Browse Source

add nginx vts module settings

develop
VirtuBox 2 years ago
parent
commit
b07f07de37
12 changed files with 94 additions and 0 deletions
  1. +21
    -0
      docs/files/etc/nginx/common/protect.conf
  2. +6
    -0
      docs/files/etc/nginx/nginx-intermediate.conf
  3. +6
    -0
      docs/files/etc/nginx/nginx-tlsv12.conf
  4. +7
    -0
      docs/files/etc/nginx/nginx.conf
  5. +1
    -0
      docs/files/etc/nginx/proxy_params
  6. +6
    -0
      docs/files/etc/nginx/sites-available/22222
  7. +21
    -0
      etc/nginx/common/protect.conf
  8. +7
    -0
      etc/nginx/nginx-intermediate.conf
  9. +6
    -0
      etc/nginx/nginx-tlsv12.conf
  10. +6
    -0
      etc/nginx/nginx.conf
  11. +1
    -0
      etc/nginx/proxy_params
  12. +6
    -0
      etc/nginx/sites-available/22222

+ 21
- 0
docs/files/etc/nginx/common/protect.conf View File

@@ -0,0 +1,21 @@
# nginx common web app exploits protection

location ~* "(eval\()" { deny all; }
location ~* "(127\.0\.0\.1)" { deny all; }
location ~* "([a-z0-9]{2000})" { deny all; }
location ~* "(javascript\:)(.*)(\;)" { deny all; }
location ~* "(base64_encode)(.*)(\()" { deny all; }
location ~* "(GLOBALS|REQUEST)(=|\[|%)" { deny all; }
location ~* "(<|%3C).*script.*(>|%3)" { deny all; }
location ~ "(\\|\.\.\.|\.\./|~|`|<|>|\|)" { deny all; }
location ~* "(boot\.ini|etc/passwd|self/environ)" { deny all; }
location ~* "(thumbs?(_editor|open)?|tim(thumb)?)\.php" { deny all; }
location ~* "(\'|\")(.*)(drop|insert|md5|select|union)" { deny all; }
location ~* "(https?|ftp|php):/" { deny all; }
location ~* "(=\\\'|=\\%27|/\\\'/?)\." { deny all; }
location ~ "(\{0\}|\(/\(|\.\.\.|\+\+\+|\\\"\\\")" { deny all; }
location ~ "(~|`|<|>|:|;|%|\\|\s|\{|\}|\[|\]|\|)" { deny all; }
location ~* "/(=|\$&|_mm|(wp-)?config\.|cgi-|etc/passwd|muieblack)" { deny all; }
location ~* "(&pws=0|_vti_|\(null\)|\{\$itemURL\}|echo(.*)kae|etc/passwd|eval\(|self/environ)" { deny all; }
location ~* "\.(aspx?|bash|bak?|cfg|cgi|dll|exe|git|hg|ini|jsp|log|mdb|out|sql|svn|swp|tar|rdf)$" { deny all; }
location ~* "/(^$|mobiquo|phpinfo|shell|sqlpatch|thumb|thumb_editor|thumbopen|timthumb|webshell)\.php" { deny all; }

+ 6
- 0
docs/files/etc/nginx/nginx-intermediate.conf View File

@@ -53,6 +53,12 @@ http

# tls dynamic records patch directive
ssl_dyn_rec_enable on;
# nginx-vts-status module
#vhost_traffic_status_zone;
resolver 8.8.8.8 1.1.1.1 valid=300s;
resolver_timeout 10;

##
# GeoIP module configuration, before removing comments


+ 6
- 0
docs/files/etc/nginx/nginx-tlsv12.conf View File

@@ -53,6 +53,12 @@ http
# tls dynamic records patch directive
ssl_dyn_rec_enable on;
# nginx-vts-status module
#vhost_traffic_status_zone;
resolver 8.8.8.8 1.1.1.1 valid=300s;
resolver_timeout 10;

##
# GeoIP module configuration, before removing comments


+ 7
- 0
docs/files/etc/nginx/nginx.conf View File

@@ -53,6 +53,13 @@ http
# tls dynamic records patch directive
ssl_dyn_rec_enable on;
# nginx-vts-status module
#vhost_traffic_status_zone;
# dns resolver for oscp
resolver 8.8.8.8 1.1.1.1 valid=300s;
resolver_timeout 10;

##
# GeoIP module configuration, before removing comments


+ 1
- 0
docs/files/etc/nginx/proxy_params View File

@@ -8,3 +8,4 @@ proxy_buffers 256 16k;
proxy_busy_buffers_size 256k;
proxy_temp_file_write_size 256k;
proxy_max_temp_file_size 0;
proxy_read_timeout 3000;

+ 6
- 0
docs/files/etc/nginx/sites-available/22222 View File

@@ -25,6 +25,12 @@ server {
location / {
try_files $uri $uri/ /index.php?$args;
}
# nginx-vts-status
#location /vts_status {
#vhost_traffic_status_display;
#vhost_traffic_status_display_format html;
#}

# Display menu at location /fpm/status/
location = /fpm/status/ {}


+ 21
- 0
etc/nginx/common/protect.conf View File

@@ -0,0 +1,21 @@
# nginx common web app exploits protection

location ~* "(eval\()" { deny all; }
location ~* "(127\.0\.0\.1)" { deny all; }
location ~* "([a-z0-9]{2000})" { deny all; }
location ~* "(javascript\:)(.*)(\;)" { deny all; }
location ~* "(base64_encode)(.*)(\()" { deny all; }
location ~* "(GLOBALS|REQUEST)(=|\[|%)" { deny all; }
location ~* "(<|%3C).*script.*(>|%3)" { deny all; }
location ~ "(\\|\.\.\.|\.\./|~|`|<|>|\|)" { deny all; }
location ~* "(boot\.ini|etc/passwd|self/environ)" { deny all; }
location ~* "(thumbs?(_editor|open)?|tim(thumb)?)\.php" { deny all; }
location ~* "(\'|\")(.*)(drop|insert|md5|select|union)" { deny all; }
location ~* "(https?|ftp|php):/" { deny all; }
location ~* "(=\\\'|=\\%27|/\\\'/?)\." { deny all; }
location ~ "(\{0\}|\(/\(|\.\.\.|\+\+\+|\\\"\\\")" { deny all; }
location ~ "(~|`|<|>|:|;|%|\\|\s|\{|\}|\[|\]|\|)" { deny all; }
location ~* "/(=|\$&|_mm|(wp-)?config\.|cgi-|etc/passwd|muieblack)" { deny all; }
location ~* "(&pws=0|_vti_|\(null\)|\{\$itemURL\}|echo(.*)kae|etc/passwd|eval\(|self/environ)" { deny all; }
location ~* "\.(aspx?|bash|bak?|cfg|cgi|dll|exe|git|hg|ini|jsp|log|mdb|out|sql|svn|swp|tar|rdf)$" { deny all; }
location ~* "/(^$|mobiquo|phpinfo|shell|sqlpatch|thumb|thumb_editor|thumbopen|timthumb|webshell)\.php" { deny all; }

+ 7
- 0
etc/nginx/nginx-intermediate.conf View File

@@ -53,6 +53,13 @@ http

# tls dynamic records patch directive
ssl_dyn_rec_enable on;
# nginx-vts-status module
#vhost_traffic_status_zone;
resolver 8.8.8.8 1.1.1.1 valid=300s;
resolver_timeout 10;


##
# GeoIP module configuration, before removing comments


+ 6
- 0
etc/nginx/nginx-tlsv12.conf View File

@@ -53,6 +53,12 @@ http
# tls dynamic records patch directive
ssl_dyn_rec_enable on;
# nginx-vts-status module
#vhost_traffic_status_zone;
resolver 8.8.8.8 1.1.1.1 valid=300s;
resolver_timeout 10;

##
# GeoIP module configuration, before removing comments


+ 6
- 0
etc/nginx/nginx.conf View File

@@ -53,6 +53,12 @@ http
# tls dynamic records patch directive
ssl_dyn_rec_enable on;
# nginx-vts-status module
#vhost_traffic_status_zone;
resolver 8.8.8.8 1.1.1.1 valid=300s;
resolver_timeout 10;

##
# GeoIP module configuration, before removing comments


+ 1
- 0
etc/nginx/proxy_params View File

@@ -8,3 +8,4 @@ proxy_buffers 256 16k;
proxy_busy_buffers_size 256k;
proxy_temp_file_write_size 256k;
proxy_max_temp_file_size 0;
proxy_read_timeout 3000;

+ 6
- 0
etc/nginx/sites-available/22222 View File

@@ -25,6 +25,12 @@ server {
location / {
try_files $uri $uri/ /index.php?$args;
}
# nginx-vts-status
#location /vts_status {
#vhost_traffic_status_display;
#vhost_traffic_status_display_format html;
#}

# Display menu at location /fpm/status/
location = /fpm/status/ {}


Loading…
Cancel
Save