add ipscrub configuration

anonymise visitors IPs to be GDPR compliant
Cette révision appartient à :
VirtuBox 2018-05-28 02:40:37 +02:00
Parent 78099be3af
révision 100b7f2213
6 fichiers modifiés avec 31 ajouts et 10 suppressions

Voir le fichier

@ -30,7 +30,7 @@ http
# Limit Request
limit_req_status 403;
limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s;
limit_req_zone $remote_addr_ipscrub zone=one:10m rate=1r/s;
#Simple DOS mitigation
##Max c/s by ip
@ -97,9 +97,12 @@ http
error_log /var/log/nginx/error.log;
# Log format Settings
log_format rt_cache '$remote_addr $upstream_response_time $upstream_cache_status [$time_local] '
log_format rt_cache '$remote_addr_ipscrub $upstream_response_time $upstream_cache_status [$time_local] '
'$http_host "$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent"';
'"$http_referer" "$http_user_agent" $server_protocol';
# ipscrub settings
ipscrub_period_seconds 3600;
##
# Gzip Settings

Voir le fichier

@ -30,7 +30,7 @@ http
# Limit Request
limit_req_status 403;
limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s;
limit_req_zone $remote_addr_ipscrub zone=one:10m rate=1r/s;
#Simple DOS mitigation
##Max c/s by ip
@ -95,9 +95,12 @@ http
error_log /var/log/nginx/error.log;
# Log format Settings
log_format rt_cache '$remote_addr $upstream_response_time $upstream_cache_status [$time_local] '
log_format rt_cache '$remote_addr_ipscrub $upstream_response_time $upstream_cache_status [$time_local] '
'$http_host "$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent"';
'"$http_referer" "$http_user_agent" $server_protocol';
# ipscrub settings
ipscrub_period_seconds 3600;
##
# Gzip Settings

Voir le fichier

@ -30,7 +30,7 @@ http
# Limit Request
limit_req_status 403;
limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s;
limit_req_zone $remote_addr_ipscrub zone=one:10m rate=1r/s;
#Simple DOS mitigation
##Max c/s by ip
@ -96,9 +96,12 @@ http
error_log /var/log/nginx/error.log;
# Log format Settings
log_format rt_cache '$remote_addr $upstream_response_time $upstream_cache_status [$time_local] '
log_format rt_cache '$remote_addr_ipscrub $upstream_response_time $upstream_cache_status [$time_local] '
'$http_host "$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent"';
'"$http_referer" "$http_user_agent" $server_protocol';
# ipscrub settings
ipscrub_period_seconds 3600;
##
# Gzip Settings

Voir le fichier

@ -4,7 +4,7 @@ server {
listen 22222 default_server ssl http2;
access_log /var/log/nginx/22222.access.log rt_cache;
access_log off;
error_log /var/log/nginx/22222.error.log;
ssl_certificate /var/www/22222/cert/22222.crt;

Voir le fichier

@ -37,6 +37,9 @@ server {
index index.html index.htm index.nginx-debian.html;
server_name _;
access_log off;
error_log /var/log/nginx/default.error.log;
location / {
# First attempt to serve request as file, then

9
scripts/freshclam Fichier normal
Voir le fichier

@ -0,0 +1,9 @@
#!/bin/sh
# make sure the process is stopped
/etc/init.d/clamav-freshclam stop
# check if database is outdated
/usr/bin/freshclam -v >> /var/log/result_freshclam.log
# update virus database
/etc/init.d/clamav-freshclam start