together, we will be able to find more ways to exploit cache poisoning attacks.<br /> Let’s imagine the situation. There is Nuster (it’s a cache proxy based on Haproxy) and a web application. The web application has a self-XSS vulnerability (which works only in an attacker’s account) in /account/attacker/. Nuster is configured to cache all the responses from /img/ directory on the web application:<br /> nuster cache on<br /> nuster rule img ttl 1d if { path_beg /img/}<br /> The attacker just needs to create a special URL (/img/.. %2faccount/attacker/), so Nuster applies an “aggressive caching” rule, still, the web app returns a response of self XSS (it sees ‘/account/attacker/`). The response with an XSS payload will be cached by Nuster (with the key: Host + /img/.. %2faccount/attacker/), so the attacker will be able to misuse this cache to XSS attack other users of the web the self-XSS, we’ve got a usual XSS.<br /> Conclusion<br /> I have showed several examples of vulnerable configurations for each attack type. But exact cases are not so important. I wanted to give a fresh look on reverse proxy related attacks. If we know how a reverse proxy works, how it processes a request and what is the difference compared to a backend server, we (as attackers) will be able to reach more endpoints or perform more sophisticated attacks on users.<br /> Regarding protections against such attacks, I see no “silver bullet” here (until we have a really good standard/specification on how to handle a request/path), but I think this project could help defenders as well. If you know your proxy and its limitations, you will be able to change its configuration accordingly.<br /> Due to my desire to share my thoughts and explain stuff, the article has become very big. Still, I had to skip a bunch of tricks, you could see them in the presentation here. And the most important point of this research – “raw” results. The research is not finished yet. I will fulfill it step by step with other software. Push requests are really appreciated.<br /> While preparing this research, I found several other kinds of similar ones, including –. Through a combination of our projects, it’s possible to almost get a matrix of possible inconsistencies.<br /> Frequently asked questions<br /> What is a reverse proxy?<br /> A reverse proxy is a server that is located between the web servers and the clients (for example, browsers). It is the first server that receives a request from the client, it analyzes it, may modify it, and then forwards it to a selected web server. They may also modify or cache responses from web servers. Reverse proxies increase security, performance, and reliability.<br /> Why are reverse proxies insecure?<br /> Different reverse proxies process requests differently. For example, they may use different priorities for conflicting or incorrect headers, they may normalize paths differently, or they may or may not URL-decode request data. All these differences cause reverse proxies to sometimes behave differently than when the same request comes to the web server.<br /> How is it possible to attack a reverse proxy?<br /> Because reverse proxy servers process a request differently compared to a web server behind it, if an attacker knows the weakness of the particular reverse proxy server type (for example, nginx or haproxy), they can send a tricky request, which will be handled differently by the reverse proxy and the web server. They can use it, for example, to bypass restrictions, route the request to a different web server, and more.<br /> How to avoid reverse proxy attacks?<br /> There is no single way to defend against reverse proxy attacks, especially because there is no standard for reverse proxy behavior and web server behavior may differ, too. If you use a reverse proxy, you should know its weaknesses and you should reconfigure it to avoid those weaknesses.<br /> Get the latest content on web security in your inbox each week.<br /> THE AUTHOR<br /> Aleksei is a security researcher and pentester with a broad experience in offensive security. He is a big fan of web hacking.</p> <h2>Frequently Asked Questions about reverse proxy security risks</h2> <h3>Is reverse proxy secure?</h3> <p>Are reverse proxies really secure? Adding a welcome layer of security, a reverse proxy is effective in protecting systems against web vulnerabilities. The reverse proxy sits between external clients and your internal services, preventing anyone from directly accessing your network.Mar 11, 2020</p> <h3>Can a reverse proxy be hacked?</h3> <p>If a reverse proxy has a path-based rule which allows aggressive caching, an attacker can create such a path which falls into the rule but will be interpreted as a completely different path by a backend server.Jan 22, 2019</p> <h3>What is reverse proxy in security?</h3> <p>A reverse proxy is a server that sits in front of web servers and forwards client (e.g. web browser) requests to those web servers. Reverse proxies are typically implemented to help increase security, performance, and reliability.</p> </div> <footer class="entry-footer"> <span class="cat-links"><a href="https://bilderupload.net/category/proxy/" rel="category tag">Proxy</a></span><span class="tags-links">Tags : <a href="https://bilderupload.net/tag/best-reverse-proxy/" rel="tag">best reverse proxy</a>, <a href="https://bilderupload.net/tag/gps-scan-on-reverse-proxy/" rel="tag">gps scan on reverse proxy</a>, <a href="https://bilderupload.net/tag/reverse-proxy-attack/" rel="tag">reverse proxy attack</a>, <a href="https://bilderupload.net/tag/reverse-proxy-benefits/" rel="tag">reverse proxy benefits</a>, <a href="https://bilderupload.net/tag/reverse-proxy-bypass-attack/" rel="tag">reverse proxy bypass attack</a>, <a href="https://bilderupload.net/tag/reverse-proxy-response-headers/" rel="tag">reverse proxy response headers</a>, <a href="https://bilderupload.net/tag/reverse-proxy-security-best-practice/" rel="tag">reverse proxy security best practice</a>, <a href="https://bilderupload.net/tag/reverse-proxy-use-cases/" rel="tag">reverse proxy use cases</a></span><span class="comments-link"><a href="https://bilderupload.net/reverse-proxy-security-risks/#respond">Leave a Comment<span class="screen-reader-text"> on Reverse Proxy Security Risks</span></a></span> </footer> </div> </article> <nav class="navigation post-navigation" aria-label="Posts"> <h2 class="screen-reader-text">Post navigation</h2> <div class="nav-links"><div class="nav-previous"><a href="https://bilderupload.net/can-i-watch-netflix-from-another-country/" rel="prev"><span class="screen-reader-text">Previous Post</span><span aria-hidden="true" class="nav-subtitle">Previous</span> <span class="nav-title"><span class="nav-title-icon-wrapper"><svg class="icon icon-arrow-left" aria-hidden="true" role="img"> <use href="#icon-arrow-left" xlink:href="#icon-arrow-left"></use> </svg></span>Can I Watch Netflix From Another Country</span></a></div><div class="nav-next"><a href="https://bilderupload.net/proxy-mobile-ip-tutorial/" rel="next"><span class="screen-reader-text">Next Post</span><span aria-hidden="true" class="nav-subtitle">Next</span> <span class="nav-title">Proxy Mobile Ip Tutorial<span class="nav-title-icon-wrapper"><svg class="icon icon-arrow-right" aria-hidden="true" role="img"> <use href="#icon-arrow-right" xlink:href="#icon-arrow-right"></use> </svg></span></span></a></div></div> </nav> <div id="comments" class="comments-area"> <div id="respond" class="comment-respond"> <h3 id="reply-title" class="comment-reply-title">Leave a Reply <small><a rel="nofollow" id="cancel-comment-reply-link" href="/reverse-proxy-security-risks/#respond" style="display:none;">Cancel reply</a></small></h3><form action="https://bilderupload.net/wp-comments-post.php" method="post" id="commentform" class="comment-form" novalidate><p class="comment-notes"><span id="email-notes">Your email address will not be published.</span> <span class="required-field-message">Required fields are marked <span class="required">*</span></span></p><p class="comment-form-comment"><label for="comment">Comment <span class="required">*</span></label> <textarea id="comment" name="comment" cols="45" rows="8" maxlength="65525" required></textarea></p><p class="comment-form-author"><label for="author">Name <span class="required">*</span></label> <input id="author" name="author" type="text" value="" size="30" maxlength="245" autocomplete="name" required /></p> <p class="comment-form-email"><label for="email">Email <span class="required">*</span></label> <input id="email" name="email" type="email" value="" size="30" maxlength="100" aria-describedby="email-notes" autocomplete="email" required /></p> <p class="comment-form-url"><label for="url">Website</label> <input id="url" name="url" type="url" value="" size="30" maxlength="200" autocomplete="url" /></p> <p class="comment-form-cookies-consent"><input id="wp-comment-cookies-consent" name="wp-comment-cookies-consent" type="checkbox" value="yes" /> <label for="wp-comment-cookies-consent">Save my name, email, and website in this browser for the next time I comment.</label></p> <p class="form-submit"><input name="submit" type="submit" id="submit" class="submit" value="Post Comment" /> <input type='hidden' name='comment_post_ID' value='13578' id='comment_post_ID' /> <input type='hidden' name='comment_parent' id='comment_parent' value='0' /> </p><p style="display: none;"><input type="hidden" id="akismet_comment_nonce" name="akismet_comment_nonce" value="afba3613b5" /></p><p style="display: none !important;" class="akismet-fields-container" data-prefix="ak_"><label>Δ<textarea name="ak_hp_textarea" cols="45" rows="8" maxlength="100"></textarea></label><input type="hidden" id="ak_js_1" name="ak_js" value="120"/></p></form> </div> </div> </div> </main> </div> <aside id="secondary" class="widget-area"> <section id="recent-posts-2" class="widget widget_recent_entries"> <h2 class="widget-title">Recent Posts</h2> <ul> <li> <a href="https://bilderupload.net/simple-web-crawler/">Simple Web Crawler</a> </li> <li> <a href="https://bilderupload.net/web-crawler-app/">Web Crawler App</a> </li> <li> <a href="https://bilderupload.net/pirate-by-proxy/">Pirate By Proxy</a> </li> <li> <a href="https://bilderupload.net/bayproxy-eu/">Bayproxy Eu</a> </li> <li> <a href="https://bilderupload.net/how-to-setup-socks5-proxy-firefox/">How To Setup Socks5 Proxy Firefox</a> </li> <li> <a href="https://bilderupload.net/nsi-proxy-service-driver/">Nsi Proxy Service Driver</a> </li> <li> <a href="https://bilderupload.net/how-to-unblock-a-contact-on-skype/">How To Unblock A Contact On Skype</a> </li> <li> <a href="https://bilderupload.net/us-ip-address-list/">Us Ip Address List</a> </li> <li> <a href="https://bilderupload.net/my-ip-shopify/">My Ip Shopify</a> </li> <li> <a href="https://bilderupload.net/how-to-use-vpn-for-cheaper-flights/">How To Use Vpn For Cheaper Flights</a> </li> <li> <a href="https://bilderupload.net/how-to-make-bit-torrent-faster/">How To Make Bit Torrent Faster</a> </li> <li> <a href="https://bilderupload.net/vpn-vs/">Vpn Vs</a> </li> <li> <a href="https://bilderupload.net/craigslist-menu/">Craigslist Menu</a> </li> <li> <a href="https://bilderupload.net/how-to-set-up-multiple-instagram-accounts/">How To Set Up Multiple Instagram Accounts</a> </li> <li> <a href="https://bilderupload.net/facebook-unblocked-at-school-site/">Facebook Unblocked At School Site</a> </li> <li> <a href="https://bilderupload.net/youtube-at-school-proxy/">Youtube At School Proxy</a> </li> <li> <a href="https://bilderupload.net/what-does-availability-mean-in-utorrent/">What Does Availability Mean In Utorrent</a> </li> <li> <a href="https://bilderupload.net/requests-python-example/">Requests Python Example</a> </li> <li> <a href="https://bilderupload.net/can-a-vpn-get-around-net-neutrality/">Can A Vpn Get Around Net Neutrality</a> </li> <li> <a href="https://bilderupload.net/xml-parse-python/">Xml Parse Python</a> </li> </ul> </section><section id="tag_cloud-2" class="widget widget_tag_cloud"><h2 class="widget-title">Tags</h2><div class="tagcloud"><a href="https://bilderupload.net/tag/1-million-proxy-list/" class="tag-cloud-link tag-link-945 tag-link-position-1" style="font-size: 8pt;" aria-label="1 million proxy list (27 items)">1 million proxy list</a> <a href="https://bilderupload.net/tag/best-free-proxy/" class="tag-cloud-link tag-link-580 tag-link-position-2" style="font-size: 19.666666666667pt;" aria-label="best free proxy (99 items)">best free proxy</a> <a href="https://bilderupload.net/tag/best-free-proxy-server-list/" class="tag-cloud-link tag-link-947 tag-link-position-3" style="font-size: 16.909090909091pt;" aria-label="best free proxy server list (73 items)">best free proxy server list</a> <a href="https://bilderupload.net/tag/best-proxy-server/" class="tag-cloud-link tag-link-579 tag-link-position-4" style="font-size: 11.181818181818pt;" aria-label="best proxy server (39 items)">best proxy server</a> <a href="https://bilderupload.net/tag/craigslist-account-for-sale/" class="tag-cloud-link tag-link-1376 tag-link-position-5" style="font-size: 8pt;" aria-label="craigslist account for sale (27 items)">craigslist account for sale</a> <a href="https://bilderupload.net/tag/craigslist-homepage/" class="tag-cloud-link tag-link-1375 tag-link-position-6" style="font-size: 10.969696969697pt;" aria-label="craigslist homepage (38 items)">craigslist homepage</a> <a href="https://bilderupload.net/tag/fastest-proxy-list/" class="tag-cloud-link tag-link-1503 tag-link-position-7" style="font-size: 8pt;" aria-label="fastest proxy list (27 items)">fastest proxy list</a> <a href="https://bilderupload.net/tag/free-proxy/" class="tag-cloud-link tag-link-435 tag-link-position-8" style="font-size: 12.030303030303pt;" aria-label="free proxy (43 items)">free proxy</a> <a href="https://bilderupload.net/tag/free-proxy-list/" class="tag-cloud-link tag-link-219 tag-link-position-9" style="font-size: 21.151515151515pt;" aria-label="free proxy list (116 items)">free proxy list</a> <a href="https://bilderupload.net/tag/free-proxy-list-download/" class="tag-cloud-link tag-link-1505 tag-link-position-10" style="font-size: 10.545454545455pt;" aria-label="free proxy list download (36 items)">free proxy list download</a> <a href="https://bilderupload.net/tag/free-proxy-list-india/" class="tag-cloud-link tag-link-3581 tag-link-position-11" style="font-size: 8.2121212121212pt;" aria-label="free proxy list india (28 items)">free proxy list india</a> <a href="https://bilderupload.net/tag/free-proxy-list-txt/" class="tag-cloud-link tag-link-1504 tag-link-position-12" style="font-size: 11.818181818182pt;" aria-label="free proxy list txt (42 items)">free proxy list txt</a> <a href="https://bilderupload.net/tag/free-proxy-list-usa/" class="tag-cloud-link tag-link-2648 tag-link-position-13" style="font-size: 8.2121212121212pt;" aria-label="free proxy list usa (28 items)">free proxy list usa</a> <a href="https://bilderupload.net/tag/free-proxy-server/" class="tag-cloud-link tag-link-136 tag-link-position-14" style="font-size: 13.090909090909pt;" aria-label="free proxy server (48 items)">free proxy server</a> <a href="https://bilderupload.net/tag/free-proxy-server-list/" class="tag-cloud-link tag-link-449 tag-link-position-15" style="font-size: 17.545454545455pt;" aria-label="free proxy server list (79 items)">free proxy server list</a> <a href="https://bilderupload.net/tag/free-socks-list-daily/" class="tag-cloud-link tag-link-949 tag-link-position-16" style="font-size: 11.818181818182pt;" aria-label="free socks list daily (42 items)">free socks list daily</a> <a href="https://bilderupload.net/tag/free-vpn-for-netflix/" class="tag-cloud-link tag-link-384 tag-link-position-17" style="font-size: 10.333333333333pt;" aria-label="free vpn for netflix (35 items)">free vpn for netflix</a> <a href="https://bilderupload.net/tag/free-vpn-to-hide-ip-address/" class="tag-cloud-link tag-link-14 tag-link-position-18" style="font-size: 15.212121212121pt;" aria-label="free vpn to hide ip address (60 items)">free vpn to hide ip address</a> <a href="https://bilderupload.net/tag/free-web-proxy/" class="tag-cloud-link tag-link-885 tag-link-position-19" style="font-size: 8.8484848484848pt;" aria-label="free web proxy (30 items)">free web proxy</a> <a href="https://bilderupload.net/tag/fresh-unblocked-proxy-sites-2020/" class="tag-cloud-link tag-link-1618 tag-link-position-20" style="font-size: 9.4848484848485pt;" aria-label="fresh unblocked proxy sites 2020 (32 items)">fresh unblocked proxy sites 2020</a> <a href="https://bilderupload.net/tag/hide-my-ip-address-free/" class="tag-cloud-link tag-link-11 tag-link-position-21" style="font-size: 13.727272727273pt;" aria-label="hide my ip address free (51 items)">hide my ip address free</a> <a href="https://bilderupload.net/tag/hide-my-ip-address-free-online/" class="tag-cloud-link tag-link-13 tag-link-position-22" style="font-size: 15.212121212121pt;" aria-label="hide my ip address free online (60 items)">hide my ip address free online</a> <a href="https://bilderupload.net/tag/hide-my-ip-online/" class="tag-cloud-link tag-link-1569 tag-link-position-23" style="font-size: 10.545454545455pt;" aria-label="hide my ip online (36 items)">hide my ip online</a> <a href="https://bilderupload.net/tag/how-to-hide-ip-address-on-android/" class="tag-cloud-link tag-link-1568 tag-link-position-24" style="font-size: 9.9090909090909pt;" aria-label="how to hide ip address on android (34 items)">how to hide ip address on android</a> <a href="https://bilderupload.net/tag/how-to-hide-my-ip-address-in-gmail/" class="tag-cloud-link tag-link-15 tag-link-position-25" style="font-size: 10.969696969697pt;" aria-label="how to hide my ip address in gmail (38 items)">how to hide my ip address in gmail</a> <a href="https://bilderupload.net/tag/how-to-hide-my-ip-address-without-vpn/" class="tag-cloud-link tag-link-12 tag-link-position-26" style="font-size: 14.787878787879pt;" aria-label="how to hide my ip address without vpn (58 items)">how to hide my ip address without vpn</a> <a href="https://bilderupload.net/tag/ip-address-tracker/" class="tag-cloud-link tag-link-2387 tag-link-position-27" style="font-size: 12.454545454545pt;" aria-label="ip address tracker (45 items)">ip address tracker</a> <a href="https://bilderupload.net/tag/my-ip-country/" class="tag-cloud-link tag-link-3401 tag-link-position-28" style="font-size: 10.757575757576pt;" aria-label="my ip country (37 items)">my ip country</a> <a href="https://bilderupload.net/tag/proxy-browser/" class="tag-cloud-link tag-link-577 tag-link-position-29" style="font-size: 11.606060606061pt;" aria-label="proxy browser (41 items)">proxy browser</a> <a href="https://bilderupload.net/tag/proxy-free/" class="tag-cloud-link tag-link-506 tag-link-position-30" style="font-size: 9.4848484848485pt;" aria-label="proxy free (32 items)">proxy free</a> <a href="https://bilderupload.net/tag/proxy-server/" class="tag-cloud-link tag-link-439 tag-link-position-31" style="font-size: 16.69696969697pt;" aria-label="proxy server (72 items)">proxy server</a> <a href="https://bilderupload.net/tag/proxy-server-address/" class="tag-cloud-link tag-link-581 tag-link-position-32" style="font-size: 13.939393939394pt;" aria-label="proxy server address (53 items)">proxy server address</a> <a href="https://bilderupload.net/tag/proxy-site/" class="tag-cloud-link tag-link-504 tag-link-position-33" style="font-size: 13.30303030303pt;" aria-label="proxy site (49 items)">proxy site</a> <a href="https://bilderupload.net/tag/proxy-url-list/" class="tag-cloud-link tag-link-222 tag-link-position-34" style="font-size: 9.2727272727273pt;" aria-label="proxy url list (31 items)">proxy url list</a> <a href="https://bilderupload.net/tag/proxy-websites/" class="tag-cloud-link tag-link-857 tag-link-position-35" style="font-size: 15.636363636364pt;" aria-label="proxy websites (63 items)">proxy websites</a> <a href="https://bilderupload.net/tag/socks5-proxy-list/" class="tag-cloud-link tag-link-69 tag-link-position-36" style="font-size: 8.2121212121212pt;" aria-label="socks5 proxy list (28 items)">socks5 proxy list</a> <a href="https://bilderupload.net/tag/socks5-proxy-list-txt/" class="tag-cloud-link tag-link-445 tag-link-position-37" style="font-size: 11.181818181818pt;" aria-label="socks5 proxy list txt (39 items)">socks5 proxy list txt</a> <a href="https://bilderupload.net/tag/thepiratebay3-list/" class="tag-cloud-link tag-link-232 tag-link-position-38" style="font-size: 8.8484848484848pt;" aria-label="thepiratebay3 list (30 items)">thepiratebay3 list</a> <a href="https://bilderupload.net/tag/unblock-proxy-free/" class="tag-cloud-link tag-link-128 tag-link-position-39" style="font-size: 22pt;" aria-label="unblock proxy free (128 items)">unblock proxy free</a> <a href="https://bilderupload.net/tag/unblocktheship-proxy/" class="tag-cloud-link tag-link-235 tag-link-position-40" style="font-size: 8.2121212121212pt;" aria-label="unblocktheship proxy (28 items)">unblocktheship proxy</a> <a href="https://bilderupload.net/tag/utorrent-download/" class="tag-cloud-link tag-link-598 tag-link-position-41" style="font-size: 8.8484848484848pt;" aria-label="utorrent download (30 items)">utorrent download</a> <a href="https://bilderupload.net/tag/vpn-proxy/" class="tag-cloud-link tag-link-858 tag-link-position-42" style="font-size: 11.606060606061pt;" aria-label="vpn proxy (41 items)">vpn proxy</a> <a href="https://bilderupload.net/tag/what-is-a-proxy-server/" class="tag-cloud-link tag-link-3124 tag-link-position-43" style="font-size: 8.2121212121212pt;" aria-label="what is a proxy server (28 items)">what is a proxy server</a> <a href="https://bilderupload.net/tag/what-is-my-ip/" class="tag-cloud-link tag-link-18 tag-link-position-44" style="font-size: 8.6363636363636pt;" aria-label="what is my ip (29 items)">what is my ip</a> <a href="https://bilderupload.net/tag/what-is-my-private-ip/" class="tag-cloud-link tag-link-3403 tag-link-position-45" style="font-size: 9.6969696969697pt;" aria-label="what is my private ip (33 items)">what is my private ip</a></div> </section></aside> </div> </div> <footer id="colophon" class="site-footer"> <div id="footer-widgets" class="container"> <aside class="widget-area" role="complementary" aria-label="Footer"> <div class="widget-column footer-widget-3"> <section id="custom_html-2" class="widget_text widget widget_custom_html"><div class="textwidget custom-html-widget"> <script async src="https://www.googletagmanager.com/gtag/js?id=G-S1X842WQMK"></script> <script> window.dataLayer = window.dataLayer || []; function gtag(){dataLayer.push(arguments);} gtag('js', new Date()); gtag('config', 'G-S1X842WQMK'); </script></div></section> </div> </aside> </div> <div class="site-info"> <div class="container"> Theme Blog Tales by <a target="_blank" rel="designer" href="https://kantipurthemes.com/">Kantipur Themes</a> </div> </div> </footer> <a href="#page" class="to-top"></a> </div> <script>!function(){window.advanced_ads_ready_queue=window.advanced_ads_ready_queue||[],advanced_ads_ready_queue.push=window.advanced_ads_ready;for(var d=0,a=advanced_ads_ready_queue.length;d<a;d++)advanced_ads_ready(advanced_ads_ready_queue[d])}();</script><svg style="position: absolute; width: 0; height: 0; overflow: hidden;" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"> <defs> <symbol id="icon-behance" viewBox="0 0 37 32"> <path class="path1" d="M33 6.054h-9.125v2.214h9.125v-2.214zM28.5 13.661q-1.607 0-2.607 0.938t-1.107 2.545h7.286q-0.321-3.482-3.571-3.482zM28.786 24.107q1.125 0 2.179-0.571t1.357-1.554h3.946q-1.786 5.482-7.625 5.482-3.821 0-6.080-2.357t-2.259-6.196q0-3.714 2.33-6.17t6.009-2.455q2.464 0 4.295 1.214t2.732 3.196 0.902 4.429q0 0.304-0.036 0.839h-11.75q0 1.982 1.027 3.063t2.973 1.080zM4.946 23.214h5.286q3.661 0 3.661-2.982 0-3.214-3.554-3.214h-5.393v6.196zM4.946 13.625h5.018q1.393 0 2.205-0.652t0.813-2.027q0-2.571-3.393-2.571h-4.643v5.25zM0 4.536h10.607q1.554 0 2.768 0.25t2.259 0.848 1.607 1.723 0.563 2.75q0 3.232-3.071 4.696 2.036 0.571 3.071 2.054t1.036 3.643q0 1.339-0.438 2.438t-1.179 1.848-1.759 1.268-2.161 0.75-2.393 0.232h-10.911v-22.5z"></path> </symbol> <symbol id="icon-deviantart" viewBox="0 0 18 32"> <path class="path1" d="M18.286 5.411l-5.411 10.393 0.429 0.554h4.982v7.411h-9.054l-0.786 0.536-2.536 4.875-0.536 0.536h-5.375v-5.411l5.411-10.411-0.429-0.536h-4.982v-7.411h9.054l0.786-0.536 2.536-4.875 0.536-0.536h5.375v5.411z"></path> </symbol> <symbol id="icon-medium" viewBox="0 0 32 32"> <path class="path1" d="M10.661 7.518v20.946q0 0.446-0.223 0.759t-0.652 0.313q-0.304 0-0.589-0.143l-8.304-4.161q-0.375-0.179-0.634-0.598t-0.259-0.83v-20.357q0-0.357 0.179-0.607t0.518-0.25q0.25 0 0.786 0.268l9.125 4.571q0.054 0.054 0.054 0.089zM11.804 9.321l9.536 15.464-9.536-4.75v-10.714zM32 9.643v18.821q0 0.446-0.25 0.723t-0.679 0.277-0.839-0.232l-7.875-3.929zM31.946 7.5q0 0.054-4.58 7.491t-5.366 8.705l-6.964-11.321 5.786-9.411q0.304-0.5 0.929-0.5 0.25 0 0.464 0.107l9.661 4.821q0.071 0.036 0.071 0.107z"></path> </symbol> <symbol id="icon-slideshare" viewBox="0 0 32 32"> <path class="path1" d="M15.589 13.214q0 1.482-1.134 2.545t-2.723 1.063-2.723-1.063-1.134-2.545q0-1.5 1.134-2.554t2.723-1.054 2.723 1.054 1.134 2.554zM24.554 13.214q0 1.482-1.125 2.545t-2.732 1.063q-1.589 0-2.723-1.063t-1.134-2.545q0-1.5 1.134-2.554t2.723-1.054q1.607 0 2.732 1.054t1.125 2.554zM28.571 16.429v-11.911q0-1.554-0.571-2.205t-1.982-0.652h-19.857q-1.482 0-2.009 0.607t-0.527 2.25v12.018q0.768 0.411 1.58 0.714t1.446 0.5 1.446 0.33 1.268 0.196 1.25 0.071 1.045 0.009 1.009-0.036 0.795-0.036q1.214-0.018 1.696 0.482 0.107 0.107 0.179 0.161 0.464 0.446 1.089 0.911 0.125-1.625 2.107-1.554 0.089 0 0.652 0.027t0.768 0.036 0.813 0.018 0.946-0.018 0.973-0.080 1.089-0.152 1.107-0.241 1.196-0.348 1.205-0.482 1.286-0.616zM31.482 16.339q-2.161 2.661-6.643 4.5 1.5 5.089-0.411 8.304-1.179 2.018-3.268 2.643-1.857 0.571-3.25-0.268-1.536-0.911-1.464-2.929l-0.018-5.821v-0.018q-0.143-0.036-0.438-0.107t-0.42-0.089l-0.018 6.036q0.071 2.036-1.482 2.929-1.411 0.839-3.268 0.268-2.089-0.643-3.25-2.679-1.875-3.214-0.393-8.268-4.482-1.839-6.643-4.5-0.446-0.661-0.071-1.125t1.071 0.018q0.054 0.036 0.196 0.125t0.196 0.143v-12.393q0-1.286 0.839-2.196t2.036-0.911h22.446q1.196 0 2.036 0.911t0.839 2.196v12.393l0.375-0.268q0.696-0.482 1.071-0.018t-0.071 1.125z"></path> </symbol> <symbol id="icon-snapchat-ghost" viewBox="0 0 30 32"> <path class="path1" d="M15.143 2.286q2.393-0.018 4.295 1.223t2.92 3.438q0.482 1.036 0.482 3.196 0 0.839-0.161 3.411 0.25 0.125 0.5 0.125 0.321 0 0.911-0.241t0.911-0.241q0.518 0 1 0.321t0.482 0.821q0 0.571-0.563 0.964t-1.232 0.563-1.232 0.518-0.563 0.848q0 0.268 0.214 0.768 0.661 1.464 1.83 2.679t2.58 1.804q0.5 0.214 1.429 0.411 0.5 0.107 0.5 0.625 0 1.25-3.911 1.839-0.125 0.196-0.196 0.696t-0.25 0.83-0.589 0.33q-0.357 0-1.107-0.116t-1.143-0.116q-0.661 0-1.107 0.089-0.571 0.089-1.125 0.402t-1.036 0.679-1.036 0.723-1.357 0.598-1.768 0.241q-0.929 0-1.723-0.241t-1.339-0.598-1.027-0.723-1.036-0.679-1.107-0.402q-0.464-0.089-1.125-0.089-0.429 0-1.17 0.134t-1.045 0.134q-0.446 0-0.625-0.33t-0.25-0.848-0.196-0.714q-3.911-0.589-3.911-1.839 0-0.518 0.5-0.625 0.929-0.196 1.429-0.411 1.393-0.571 2.58-1.804t1.83-2.679q0.214-0.5 0.214-0.768 0-0.5-0.563-0.848t-1.241-0.527-1.241-0.563-0.563-0.938q0-0.482 0.464-0.813t0.982-0.33q0.268 0 0.857 0.232t0.946 0.232q0.321 0 0.571-0.125-0.161-2.536-0.161-3.393 0-2.179 0.482-3.214 1.143-2.446 3.071-3.536t4.714-1.125z"></path> </symbol> <symbol id="icon-yelp" viewBox="0 0 27 32"> <path class="path1" d="M13.804 23.554v2.268q-0.018 5.214-0.107 5.446-0.214 0.571-0.911 0.714-0.964 0.161-3.241-0.679t-2.902-1.589q-0.232-0.268-0.304-0.643-0.018-0.214 0.071-0.464 0.071-0.179 0.607-0.839t3.232-3.857q0.018 0 1.071-1.25 0.268-0.339 0.705-0.438t0.884 0.063q0.429 0.179 0.67 0.518t0.223 0.75zM11.143 19.071q-0.054 0.982-0.929 1.25l-2.143 0.696q-4.911 1.571-5.214 1.571-0.625-0.036-0.964-0.643-0.214-0.446-0.304-1.339-0.143-1.357 0.018-2.973t0.536-2.223 1-0.571q0.232 0 3.607 1.375 1.25 0.518 2.054 0.839l1.5 0.607q0.411 0.161 0.634 0.545t0.205 0.866zM25.893 24.375q-0.125 0.964-1.634 2.875t-2.42 2.268q-0.661 0.25-1.125-0.125-0.25-0.179-3.286-5.125l-0.839-1.375q-0.25-0.375-0.205-0.821t0.348-0.821q0.625-0.768 1.482-0.464 0.018 0.018 2.125 0.714 3.625 1.179 4.321 1.42t0.839 0.366q0.5 0.393 0.393 1.089zM13.893 13.089q0.089 1.821-0.964 2.179-1.036 0.304-2.036-1.268l-6.75-10.679q-0.143-0.625 0.339-1.107 0.732-0.768 3.705-1.598t4.009-0.563q0.714 0.179 0.875 0.804 0.054 0.321 0.393 5.455t0.429 6.777zM25.714 15.018q0.054 0.696-0.464 1.054-0.268 0.179-5.875 1.536-1.196 0.268-1.625 0.411l0.018-0.036q-0.411 0.107-0.821-0.071t-0.661-0.571q-0.536-0.839 0-1.554 0.018-0.018 1.339-1.821 2.232-3.054 2.679-3.643t0.607-0.696q0.5-0.339 1.161-0.036 0.857 0.411 2.196 2.384t1.446 2.991v0.054z"></path> </symbol> <symbol id="icon-vine" viewBox="0 0 27 32"> <path class="path1" d="M26.732 14.768v3.536q-1.804 0.411-3.536 0.411-1.161 2.429-2.955 4.839t-3.241 3.848-2.286 1.902q-1.429 0.804-2.893-0.054-0.5-0.304-1.080-0.777t-1.518-1.491-1.83-2.295-1.92-3.286-1.884-4.357-1.634-5.616-1.259-6.964h5.054q0.464 3.893 1.25 7.116t1.866 5.661 2.17 4.205 2.5 3.482q3.018-3.018 5.125-7.25-2.536-1.286-3.982-3.929t-1.446-5.946q0-3.429 1.857-5.616t5.071-2.188q3.179 0 4.875 1.884t1.696 5.313q0 2.839-1.036 5.107-0.125 0.018-0.348 0.054t-0.821 0.036-1.125-0.107-1.107-0.455-0.902-0.92q0.554-1.839 0.554-3.286 0-1.554-0.518-2.357t-1.411-0.804q-0.946 0-1.518 0.884t-0.571 2.509q0 3.321 1.875 5.241t4.768 1.92q1.107 0 2.161-0.25z"></path> </symbol> <symbol id="icon-vk" viewBox="0 0 35 32"> <path class="path1" d="M34.232 9.286q0.411 1.143-2.679 5.25-0.429 0.571-1.161 1.518-1.393 1.786-1.607 2.339-0.304 0.732 0.25 1.446 0.304 0.375 1.446 1.464h0.018l0.071 0.071q2.518 2.339 3.411 3.946 0.054 0.089 0.116 0.223t0.125 0.473-0.009 0.607-0.446 0.491-1.054 0.223l-4.571 0.071q-0.429 0.089-1-0.089t-0.929-0.393l-0.357-0.214q-0.536-0.375-1.25-1.143t-1.223-1.384-1.089-1.036-1.009-0.277q-0.054 0.018-0.143 0.063t-0.304 0.259-0.384 0.527-0.304 0.929-0.116 1.384q0 0.268-0.063 0.491t-0.134 0.33l-0.071 0.089q-0.321 0.339-0.946 0.393h-2.054q-1.268 0.071-2.607-0.295t-2.348-0.946-1.839-1.179-1.259-1.027l-0.446-0.429q-0.179-0.179-0.491-0.536t-1.277-1.625-1.893-2.696-2.188-3.768-2.33-4.857q-0.107-0.286-0.107-0.482t0.054-0.286l0.071-0.107q0.268-0.339 1.018-0.339l4.893-0.036q0.214 0.036 0.411 0.116t0.286 0.152l0.089 0.054q0.286 0.196 0.429 0.571 0.357 0.893 0.821 1.848t0.732 1.455l0.286 0.518q0.518 1.071 1 1.857t0.866 1.223 0.741 0.688 0.607 0.25 0.482-0.089q0.036-0.018 0.089-0.089t0.214-0.393 0.241-0.839 0.17-1.446 0-2.232q-0.036-0.714-0.161-1.304t-0.25-0.821l-0.107-0.214q-0.446-0.607-1.518-0.768-0.232-0.036 0.089-0.429 0.304-0.339 0.679-0.536 0.946-0.464 4.268-0.429 1.464 0.018 2.411 0.232 0.357 0.089 0.598 0.241t0.366 0.429 0.188 0.571 0.063 0.813-0.018 0.982-0.045 1.259-0.027 1.473q0 0.196-0.018 0.75t-0.009 0.857 0.063 0.723 0.205 0.696 0.402 0.438q0.143 0.036 0.304 0.071t0.464-0.196 0.679-0.616 0.929-1.196 1.214-1.92q1.071-1.857 1.911-4.018 0.071-0.179 0.179-0.313t0.196-0.188l0.071-0.054 0.089-0.045t0.232-0.054 0.357-0.009l5.143-0.036q0.696-0.089 1.143 0.045t0.554 0.295z"></path> </symbol> <symbol id="icon-search" viewBox="0 0 30 32"> <path class="path1" d="M20.571 14.857q0-3.304-2.348-5.652t-5.652-2.348-5.652 2.348-2.348 5.652 2.348 5.652 5.652 2.348 5.652-2.348 2.348-5.652zM29.714 29.714q0 0.929-0.679 1.607t-1.607 0.679q-0.964 0-1.607-0.679l-6.125-6.107q-3.196 2.214-7.125 2.214-2.554 0-4.884-0.991t-4.018-2.679-2.679-4.018-0.991-4.884 0.991-4.884 2.679-4.018 4.018-2.679 4.884-0.991 4.884 0.991 4.018 2.679 2.679 4.018 0.991 4.884q0 3.929-2.214 7.125l6.125 6.125q0.661 0.661 0.661 1.607z"></path> </symbol> <symbol id="icon-envelope-o" viewBox="0 0 32 32"> <path class="path1" d="M29.714 26.857v-13.714q-0.571 0.643-1.232 1.179-4.786 3.679-7.607 6.036-0.911 0.768-1.482 1.196t-1.545 0.866-1.83 0.438h-0.036q-0.857 0-1.83-0.438t-1.545-0.866-1.482-1.196q-2.821-2.357-7.607-6.036-0.661-0.536-1.232-1.179v13.714q0 0.232 0.17 0.402t0.402 0.17h26.286q0.232 0 0.402-0.17t0.17-0.402zM29.714 8.089v-0.438t-0.009-0.232-0.054-0.223-0.098-0.161-0.161-0.134-0.25-0.045h-26.286q-0.232 0-0.402 0.17t-0.17 0.402q0 3 2.625 5.071 3.446 2.714 7.161 5.661 0.107 0.089 0.625 0.527t0.821 0.67 0.795 0.563 0.902 0.491 0.768 0.161h0.036q0.357 0 0.768-0.161t0.902-0.491 0.795-0.563 0.821-0.67 0.625-0.527q3.714-2.946 7.161-5.661 0.964-0.768 1.795-2.063t0.83-2.348zM32 7.429v19.429q0 1.179-0.839 2.018t-2.018 0.839h-26.286q-1.179 0-2.018-0.839t-0.839-2.018v-19.429q0-1.179 0.839-2.018t2.018-0.839h26.286q1.179 0 2.018 0.839t0.839 2.018z"></path> </symbol> <symbol id="icon-close" viewBox="0 0 25 32"> <path class="path1" d="M23.179 23.607q0 0.714-0.5 1.214l-2.429 2.429q-0.5 0.5-1.214 0.5t-1.214-0.5l-5.25-5.25-5.25 5.25q-0.5 0.5-1.214 0.5t-1.214-0.5l-2.429-2.429q-0.5-0.5-0.5-1.214t0.5-1.214l5.25-5.25-5.25-5.25q-0.5-0.5-0.5-1.214t0.5-1.214l2.429-2.429q0.5-0.5 1.214-0.5t1.214 0.5l5.25 5.25 5.25-5.25q0.5-0.5 1.214-0.5t1.214 0.5l2.429 2.429q0.5 0.5 0.5 1.214t-0.5 1.214l-5.25 5.25 5.25 5.25q0.5 0.5 0.5 1.214z"></path> </symbol> <symbol id="icon-angle-down" viewBox="0 0 21 32"> <path class="path1" d="M19.196 13.143q0 0.232-0.179 0.411l-8.321 8.321q-0.179 0.179-0.411 0.179t-0.411-0.179l-8.321-8.321q-0.179-0.179-0.179-0.411t0.179-0.411l0.893-0.893q0.179-0.179 0.411-0.179t0.411 0.179l7.018 7.018 7.018-7.018q0.179-0.179 0.411-0.179t0.411 0.179l0.893 0.893q0.179 0.179 0.179 0.411z"></path> </symbol> <symbol id="icon-folder-open" viewBox="0 0 34 32"> <path class="path1" d="M33.554 17q0 0.554-0.554 1.179l-6 7.071q-0.768 0.911-2.152 1.545t-2.563 0.634h-19.429q-0.607 0-1.080-0.232t-0.473-0.768q0-0.554 0.554-1.179l6-7.071q0.768-0.911 2.152-1.545t2.563-0.634h19.429q0.607 0 1.080 0.232t0.473 0.768zM27.429 10.857v2.857h-14.857q-1.679 0-3.518 0.848t-2.929 2.134l-6.107 7.179q0-0.071-0.009-0.223t-0.009-0.223v-17.143q0-1.643 1.179-2.821t2.821-1.179h5.714q1.643 0 2.821 1.179t1.179 2.821v0.571h9.714q1.643 0 2.821 1.179t1.179 2.821z"></path> </symbol> <symbol id="icon-twitter" viewBox="0 0 30 32"> <path class="path1" d="M28.929 7.286q-1.196 1.75-2.893 2.982 0.018 0.25 0.018 0.75 0 2.321-0.679 4.634t-2.063 4.437-3.295 3.759-4.607 2.607-5.768 0.973q-4.839 0-8.857-2.589 0.625 0.071 1.393 0.071 4.018 0 7.161-2.464-1.875-0.036-3.357-1.152t-2.036-2.848q0.589 0.089 1.089 0.089 0.768 0 1.518-0.196-2-0.411-3.313-1.991t-1.313-3.67v-0.071q1.214 0.679 2.607 0.732-1.179-0.786-1.875-2.054t-0.696-2.75q0-1.571 0.786-2.911 2.161 2.661 5.259 4.259t6.634 1.777q-0.143-0.679-0.143-1.321 0-2.393 1.688-4.080t4.080-1.688q2.5 0 4.214 1.821 1.946-0.375 3.661-1.393-0.661 2.054-2.536 3.179 1.661-0.179 3.321-0.893z"></path> </symbol> <symbol id="icon-facebook" viewBox="0 0 19 32"> <path class="path1" d="M17.125 0.214v4.714h-2.804q-1.536 0-2.071 0.643t-0.536 1.929v3.375h5.232l-0.696 5.286h-4.536v13.554h-5.464v-13.554h-4.554v-5.286h4.554v-3.893q0-3.321 1.857-5.152t4.946-1.83q2.625 0 4.071 0.214z"></path> </symbol> <symbol id="icon-github" viewBox="0 0 27 32"> <path class="path1" d="M13.714 2.286q3.732 0 6.884 1.839t4.991 4.991 1.839 6.884q0 4.482-2.616 8.063t-6.759 4.955q-0.482 0.089-0.714-0.125t-0.232-0.536q0-0.054 0.009-1.366t0.009-2.402q0-1.732-0.929-2.536 1.018-0.107 1.83-0.321t1.679-0.696 1.446-1.188 0.946-1.875 0.366-2.688q0-2.125-1.411-3.679 0.661-1.625-0.143-3.643-0.5-0.161-1.446 0.196t-1.643 0.786l-0.679 0.429q-1.661-0.464-3.429-0.464t-3.429 0.464q-0.286-0.196-0.759-0.482t-1.491-0.688-1.518-0.241q-0.804 2.018-0.143 3.643-1.411 1.554-1.411 3.679 0 1.518 0.366 2.679t0.938 1.875 1.438 1.196 1.679 0.696 1.83 0.321q-0.696 0.643-0.875 1.839-0.375 0.179-0.804 0.268t-1.018 0.089-1.17-0.384-0.991-1.116q-0.339-0.571-0.866-0.929t-0.884-0.429l-0.357-0.054q-0.375 0-0.518 0.080t-0.089 0.205 0.161 0.25 0.232 0.214l0.125 0.089q0.393 0.179 0.777 0.679t0.563 0.911l0.179 0.411q0.232 0.679 0.786 1.098t1.196 0.536 1.241 0.125 0.991-0.063l0.411-0.071q0 0.679 0.009 1.58t0.009 0.973q0 0.321-0.232 0.536t-0.714 0.125q-4.143-1.375-6.759-4.955t-2.616-8.063q0-3.732 1.839-6.884t4.991-4.991 6.884-1.839zM5.196 21.982q0.054-0.125-0.125-0.214-0.179-0.054-0.232 0.036-0.054 0.125 0.125 0.214 0.161 0.107 0.232-0.036zM5.75 22.589q0.125-0.089-0.036-0.286-0.179-0.161-0.286-0.054-0.125 0.089 0.036 0.286 0.179 0.179 0.286 0.054zM6.286 23.393q0.161-0.125 0-0.339-0.143-0.232-0.304-0.107-0.161 0.089 0 0.321t0.304 0.125zM7.036 24.143q0.143-0.143-0.071-0.339-0.214-0.214-0.357-0.054-0.161 0.143 0.071 0.339 0.214 0.214 0.357 0.054zM8.054 24.589q0.054-0.196-0.232-0.286-0.268-0.071-0.339 0.125t0.232 0.268q0.268 0.107 0.339-0.107zM9.179 24.679q0-0.232-0.304-0.196-0.286 0-0.286 0.196 0 0.232 0.304 0.196 0.286 0 0.286-0.196zM10.214 24.5q-0.036-0.196-0.321-0.161-0.286 0.054-0.25 0.268t0.321 0.143 0.25-0.25z"></path> </symbol> <symbol id="icon-bars" viewBox="0 0 27 32"> <path class="path1" d="M27.429 24v2.286q0 0.464-0.339 0.804t-0.804 0.339h-25.143q-0.464 0-0.804-0.339t-0.339-0.804v-2.286q0-0.464 0.339-0.804t0.804-0.339h25.143q0.464 0 0.804 0.339t0.339 0.804zM27.429 14.857v2.286q0 0.464-0.339 0.804t-0.804 0.339h-25.143q-0.464 0-0.804-0.339t-0.339-0.804v-2.286q0-0.464 0.339-0.804t0.804-0.339h25.143q0.464 0 0.804 0.339t0.339 0.804zM27.429 5.714v2.286q0 0.464-0.339 0.804t-0.804 0.339h-25.143q-0.464 0-0.804-0.339t-0.339-0.804v-2.286q0-0.464 0.339-0.804t0.804-0.339h25.143q0.464 0 0.804 0.339t0.339 0.804z"></path> </symbol> <symbol id="icon-google-plus" viewBox="0 0 41 32"> <path class="path1" d="M25.661 16.304q0 3.714-1.554 6.616t-4.429 4.536-6.589 1.634q-2.661 0-5.089-1.036t-4.179-2.786-2.786-4.179-1.036-5.089 1.036-5.089 2.786-4.179 4.179-2.786 5.089-1.036q5.107 0 8.768 3.429l-3.554 3.411q-2.089-2.018-5.214-2.018-2.196 0-4.063 1.107t-2.955 3.009-1.089 4.152 1.089 4.152 2.955 3.009 4.063 1.107q1.482 0 2.723-0.411t2.045-1.027 1.402-1.402 0.875-1.482 0.384-1.321h-7.429v-4.5h12.357q0.214 1.125 0.214 2.179zM41.143 14.125v3.75h-3.732v3.732h-3.75v-3.732h-3.732v-3.75h3.732v-3.732h3.75v3.732h3.732z"></path> </symbol> <symbol id="icon-linkedin" viewBox="0 0 27 32"> <path class="path1" d="M6.232 11.161v17.696h-5.893v-17.696h5.893zM6.607 5.696q0.018 1.304-0.902 2.179t-2.42 0.875h-0.036q-1.464 0-2.357-0.875t-0.893-2.179q0-1.321 0.92-2.188t2.402-0.866 2.375 0.866 0.911 2.188zM27.429 18.714v10.143h-5.875v-9.464q0-1.875-0.723-2.938t-2.259-1.063q-1.125 0-1.884 0.616t-1.134 1.527q-0.196 0.536-0.196 1.446v9.875h-5.875q0.036-7.125 0.036-11.554t-0.018-5.286l-0.018-0.857h5.875v2.571h-0.036q0.357-0.571 0.732-1t1.009-0.929 1.554-0.777 2.045-0.277q3.054 0 4.911 2.027t1.857 5.938z"></path> </symbol> <symbol id="icon-quote-right" viewBox="0 0 30 32"> <path class="path1" d="M13.714 5.714v12.571q0 1.857-0.723 3.545t-1.955 2.92-2.92 1.955-3.545 0.723h-1.143q-0.464 0-0.804-0.339t-0.339-0.804v-2.286q0-0.464 0.339-0.804t0.804-0.339h1.143q1.893 0 3.232-1.339t1.339-3.232v-0.571q0-0.714-0.5-1.214t-1.214-0.5h-4q-1.429 0-2.429-1t-1-2.429v-6.857q0-1.429 1-2.429t2.429-1h6.857q1.429 0 2.429 1t1 2.429zM29.714 5.714v12.571q0 1.857-0.723 3.545t-1.955 2.92-2.92 1.955-3.545 0.723h-1.143q-0.464 0-0.804-0.339t-0.339-0.804v-2.286q0-0.464 0.339-0.804t0.804-0.339h1.143q1.893 0 3.232-1.339t1.339-3.232v-0.571q0-0.714-0.5-1.214t-1.214-0.5h-4q-1.429 0-2.429-1t-1-2.429v-6.857q0-1.429 1-2.429t2.429-1h6.857q1.429 0 2.429 1t1 2.429z"></path> </symbol> <symbol id="icon-mail-reply" viewBox="0 0 32 32"> <path class="path1" d="M32 20q0 2.964-2.268 8.054-0.054 0.125-0.188 0.429t-0.241 0.536-0.232 0.393q-0.214 0.304-0.5 0.304-0.268 0-0.42-0.179t-0.152-0.446q0-0.161 0.045-0.473t0.045-0.42q0.089-1.214 0.089-2.196 0-1.804-0.313-3.232t-0.866-2.473-1.429-1.804-1.884-1.241-2.375-0.759-2.75-0.384-3.134-0.107h-4v4.571q0 0.464-0.339 0.804t-0.804 0.339-0.804-0.339l-9.143-9.143q-0.339-0.339-0.339-0.804t0.339-0.804l9.143-9.143q0.339-0.339 0.804-0.339t0.804 0.339 0.339 0.804v4.571h4q12.732 0 15.625 7.196 0.946 2.393 0.946 5.946z"></path> </symbol> <symbol id="icon-youtube" viewBox="0 0 27 32"> <path class="path1" d="M17.339 22.214v3.768q0 1.196-0.696 1.196-0.411 0-0.804-0.393v-5.375q0.393-0.393 0.804-0.393 0.696 0 0.696 1.196zM23.375 22.232v0.821h-1.607v-0.821q0-1.214 0.804-1.214t0.804 1.214zM6.125 18.339h1.911v-1.679h-5.571v1.679h1.875v10.161h1.786v-10.161zM11.268 28.5h1.589v-8.821h-1.589v6.75q-0.536 0.75-1.018 0.75-0.321 0-0.375-0.375-0.018-0.054-0.018-0.625v-6.5h-1.589v6.982q0 0.875 0.143 1.304 0.214 0.661 1.036 0.661 0.857 0 1.821-1.089v0.964zM18.929 25.857v-3.518q0-1.304-0.161-1.768-0.304-1-1.268-1-0.893 0-1.661 0.964v-3.875h-1.589v11.839h1.589v-0.857q0.804 0.982 1.661 0.982 0.964 0 1.268-0.982 0.161-0.482 0.161-1.786zM24.964 25.679v-0.232h-1.625q0 0.911-0.036 1.089-0.125 0.643-0.714 0.643-0.821 0-0.821-1.232v-1.554h3.196v-1.839q0-1.411-0.482-2.071-0.696-0.911-1.893-0.911-1.214 0-1.911 0.911-0.5 0.661-0.5 2.071v3.089q0 1.411 0.518 2.071 0.696 0.911 1.929 0.911 1.286 0 1.929-0.946 0.321-0.482 0.375-0.964 0.036-0.161 0.036-1.036zM14.107 9.375v-3.75q0-1.232-0.768-1.232t-0.768 1.232v3.75q0 1.25 0.768 1.25t0.768-1.25zM26.946 22.786q0 4.179-0.464 6.25-0.25 1.054-1.036 1.768t-1.821 0.821q-3.286 0.375-9.911 0.375t-9.911-0.375q-1.036-0.107-1.83-0.821t-1.027-1.768q-0.464-2-0.464-6.25 0-4.179 0.464-6.25 0.25-1.054 1.036-1.768t1.839-0.839q3.268-0.357 9.893-0.357t9.911 0.357q1.036 0.125 1.83 0.839t1.027 1.768q0.464 2 0.464 6.25zM9.125 0h1.821l-2.161 7.125v4.839h-1.786v-4.839q-0.25-1.321-1.089-3.786-0.661-1.839-1.161-3.339h1.893l1.268 4.696zM15.732 5.946v3.125q0 1.446-0.5 2.107-0.661 0.911-1.893 0.911-1.196 0-1.875-0.911-0.5-0.679-0.5-2.107v-3.125q0-1.429 0.5-2.089 0.679-0.911 1.875-0.911 1.232 0 1.893 0.911 0.5 0.661 0.5 2.089zM21.714 3.054v8.911h-1.625v-0.982q-0.946 1.107-1.839 1.107-0.821 0-1.054-0.661-0.143-0.429-0.143-1.339v-7.036h1.625v6.554q0 0.589 0.018 0.625 0.054 0.393 0.375 0.393 0.482 0 1.018-0.768v-6.804h1.625z"></path> </symbol> <symbol id="icon-dropbox" viewBox="0 0 32 32"> <path class="path1" d="M7.179 12.625l8.821 5.446-6.107 5.089-8.75-5.696zM24.786 22.536v1.929l-8.75 5.232v0.018l-0.018-0.018-0.018 0.018v-0.018l-8.732-5.232v-1.929l2.625 1.714 6.107-5.071v-0.036l0.018 0.018 0.018-0.018v0.036l6.125 5.071zM9.893 2.107l6.107 5.089-8.821 5.429-6.036-4.821zM24.821 12.625l6.036 4.839-8.732 5.696-6.125-5.089zM22.125 2.107l8.732 5.696-6.036 4.821-8.821-5.429z"></path> </symbol> <symbol id="icon-instagram" viewBox="0 0 27 32"> <path class="path1" d="M18.286 16q0-1.893-1.339-3.232t-3.232-1.339-3.232 1.339-1.339 3.232 1.339 3.232 3.232 1.339 3.232-1.339 1.339-3.232zM20.75 16q0 2.929-2.054 4.982t-4.982 2.054-4.982-2.054-2.054-4.982 2.054-4.982 4.982-2.054 4.982 2.054 2.054 4.982zM22.679 8.679q0 0.679-0.482 1.161t-1.161 0.482-1.161-0.482-0.482-1.161 0.482-1.161 1.161-0.482 1.161 0.482 0.482 1.161zM13.714 4.75q-0.125 0-1.366-0.009t-1.884 0-1.723 0.054-1.839 0.179-1.277 0.33q-0.893 0.357-1.571 1.036t-1.036 1.571q-0.196 0.518-0.33 1.277t-0.179 1.839-0.054 1.723 0 1.884 0.009 1.366-0.009 1.366 0 1.884 0.054 1.723 0.179 1.839 0.33 1.277q0.357 0.893 1.036 1.571t1.571 1.036q0.518 0.196 1.277 0.33t1.839 0.179 1.723 0.054 1.884 0 1.366-0.009 1.366 0.009 1.884 0 1.723-0.054 1.839-0.179 1.277-0.33q0.893-0.357 1.571-1.036t1.036-1.571q0.196-0.518 0.33-1.277t0.179-1.839 0.054-1.723 0-1.884-0.009-1.366 0.009-1.366 0-1.884-0.054-1.723-0.179-1.839-0.33-1.277q-0.357-0.893-1.036-1.571t-1.571-1.036q-0.518-0.196-1.277-0.33t-1.839-0.179-1.723-0.054-1.884 0-1.366 0.009zM27.429 16q0 4.089-0.089 5.661-0.179 3.714-2.214 5.75t-5.75 2.214q-1.571 0.089-5.661 0.089t-5.661-0.089q-3.714-0.179-5.75-2.214t-2.214-5.75q-0.089-1.571-0.089-5.661t0.089-5.661q0.179-3.714 2.214-5.75t5.75-2.214q1.571-0.089 5.661-0.089t5.661 0.089q3.714 0.179 5.75 2.214t2.214 5.75q0.089 1.571 0.089 5.661z"></path> </symbol> <symbol id="icon-flickr" viewBox="0 0 27 32"> <path class="path1" d="M22.286 2.286q2.125 0 3.634 1.509t1.509 3.634v17.143q0 2.125-1.509 3.634t-3.634 1.509h-17.143q-2.125 0-3.634-1.509t-1.509-3.634v-17.143q0-2.125 1.509-3.634t3.634-1.509h17.143zM12.464 16q0-1.571-1.107-2.679t-2.679-1.107-2.679 1.107-1.107 2.679 1.107 2.679 2.679 1.107 2.679-1.107 1.107-2.679zM22.536 16q0-1.571-1.107-2.679t-2.679-1.107-2.679 1.107-1.107 2.679 1.107 2.679 2.679 1.107 2.679-1.107 1.107-2.679z"></path> </symbol> <symbol id="icon-tumblr" viewBox="0 0 19 32"> <path class="path1" d="M16.857 23.732l1.429 4.232q-0.411 0.625-1.982 1.179t-3.161 0.571q-1.857 0.036-3.402-0.464t-2.545-1.321-1.696-1.893-0.991-2.143-0.295-2.107v-9.714h-3v-3.839q1.286-0.464 2.304-1.241t1.625-1.607 1.036-1.821 0.607-1.768 0.268-1.58q0.018-0.089 0.080-0.152t0.134-0.063h4.357v7.571h5.946v4.5h-5.964v9.25q0 0.536 0.116 1t0.402 0.938 0.884 0.741 1.455 0.25q1.393-0.036 2.393-0.518z"></path> </symbol> <symbol id="icon-dockerhub" viewBox="0 0 24 28"> <path class="path1" d="M1.597 10.257h2.911v2.83H1.597v-2.83zm3.573 0h2.91v2.83H5.17v-2.83zm0-3.627h2.91v2.829H5.17V6.63zm3.57 3.627h2.912v2.83H8.74v-2.83zm0-3.627h2.912v2.829H8.74V6.63zm3.573 3.627h2.911v2.83h-2.911v-2.83zm0-3.627h2.911v2.829h-2.911V6.63zm3.572 3.627h2.911v2.83h-2.911v-2.83zM12.313 3h2.911v2.83h-2.911V3zm-6.65 14.173c-.449 0-.812.354-.812.788 0 .435.364.788.812.788.447 0 .811-.353.811-.788 0-.434-.363-.788-.811-.788"></path> <path class="path2" d="M28.172 11.721c-.978-.549-2.278-.624-3.388-.306-.136-1.146-.91-2.149-1.83-2.869l-.366-.286-.307.345c-.618.692-.8 1.845-.718 2.73.063.651.273 1.312.685 1.834-.313.183-.668.328-.985.434-.646.212-1.347.33-2.028.33H.083l-.042.429c-.137 1.432.065 2.866.674 4.173l.262.519.03.048c1.8 2.973 4.963 4.225 8.41 4.225 6.672 0 12.174-2.896 14.702-9.015 1.689.085 3.417-.4 4.243-1.968l.211-.4-.401-.223zM5.664 19.458c-.85 0-1.542-.671-1.542-1.497 0-.825.691-1.498 1.541-1.498.849 0 1.54.672 1.54 1.497s-.69 1.498-1.539 1.498z"></path> </symbol> <symbol id="icon-dribbble" viewBox="0 0 27 32"> <path class="path1" d="M18.286 26.786q-0.75-4.304-2.5-8.893h-0.036l-0.036 0.018q-0.286 0.107-0.768 0.295t-1.804 0.875-2.446 1.464-2.339 2.045-1.839 2.643l-0.268-0.196q3.286 2.679 7.464 2.679 2.357 0 4.571-0.929zM14.982 15.946q-0.375-0.875-0.946-1.982-5.554 1.661-12.018 1.661-0.018 0.125-0.018 0.375 0 2.214 0.786 4.223t2.214 3.598q0.893-1.589 2.205-2.973t2.545-2.223 2.33-1.446 1.777-0.857l0.661-0.232q0.071-0.018 0.232-0.063t0.232-0.080zM13.071 12.161q-2.143-3.804-4.357-6.75-2.464 1.161-4.179 3.321t-2.286 4.857q5.393 0 10.821-1.429zM25.286 17.857q-3.75-1.071-7.304-0.518 1.554 4.268 2.286 8.375 1.982-1.339 3.304-3.384t1.714-4.473zM10.911 4.625q-0.018 0-0.036 0.018 0.018-0.018 0.036-0.018zM21.446 7.214q-3.304-2.929-7.732-2.929-1.357 0-2.768 0.339 2.339 3.036 4.393 6.821 1.232-0.464 2.321-1.080t1.723-1.098 1.17-1.018 0.67-0.723zM25.429 15.875q-0.054-4.143-2.661-7.321l-0.018 0.018q-0.161 0.214-0.339 0.438t-0.777 0.795-1.268 1.080-1.786 1.161-2.348 1.152q0.446 0.946 0.786 1.696 0.036 0.107 0.116 0.313t0.134 0.295q0.643-0.089 1.33-0.125t1.313-0.036 1.232 0.027 1.143 0.071 1.009 0.098 0.857 0.116 0.652 0.107 0.446 0.080zM27.429 16q0 3.732-1.839 6.884t-4.991 4.991-6.884 1.839-6.884-1.839-4.991-4.991-1.839-6.884 1.839-6.884 4.991-4.991 6.884-1.839 6.884 1.839 4.991 4.991 1.839 6.884z"></path> </symbol> <symbol id="icon-skype" viewBox="0 0 27 32"> <path class="path1" d="M20.946 18.982q0-0.893-0.348-1.634t-0.866-1.223-1.304-0.875-1.473-0.607-1.563-0.411l-1.857-0.429q-0.536-0.125-0.786-0.188t-0.625-0.205-0.536-0.286-0.295-0.375-0.134-0.536q0-1.375 2.571-1.375 0.768 0 1.375 0.214t0.964 0.509 0.679 0.598 0.714 0.518 0.857 0.214q0.839 0 1.348-0.571t0.509-1.375q0-0.982-1-1.777t-2.536-1.205-3.25-0.411q-1.214 0-2.357 0.277t-2.134 0.839-1.589 1.554-0.598 2.295q0 1.089 0.339 1.902t1 1.348 1.429 0.866 1.839 0.58l2.607 0.643q1.607 0.393 2 0.643 0.571 0.357 0.571 1.071 0 0.696-0.714 1.152t-1.875 0.455q-0.911 0-1.634-0.286t-1.161-0.688-0.813-0.804-0.821-0.688-0.964-0.286q-0.893 0-1.348 0.536t-0.455 1.339q0 1.643 2.179 2.813t5.196 1.17q1.304 0 2.5-0.33t2.188-0.955 1.58-1.67 0.589-2.348zM27.429 22.857q0 2.839-2.009 4.848t-4.848 2.009q-2.321 0-4.179-1.429-1.375 0.286-2.679 0.286-2.554 0-4.884-0.991t-4.018-2.679-2.679-4.018-0.991-4.884q0-1.304 0.286-2.679-1.429-1.857-1.429-4.179 0-2.839 2.009-4.848t4.848-2.009q2.321 0 4.179 1.429 1.375-0.286 2.679-0.286 2.554 0 4.884 0.991t4.018 2.679 2.679 4.018 0.991 4.884q0 1.304-0.286 2.679 1.429 1.857 1.429 4.179z"></path> </symbol> <symbol id="icon-foursquare" viewBox="0 0 23 32"> <path class="path1" d="M17.857 7.75l0.661-3.464q0.089-0.411-0.161-0.714t-0.625-0.304h-12.714q-0.411 0-0.688 0.304t-0.277 0.661v19.661q0 0.125 0.107 0.018l5.196-6.286q0.411-0.464 0.679-0.598t0.857-0.134h4.268q0.393 0 0.661-0.259t0.321-0.527q0.429-2.321 0.661-3.411 0.071-0.375-0.205-0.714t-0.652-0.339h-5.25q-0.518 0-0.857-0.339t-0.339-0.857v-0.75q0-0.518 0.339-0.848t0.857-0.33h6.179q0.321 0 0.625-0.241t0.357-0.527zM21.911 3.786q-0.268 1.304-0.955 4.759t-1.241 6.25-0.625 3.098q-0.107 0.393-0.161 0.58t-0.25 0.58-0.438 0.589-0.688 0.375-1.036 0.179h-4.839q-0.232 0-0.393 0.179-0.143 0.161-7.607 8.821-0.393 0.446-1.045 0.509t-0.866-0.098q-0.982-0.393-0.982-1.75v-25.179q0-0.982 0.679-1.83t2.143-0.848h15.857q1.696 0 2.268 0.946t0.179 2.839zM21.911 3.786l-2.821 14.107q0.071-0.304 0.625-3.098t1.241-6.25 0.955-4.759z"></path> </symbol> <symbol id="icon-wordpress" viewBox="0 0 32 32"> <path class="path1" d="M2.268 16q0-2.911 1.196-5.589l6.554 17.946q-3.5-1.696-5.625-5.018t-2.125-7.339zM25.268 15.304q0 0.339-0.045 0.688t-0.179 0.884-0.205 0.786-0.313 1.054-0.313 1.036l-1.357 4.571-4.964-14.75q0.821-0.054 1.571-0.143 0.339-0.036 0.464-0.33t-0.045-0.554-0.509-0.241l-3.661 0.179q-1.339-0.018-3.607-0.179-0.214-0.018-0.366 0.089t-0.205 0.268-0.027 0.33 0.161 0.295 0.348 0.143l1.429 0.143 2.143 5.857-3 9-5-14.857q0.821-0.054 1.571-0.143 0.339-0.036 0.464-0.33t-0.045-0.554-0.509-0.241l-3.661 0.179q-0.125 0-0.411-0.009t-0.464-0.009q1.875-2.857 4.902-4.527t6.563-1.67q2.625 0 5.009 0.946t4.259 2.661h-0.179q-0.982 0-1.643 0.723t-0.661 1.705q0 0.214 0.036 0.429t0.071 0.384 0.143 0.411 0.161 0.375 0.214 0.402 0.223 0.375 0.259 0.429 0.25 0.411q1.125 1.911 1.125 3.786zM16.232 17.196l4.232 11.554q0.018 0.107 0.089 0.196-2.25 0.786-4.554 0.786-2 0-3.875-0.571zM28.036 9.411q1.696 3.107 1.696 6.589 0 3.732-1.857 6.884t-4.982 4.973l4.196-12.107q1.054-3.018 1.054-4.929 0-0.75-0.107-1.411zM16 0q3.25 0 6.214 1.268t5.107 3.411 3.411 5.107 1.268 6.214-1.268 6.214-3.411 5.107-5.107 3.411-6.214 1.268-6.214-1.268-5.107-3.411-3.411-5.107-1.268-6.214 1.268-6.214 3.411-5.107 5.107-3.411 6.214-1.268zM16 31.268q3.089 0 5.92-1.214t4.875-3.259 3.259-4.875 1.214-5.92-1.214-5.92-3.259-4.875-4.875-3.259-5.92-1.214-5.92 1.214-4.875 3.259-3.259 4.875-1.214 5.92 1.214 5.92 3.259 4.875 4.875 3.259 5.92 1.214z"></path> </symbol> <symbol id="icon-stumbleupon" viewBox="0 0 34 32"> <path class="path1" d="M18.964 12.714v-2.107q0-0.75-0.536-1.286t-1.286-0.536-1.286 0.536-0.536 1.286v10.929q0 3.125-2.25 5.339t-5.411 2.214q-3.179 0-5.42-2.241t-2.241-5.42v-4.75h5.857v4.679q0 0.768 0.536 1.295t1.286 0.527 1.286-0.527 0.536-1.295v-11.071q0-3.054 2.259-5.214t5.384-2.161q3.143 0 5.393 2.179t2.25 5.25v2.429l-3.482 1.036zM28.429 16.679h5.857v4.75q0 3.179-2.241 5.42t-5.42 2.241q-3.161 0-5.411-2.223t-2.25-5.366v-4.786l2.339 1.089 3.482-1.036v4.821q0 0.75 0.536 1.277t1.286 0.527 1.286-0.527 0.536-1.277v-4.911z"></path> </symbol> <symbol id="icon-digg" viewBox="0 0 37 32"> <path class="path1" d="M5.857 5.036h3.643v17.554h-9.5v-12.446h5.857v-5.107zM5.857 19.661v-6.589h-2.196v6.589h2.196zM10.964 10.143v12.446h3.661v-12.446h-3.661zM10.964 5.036v3.643h3.661v-3.643h-3.661zM16.089 10.143h9.518v16.821h-9.518v-2.911h5.857v-1.464h-5.857v-12.446zM21.946 19.661v-6.589h-2.196v6.589h2.196zM27.071 10.143h9.5v16.821h-9.5v-2.911h5.839v-1.464h-5.839v-12.446zM32.911 19.661v-6.589h-2.196v6.589h2.196z"></path> </symbol> <symbol id="icon-spotify" viewBox="0 0 27 32"> <path class="path1" d="M20.125 21.607q0-0.571-0.536-0.911-3.446-2.054-7.982-2.054-2.375 0-5.125 0.607-0.75 0.161-0.75 0.929 0 0.357 0.241 0.616t0.634 0.259q0.089 0 0.661-0.143 2.357-0.482 4.339-0.482 4.036 0 7.089 1.839 0.339 0.196 0.589 0.196 0.339 0 0.589-0.241t0.25-0.616zM21.839 17.768q0-0.714-0.625-1.089-4.232-2.518-9.786-2.518-2.732 0-5.411 0.75-0.857 0.232-0.857 1.143 0 0.446 0.313 0.759t0.759 0.313q0.125 0 0.661-0.143 2.179-0.589 4.482-0.589 4.982 0 8.714 2.214 0.429 0.232 0.679 0.232 0.446 0 0.759-0.313t0.313-0.759zM23.768 13.339q0-0.839-0.714-1.25-2.25-1.304-5.232-1.973t-6.125-0.67q-3.643 0-6.5 0.839-0.411 0.125-0.688 0.455t-0.277 0.866q0 0.554 0.366 0.929t0.92 0.375q0.196 0 0.714-0.143 2.375-0.661 5.482-0.661 2.839 0 5.527 0.607t4.527 1.696q0.375 0.214 0.714 0.214 0.518 0 0.902-0.366t0.384-0.92zM27.429 16q0 3.732-1.839 6.884t-4.991 4.991-6.884 1.839-6.884-1.839-4.991-4.991-1.839-6.884 1.839-6.884 4.991-4.991 6.884-1.839 6.884 1.839 4.991 4.991 1.839 6.884z"></path> </symbol> <symbol id="icon-soundcloud" viewBox="0 0 41 32"> <path class="path1" d="M14 24.5l0.286-4.304-0.286-9.339q-0.018-0.179-0.134-0.304t-0.295-0.125q-0.161 0-0.286 0.125t-0.125 0.304l-0.25 9.339 0.25 4.304q0.018 0.179 0.134 0.295t0.277 0.116q0.393 0 0.429-0.411zM19.286 23.982l0.196-3.768-0.214-10.464q0-0.286-0.232-0.429-0.143-0.089-0.286-0.089t-0.286 0.089q-0.232 0.143-0.232 0.429l-0.018 0.107-0.179 10.339q0 0.018 0.196 4.214v0.018q0 0.179 0.107 0.304 0.161 0.196 0.411 0.196 0.196 0 0.357-0.161 0.161-0.125 0.161-0.357zM0.625 17.911l0.357 2.286-0.357 2.25q-0.036 0.161-0.161 0.161t-0.161-0.161l-0.304-2.25 0.304-2.286q0.036-0.161 0.161-0.161t0.161 0.161zM2.161 16.5l0.464 3.696-0.464 3.625q-0.036 0.161-0.179 0.161-0.161 0-0.161-0.179l-0.411-3.607 0.411-3.696q0-0.161 0.161-0.161 0.143 0 0.179 0.161zM3.804 15.821l0.446 4.375-0.446 4.232q0 0.196-0.196 0.196-0.179 0-0.214-0.196l-0.375-4.232 0.375-4.375q0.036-0.214 0.214-0.214 0.196 0 0.196 0.214zM5.482 15.696l0.411 4.5-0.411 4.357q-0.036 0.232-0.25 0.232-0.232 0-0.232-0.232l-0.375-4.357 0.375-4.5q0-0.232 0.232-0.232 0.214 0 0.25 0.232zM7.161 16.018l0.375 4.179-0.375 4.393q-0.036 0.286-0.286 0.286-0.107 0-0.188-0.080t-0.080-0.205l-0.357-4.393 0.357-4.179q0-0.107 0.080-0.188t0.188-0.080q0.25 0 0.286 0.268zM8.839 13.411l0.375 6.786-0.375 4.393q0 0.125-0.089 0.223t-0.214 0.098q-0.286 0-0.321-0.321l-0.321-4.393 0.321-6.786q0.036-0.321 0.321-0.321 0.125 0 0.214 0.098t0.089 0.223zM10.518 11.875l0.339 8.357-0.339 4.357q0 0.143-0.098 0.241t-0.241 0.098q-0.321 0-0.357-0.339l-0.286-4.357 0.286-8.357q0.036-0.339 0.357-0.339 0.143 0 0.241 0.098t0.098 0.241zM12.268 11.161l0.321 9.036-0.321 4.321q-0.036 0.375-0.393 0.375-0.339 0-0.375-0.375l-0.286-4.321 0.286-9.036q0-0.161 0.116-0.277t0.259-0.116q0.161 0 0.268 0.116t0.125 0.277zM19.268 24.411v0 0zM15.732 11.089l0.268 9.107-0.268 4.268q0 0.179-0.134 0.313t-0.313 0.134-0.304-0.125-0.143-0.321l-0.25-4.268 0.25-9.107q0-0.196 0.134-0.321t0.313-0.125 0.313 0.125 0.134 0.321zM17.5 11.429l0.25 8.786-0.25 4.214q0 0.196-0.143 0.339t-0.339 0.143-0.339-0.143-0.161-0.339l-0.214-4.214 0.214-8.786q0.018-0.214 0.161-0.357t0.339-0.143 0.33 0.143 0.152 0.357zM21.286 20.214l-0.25 4.125q0 0.232-0.161 0.393t-0.393 0.161-0.393-0.161-0.179-0.393l-0.107-2.036-0.107-2.089 0.214-11.357v-0.054q0.036-0.268 0.214-0.429 0.161-0.125 0.357-0.125 0.143 0 0.268 0.089 0.25 0.143 0.286 0.464zM41.143 19.875q0 2.089-1.482 3.563t-3.571 1.473h-14.036q-0.232-0.036-0.393-0.196t-0.161-0.393v-16.054q0-0.411 0.5-0.589 1.518-0.607 3.232-0.607 3.482 0 6.036 2.348t2.857 5.777q0.946-0.393 1.964-0.393 2.089 0 3.571 1.482t1.482 3.589z"></path> </symbol> <symbol id="icon-codepen" viewBox="0 0 32 32"> <path class="path1" d="M3.857 20.875l10.768 7.179v-6.411l-5.964-3.982zM2.75 18.304l3.446-2.304-3.446-2.304v4.607zM17.375 28.054l10.768-7.179-4.804-3.214-5.964 3.982v6.411zM16 19.25l4.857-3.25-4.857-3.25-4.857 3.25zM8.661 14.339l5.964-3.982v-6.411l-10.768 7.179zM25.804 16l3.446 2.304v-4.607zM23.339 14.339l4.804-3.214-10.768-7.179v6.411zM32 11.125v9.75q0 0.732-0.607 1.143l-14.625 9.75q-0.375 0.232-0.768 0.232t-0.768-0.232l-14.625-9.75q-0.607-0.411-0.607-1.143v-9.75q0-0.732 0.607-1.143l14.625-9.75q0.375-0.232 0.768-0.232t0.768 0.232l14.625 9.75q0.607 0.411 0.607 1.143z"></path> </symbol> <symbol id="icon-twitch" viewBox="0 0 32 32"> <path class="path1" d="M16 7.75v7.75h-2.589v-7.75h2.589zM23.107 7.75v7.75h-2.589v-7.75h2.589zM23.107 21.321l4.518-4.536v-14.196h-21.321v18.732h5.821v3.875l3.875-3.875h7.107zM30.214 0v18.089l-7.75 7.75h-5.821l-3.875 3.875h-3.875v-3.875h-7.107v-20.679l1.946-5.161h26.482z"></path> </symbol> <symbol id="icon-meanpath" viewBox="0 0 27 32"> <path class="path1" d="M23.411 15.036v2.036q0 0.429-0.241 0.679t-0.67 0.25h-3.607q-0.429 0-0.679-0.25t-0.25-0.679v-2.036q0-0.429 0.25-0.679t0.679-0.25h3.607q0.429 0 0.67 0.25t0.241 0.679zM14.661 19.143v-4.464q0-0.946-0.58-1.527t-1.527-0.58h-2.375q-1.214 0-1.714 0.929-0.5-0.929-1.714-0.929h-2.321q-0.946 0-1.527 0.58t-0.58 1.527v4.464q0 0.393 0.375 0.393h0.982q0.393 0 0.393-0.393v-4.107q0-0.429 0.241-0.679t0.688-0.25h1.679q0.429 0 0.679 0.25t0.25 0.679v4.107q0 0.393 0.375 0.393h0.964q0.393 0 0.393-0.393v-4.107q0-0.429 0.25-0.679t0.679-0.25h1.732q0.429 0 0.67 0.25t0.241 0.679v4.107q0 0.393 0.393 0.393h0.982q0.375 0 0.375-0.393zM25.179 17.429v-2.75q0-0.946-0.589-1.527t-1.536-0.58h-4.714q-0.946 0-1.536 0.58t-0.589 1.527v7.321q0 0.375 0.393 0.375h0.982q0.375 0 0.375-0.375v-3.214q0.554 0.75 1.679 0.75h3.411q0.946 0 1.536-0.58t0.589-1.527zM27.429 6.429v19.143q0 1.714-1.214 2.929t-2.929 1.214h-19.143q-1.714 0-2.929-1.214t-1.214-2.929v-19.143q0-1.714 1.214-2.929t2.929-1.214h19.143q1.714 0 2.929 1.214t1.214 2.929z"></path> </symbol> <symbol id="icon-pinterest-p" viewBox="0 0 23 32"> <path class="path1" d="M0 10.661q0-1.929 0.67-3.634t1.848-2.973 2.714-2.196 3.304-1.393 3.607-0.464q2.821 0 5.25 1.188t3.946 3.455 1.518 5.125q0 1.714-0.339 3.357t-1.071 3.161-1.786 2.67-2.589 1.839-3.375 0.688q-1.214 0-2.411-0.571t-1.714-1.571q-0.179 0.696-0.5 2.009t-0.42 1.696-0.366 1.268-0.464 1.268-0.571 1.116-0.821 1.384-1.107 1.545l-0.25 0.089-0.161-0.179q-0.268-2.804-0.268-3.357 0-1.643 0.384-3.688t1.188-5.134 0.929-3.625q-0.571-1.161-0.571-3.018 0-1.482 0.929-2.786t2.357-1.304q1.089 0 1.696 0.723t0.607 1.83q0 1.179-0.786 3.411t-0.786 3.339q0 1.125 0.804 1.866t1.946 0.741q0.982 0 1.821-0.446t1.402-1.214 1-1.696 0.679-1.973 0.357-1.982 0.116-1.777q0-3.089-1.955-4.813t-5.098-1.723q-3.571 0-5.964 2.313t-2.393 5.866q0 0.786 0.223 1.518t0.482 1.161 0.482 0.813 0.223 0.545q0 0.5-0.268 1.304t-0.661 0.804q-0.036 0-0.304-0.054-0.911-0.268-1.616-1t-1.089-1.688-0.58-1.929-0.196-1.902z"></path> </symbol> <symbol id="icon-periscope" viewBox="0 0 24 28"> <path class="path1" d="M12.285,1C6.696,1,2.277,5.643,2.277,11.243c0,5.851,7.77,14.578,10.007,14.578c1.959,0,9.729-8.728,9.729-14.578 C22.015,5.643,17.596,1,12.285,1z M12.317,16.551c-3.473,0-6.152-2.611-6.152-5.664c0-1.292,0.39-2.472,1.065-3.438 c0.206,1.084,1.18,1.906,2.352,1.906c1.322,0,2.393-1.043,2.393-2.333c0-0.832-0.447-1.561-1.119-1.975 c0.467-0.105,0.955-0.161,1.46-0.161c3.133,0,5.81,2.611,5.81,5.998C18.126,13.94,15.449,16.551,12.317,16.551z"></path> </symbol> <symbol id="icon-get-pocket" viewBox="0 0 31 32"> <path class="path1" d="M27.946 2.286q1.161 0 1.964 0.813t0.804 1.973v9.268q0 3.143-1.214 6t-3.259 4.911-4.893 3.259-5.973 1.205q-3.143 0-5.991-1.205t-4.902-3.259-3.268-4.911-1.214-6v-9.268q0-1.143 0.821-1.964t1.964-0.821h25.161zM15.375 21.286q0.839 0 1.464-0.589l7.214-6.929q0.661-0.625 0.661-1.518 0-0.875-0.616-1.491t-1.491-0.616q-0.839 0-1.464 0.589l-5.768 5.536-5.768-5.536q-0.625-0.589-1.446-0.589-0.875 0-1.491 0.616t-0.616 1.491q0 0.911 0.643 1.518l7.232 6.929q0.589 0.589 1.446 0.589z"></path> </symbol> <symbol id="icon-vimeo" viewBox="0 0 32 32"> <path class="path1" d="M30.518 9.25q-0.179 4.214-5.929 11.625-5.946 7.696-10.036 7.696-2.536 0-4.286-4.696-0.786-2.857-2.357-8.607-1.286-4.679-2.804-4.679-0.321 0-2.268 1.357l-1.375-1.75q0.429-0.375 1.929-1.723t2.321-2.063q2.786-2.464 4.304-2.607 1.696-0.161 2.732 0.991t1.446 3.634q0.786 5.125 1.179 6.661 0.982 4.446 2.143 4.446 0.911 0 2.75-2.875 1.804-2.875 1.946-4.393 0.232-2.482-1.946-2.482-1.018 0-2.161 0.464 2.143-7.018 8.196-6.821 4.482 0.143 4.214 5.821z"></path> </symbol> <symbol id="icon-reddit-alien" viewBox="0 0 32 32"> <path class="path1" d="M32 15.107q0 1.036-0.527 1.884t-1.42 1.295q0.214 0.821 0.214 1.714 0 2.768-1.902 5.125t-5.188 3.723-7.143 1.366-7.134-1.366-5.179-3.723-1.902-5.125q0-0.839 0.196-1.679-0.911-0.446-1.464-1.313t-0.554-1.902q0-1.464 1.036-2.509t2.518-1.045q1.518 0 2.589 1.125 3.893-2.714 9.196-2.893l2.071-9.304q0.054-0.232 0.268-0.375t0.464-0.089l6.589 1.446q0.321-0.661 0.964-1.063t1.411-0.402q1.107 0 1.893 0.777t0.786 1.884-0.786 1.893-1.893 0.786-1.884-0.777-0.777-1.884l-5.964-1.321-1.857 8.429q5.357 0.161 9.268 2.857 1.036-1.089 2.554-1.089 1.482 0 2.518 1.045t1.036 2.509zM7.464 18.661q0 1.107 0.777 1.893t1.884 0.786 1.893-0.786 0.786-1.893-0.786-1.884-1.893-0.777q-1.089 0-1.875 0.786t-0.786 1.875zM21.929 25q0.196-0.196 0.196-0.464t-0.196-0.464q-0.179-0.179-0.446-0.179t-0.464 0.179q-0.732 0.75-2.161 1.107t-2.857 0.357-2.857-0.357-2.161-1.107q-0.196-0.179-0.464-0.179t-0.446 0.179q-0.196 0.179-0.196 0.455t0.196 0.473q0.768 0.768 2.116 1.214t2.188 0.527 1.625 0.080 1.625-0.080 2.188-0.527 2.116-1.214zM21.875 21.339q1.107 0 1.884-0.786t0.777-1.893q0-1.089-0.786-1.875t-1.875-0.786q-1.107 0-1.893 0.777t-0.786 1.884 0.786 1.893 1.893 0.786z"></path> </symbol> <symbol id="icon-hashtag" viewBox="0 0 32 32"> <path class="path1" d="M17.696 18.286l1.143-4.571h-4.536l-1.143 4.571h4.536zM31.411 9.286l-1 4q-0.125 0.429-0.554 0.429h-5.839l-1.143 4.571h5.554q0.268 0 0.446 0.214 0.179 0.25 0.107 0.5l-1 4q-0.089 0.429-0.554 0.429h-5.839l-1.446 5.857q-0.125 0.429-0.554 0.429h-4q-0.286 0-0.464-0.214-0.161-0.214-0.107-0.5l1.393-5.571h-4.536l-1.446 5.857q-0.125 0.429-0.554 0.429h-4.018q-0.268 0-0.446-0.214-0.161-0.214-0.107-0.5l1.393-5.571h-5.554q-0.268 0-0.446-0.214-0.161-0.214-0.107-0.5l1-4q0.125-0.429 0.554-0.429h5.839l1.143-4.571h-5.554q-0.268 0-0.446-0.214-0.179-0.25-0.107-0.5l1-4q0.089-0.429 0.554-0.429h5.839l1.446-5.857q0.125-0.429 0.571-0.429h4q0.268 0 0.446 0.214 0.161 0.214 0.107 0.5l-1.393 5.571h4.536l1.446-5.857q0.125-0.429 0.571-0.429h4q0.268 0 0.446 0.214 0.161 0.214 0.107 0.5l-1.393 5.571h5.554q0.268 0 0.446 0.214 0.161 0.214 0.107 0.5z"></path> </symbol> <symbol id="icon-chain" viewBox="0 0 30 32"> <path class="path1" d="M26 21.714q0-0.714-0.5-1.214l-3.714-3.714q-0.5-0.5-1.214-0.5-0.75 0-1.286 0.571 0.054 0.054 0.339 0.33t0.384 0.384 0.268 0.339 0.232 0.455 0.063 0.491q0 0.714-0.5 1.214t-1.214 0.5q-0.268 0-0.491-0.063t-0.455-0.232-0.339-0.268-0.384-0.384-0.33-0.339q-0.589 0.554-0.589 1.304 0 0.714 0.5 1.214l3.679 3.696q0.482 0.482 1.214 0.482 0.714 0 1.214-0.464l2.625-2.607q0.5-0.5 0.5-1.196zM13.446 9.125q0-0.714-0.5-1.214l-3.679-3.696q-0.5-0.5-1.214-0.5-0.696 0-1.214 0.482l-2.625 2.607q-0.5 0.5-0.5 1.196 0 0.714 0.5 1.214l3.714 3.714q0.482 0.482 1.214 0.482 0.75 0 1.286-0.554-0.054-0.054-0.339-0.33t-0.384-0.384-0.268-0.339-0.232-0.455-0.063-0.491q0-0.714 0.5-1.214t1.214-0.5q0.268 0 0.491 0.063t0.455 0.232 0.339 0.268 0.384 0.384 0.33 0.339q0.589-0.554 0.589-1.304zM29.429 21.714q0 2.143-1.518 3.625l-2.625 2.607q-1.482 1.482-3.625 1.482-2.161 0-3.643-1.518l-3.679-3.696q-1.482-1.482-1.482-3.625 0-2.196 1.571-3.732l-1.571-1.571q-1.536 1.571-3.714 1.571-2.143 0-3.643-1.5l-3.714-3.714q-1.5-1.5-1.5-3.643t1.518-3.625l2.625-2.607q1.482-1.482 3.625-1.482 2.161 0 3.643 1.518l3.679 3.696q1.482 1.482 1.482 3.625 0 2.196-1.571 3.732l1.571 1.571q1.536-1.571 3.714-1.571 2.143 0 3.643 1.5l3.714 3.714q1.5 1.5 1.5 3.643z"></path> </symbol> <symbol id="icon-thumb-tack" viewBox="0 0 21 32"> <path class="path1" d="M8.571 15.429v-8q0-0.25-0.161-0.411t-0.411-0.161-0.411 0.161-0.161 0.411v8q0 0.25 0.161 0.411t0.411 0.161 0.411-0.161 0.161-0.411zM20.571 21.714q0 0.464-0.339 0.804t-0.804 0.339h-7.661l-0.911 8.625q-0.036 0.214-0.188 0.366t-0.366 0.152h-0.018q-0.482 0-0.571-0.482l-1.357-8.661h-7.214q-0.464 0-0.804-0.339t-0.339-0.804q0-2.196 1.402-3.955t3.17-1.759v-9.143q-0.929 0-1.607-0.679t-0.679-1.607 0.679-1.607 1.607-0.679h11.429q0.929 0 1.607 0.679t0.679 1.607-0.679 1.607-1.607 0.679v9.143q1.768 0 3.17 1.759t1.402 3.955z"></path> </symbol> <symbol id="icon-arrow-left" viewBox="0 0 43 32"> <path class="path1" d="M42.311 14.044c-0.178-0.178-0.533-0.356-0.711-0.356h-33.778l10.311-10.489c0.178-0.178 0.356-0.533 0.356-0.711 0-0.356-0.178-0.533-0.356-0.711l-1.6-1.422c-0.356-0.178-0.533-0.356-0.889-0.356s-0.533 0.178-0.711 0.356l-14.578 14.933c-0.178 0.178-0.356 0.533-0.356 0.711s0.178 0.533 0.356 0.711l14.756 14.933c0 0.178 0.356 0.356 0.533 0.356s0.533-0.178 0.711-0.356l1.6-1.6c0.178-0.178 0.356-0.533 0.356-0.711s-0.178-0.533-0.356-0.711l-10.311-10.489h33.778c0.178 0 0.533-0.178 0.711-0.356 0.356-0.178 0.533-0.356 0.533-0.711v-2.133c0-0.356-0.178-0.711-0.356-0.889z"></path> </symbol> <symbol id="icon-arrow-right" viewBox="0 0 43 32"> <path class="path1" d="M0.356 17.956c0.178 0.178 0.533 0.356 0.711 0.356h33.778l-10.311 10.489c-0.178 0.178-0.356 0.533-0.356 0.711 0 0.356 0.178 0.533 0.356 0.711l1.6 1.6c0.178 0.178 0.533 0.356 0.711 0.356s0.533-0.178 0.711-0.356l14.756-14.933c0.178-0.356 0.356-0.711 0.356-0.889s-0.178-0.533-0.356-0.711l-14.756-14.933c0-0.178-0.356-0.356-0.533-0.356s-0.533 0.178-0.711 0.356l-1.6 1.6c-0.178 0.178-0.356 0.533-0.356 0.711s0.178 0.533 0.356 0.711l10.311 10.489h-33.778c-0.178 0-0.533 0.178-0.711 0.356-0.356 0.178-0.533 0.356-0.533 0.711v2.311c0 0.178 0.178 0.533 0.356 0.711z"></path> </symbol> <symbol id="icon-play" viewBox="0 0 22 28"> <path d="M21.625 14.484l-20.75 11.531c-0.484 0.266-0.875 0.031-0.875-0.516v-23c0-0.547 0.391-0.781 0.875-0.516l20.75 11.531c0.484 0.266 0.484 0.703 0 0.969z"></path> </symbol> <symbol id="icon-pause" viewBox="0 0 24 28"> <path d="M24 3v22c0 0.547-0.453 1-1 1h-8c-0.547 0-1-0.453-1-1v-22c0-0.547 0.453-1 1-1h8c0.547 0 1 0.453 1 1zM10 3v22c0 0.547-0.453 1-1 1h-8c-0.547 0-1-0.453-1-1v-22c0-0.547 0.453-1 1-1h8c0.547 0 1 0.453 1 1z"></path> </symbol> </defs> </svg> <script>"use strict";function wprRemoveCPCSS(){var preload_stylesheets=document.querySelectorAll('link[data-rocket-async="style"][rel="preload"]');if(preload_stylesheets&&0<preload_stylesheets.length)for(var stylesheet_index=0;stylesheet_index<preload_stylesheets.length;stylesheet_index++){var media=preload_stylesheets[stylesheet_index].getAttribute("media")||"all";if(window.matchMedia(media).matches)return void setTimeout(wprRemoveCPCSS,200)}var elem=document.getElementById("rocket-critical-css");elem&&"remove"in elem&&elem.remove()}window.addEventListener?window.addEventListener("load",wprRemoveCPCSS):window.attachEvent&&window.attachEvent("onload",wprRemoveCPCSS);</script><script src="https://bilderupload.net/wp-content/cache/min/1/b5213d67c5d0e754e158f677f523f49c.js" data-minify="1" defer></script><noscript><link rel='stylesheet' id='wp-block-library-css' href='https://bilderupload.net/wp-includes/css/dist/block-library/style.min.css?ver=6.5.2' type='text/css' media='all' /><link rel='stylesheet' id='blog-tales-google-fonts-css' href='https://fonts.googleapis.com/css?family=Playfair+Display%3A400%2C700%7CLato%3A400%2C700&subset=latin%2Clatin-ext' type='text/css' media='all' /><link data-minify="1" rel='stylesheet' id='blog-tales-blocks-css' href='https://bilderupload.net/wp-content/cache/min/1/wp-content/themes/blog-tales/assets/css/blocks.css?ver=1706965618' type='text/css' media='all' /><link data-minify="1" rel='stylesheet' id='blog-tales-style-css' href='https://bilderupload.net/wp-content/cache/min/1/wp-content/themes/blog-tales/style.css?ver=1706965618' type='text/css' media='all' /></noscript></body> </html>