diff --git a/docs/files/etc/nginx/common/protect.conf b/docs/files/etc/nginx/common/protect.conf
new file mode 100644
index 0000000..031494f
--- /dev/null
+++ b/docs/files/etc/nginx/common/protect.conf
@@ -0,0 +1,21 @@
+# nginx common web app exploits protection 
+
+location ~* "(eval\()"  { deny all; }
+location ~* "(127\.0\.0\.1)"  { deny all; }
+location ~* "([a-z0-9]{2000})"  { deny all; }
+location ~* "(javascript\:)(.*)(\;)"  { deny all; }
+location ~* "(base64_encode)(.*)(\()"  { deny all; }
+location ~* "(GLOBALS|REQUEST)(=|\[|%)"  { deny all; }
+location ~* "(<|%3C).*script.*(>|%3)" { deny all; }
+location ~ "(\\|\.\.\.|\.\./|~|`|<|>|\|)" { deny all; }
+location ~* "(boot\.ini|etc/passwd|self/environ)" { deny all; }
+location ~* "(thumbs?(_editor|open)?|tim(thumb)?)\.php" { deny all; }
+location ~* "(\'|\")(.*)(drop|insert|md5|select|union)" { deny all; }
+location ~* "(https?|ftp|php):/" { deny all; }
+location ~* "(=\\\'|=\\%27|/\\\'/?)\." { deny all; }
+location ~ "(\{0\}|\(/\(|\.\.\.|\+\+\+|\\\"\\\")" { deny all; }
+location ~ "(~|`|<|>|:|;|%|\\|\s|\{|\}|\[|\]|\|)" { deny all; }
+location ~* "/(=|\$&|_mm|(wp-)?config\.|cgi-|etc/passwd|muieblack)" { deny all; }
+location ~* "(&pws=0|_vti_|\(null\)|\{\$itemURL\}|echo(.*)kae|etc/passwd|eval\(|self/environ)" { deny all; }
+location ~* "\.(aspx?|bash|bak?|cfg|cgi|dll|exe|git|hg|ini|jsp|log|mdb|out|sql|svn|swp|tar|rdf)$" { deny all; }
+location ~* "/(^$|mobiquo|phpinfo|shell|sqlpatch|thumb|thumb_editor|thumbopen|timthumb|webshell)\.php" { deny all; }
\ No newline at end of file
diff --git a/docs/files/etc/nginx/nginx-intermediate.conf b/docs/files/etc/nginx/nginx-intermediate.conf
index 2cee242..a8ecb95 100644
--- a/docs/files/etc/nginx/nginx-intermediate.conf
+++ b/docs/files/etc/nginx/nginx-intermediate.conf
@@ -53,6 +53,12 @@ http
 
     # tls dynamic records patch directive
     ssl_dyn_rec_enable on;
+    
+    # nginx-vts-status module
+    #vhost_traffic_status_zone;
+    
+    resolver 8.8.8.8 1.1.1.1 valid=300s;
+    resolver_timeout 10;
 
     ##
     # GeoIP module configuration, before removing comments
diff --git a/docs/files/etc/nginx/nginx-tlsv12.conf b/docs/files/etc/nginx/nginx-tlsv12.conf
index 351afa5..d62f49e 100644
--- a/docs/files/etc/nginx/nginx-tlsv12.conf
+++ b/docs/files/etc/nginx/nginx-tlsv12.conf
@@ -53,6 +53,12 @@ http
     
     # tls dynamic records patch directive
     ssl_dyn_rec_enable on;
+    
+    # nginx-vts-status module
+    #vhost_traffic_status_zone;
+    
+    resolver 8.8.8.8 1.1.1.1 valid=300s;
+    resolver_timeout 10;
 
     ##
     # GeoIP module configuration, before removing comments
diff --git a/docs/files/etc/nginx/nginx.conf b/docs/files/etc/nginx/nginx.conf
index 845f86f..0d0069b 100644
--- a/docs/files/etc/nginx/nginx.conf
+++ b/docs/files/etc/nginx/nginx.conf
@@ -53,6 +53,13 @@ http
     
     # tls dynamic records patch directive
     ssl_dyn_rec_enable on;
+    
+    # nginx-vts-status module
+    #vhost_traffic_status_zone;
+    
+    # dns resolver for oscp
+    resolver 8.8.8.8 1.1.1.1 valid=300s;
+    resolver_timeout 10;
 
     ##
     # GeoIP module configuration, before removing comments
diff --git a/docs/files/etc/nginx/proxy_params b/docs/files/etc/nginx/proxy_params
index 8cfa9cd..547acd1 100644
--- a/docs/files/etc/nginx/proxy_params
+++ b/docs/files/etc/nginx/proxy_params
@@ -8,3 +8,4 @@ proxy_buffers 256 16k;
 proxy_busy_buffers_size 256k;
 proxy_temp_file_write_size 256k;
 proxy_max_temp_file_size 0;
+proxy_read_timeout 3000;
\ No newline at end of file
diff --git a/docs/files/etc/nginx/sites-available/22222 b/docs/files/etc/nginx/sites-available/22222
index 78310ac..01c9f44 100644
--- a/docs/files/etc/nginx/sites-available/22222
+++ b/docs/files/etc/nginx/sites-available/22222
@@ -25,6 +25,12 @@ server {
   location / {
     try_files $uri $uri/ /index.php?$args;
   }
+  
+  # nginx-vts-status 
+  #location /vts_status {
+  #vhost_traffic_status_display;
+  #vhost_traffic_status_display_format html;
+  #}
 
   # Display menu at location /fpm/status/
   location =  /fpm/status/ {}
diff --git a/etc/nginx/common/protect.conf b/etc/nginx/common/protect.conf
new file mode 100644
index 0000000..031494f
--- /dev/null
+++ b/etc/nginx/common/protect.conf
@@ -0,0 +1,21 @@
+# nginx common web app exploits protection 
+
+location ~* "(eval\()"  { deny all; }
+location ~* "(127\.0\.0\.1)"  { deny all; }
+location ~* "([a-z0-9]{2000})"  { deny all; }
+location ~* "(javascript\:)(.*)(\;)"  { deny all; }
+location ~* "(base64_encode)(.*)(\()"  { deny all; }
+location ~* "(GLOBALS|REQUEST)(=|\[|%)"  { deny all; }
+location ~* "(<|%3C).*script.*(>|%3)" { deny all; }
+location ~ "(\\|\.\.\.|\.\./|~|`|<|>|\|)" { deny all; }
+location ~* "(boot\.ini|etc/passwd|self/environ)" { deny all; }
+location ~* "(thumbs?(_editor|open)?|tim(thumb)?)\.php" { deny all; }
+location ~* "(\'|\")(.*)(drop|insert|md5|select|union)" { deny all; }
+location ~* "(https?|ftp|php):/" { deny all; }
+location ~* "(=\\\'|=\\%27|/\\\'/?)\." { deny all; }
+location ~ "(\{0\}|\(/\(|\.\.\.|\+\+\+|\\\"\\\")" { deny all; }
+location ~ "(~|`|<|>|:|;|%|\\|\s|\{|\}|\[|\]|\|)" { deny all; }
+location ~* "/(=|\$&|_mm|(wp-)?config\.|cgi-|etc/passwd|muieblack)" { deny all; }
+location ~* "(&pws=0|_vti_|\(null\)|\{\$itemURL\}|echo(.*)kae|etc/passwd|eval\(|self/environ)" { deny all; }
+location ~* "\.(aspx?|bash|bak?|cfg|cgi|dll|exe|git|hg|ini|jsp|log|mdb|out|sql|svn|swp|tar|rdf)$" { deny all; }
+location ~* "/(^$|mobiquo|phpinfo|shell|sqlpatch|thumb|thumb_editor|thumbopen|timthumb|webshell)\.php" { deny all; }
\ No newline at end of file
diff --git a/etc/nginx/nginx-intermediate.conf b/etc/nginx/nginx-intermediate.conf
index 2cee242..7337549 100644
--- a/etc/nginx/nginx-intermediate.conf
+++ b/etc/nginx/nginx-intermediate.conf
@@ -53,6 +53,13 @@ http
 
     # tls dynamic records patch directive
     ssl_dyn_rec_enable on;
+    
+    # nginx-vts-status module
+    #vhost_traffic_status_zone;
+    
+    resolver 8.8.8.8 1.1.1.1 valid=300s;
+    resolver_timeout 10;
+
 
     ##
     # GeoIP module configuration, before removing comments
diff --git a/etc/nginx/nginx-tlsv12.conf b/etc/nginx/nginx-tlsv12.conf
index 351afa5..d62f49e 100644
--- a/etc/nginx/nginx-tlsv12.conf
+++ b/etc/nginx/nginx-tlsv12.conf
@@ -53,6 +53,12 @@ http
     
     # tls dynamic records patch directive
     ssl_dyn_rec_enable on;
+    
+    # nginx-vts-status module
+    #vhost_traffic_status_zone;
+    
+    resolver 8.8.8.8 1.1.1.1 valid=300s;
+    resolver_timeout 10;
 
     ##
     # GeoIP module configuration, before removing comments
diff --git a/etc/nginx/nginx.conf b/etc/nginx/nginx.conf
index 845f86f..efca0a0 100644
--- a/etc/nginx/nginx.conf
+++ b/etc/nginx/nginx.conf
@@ -53,6 +53,12 @@ http
     
     # tls dynamic records patch directive
     ssl_dyn_rec_enable on;
+    
+    # nginx-vts-status module
+    #vhost_traffic_status_zone;
+    
+    resolver 8.8.8.8 1.1.1.1 valid=300s;
+    resolver_timeout 10;
 
     ##
     # GeoIP module configuration, before removing comments
diff --git a/etc/nginx/proxy_params b/etc/nginx/proxy_params
index 8cfa9cd..547acd1 100644
--- a/etc/nginx/proxy_params
+++ b/etc/nginx/proxy_params
@@ -8,3 +8,4 @@ proxy_buffers 256 16k;
 proxy_busy_buffers_size 256k;
 proxy_temp_file_write_size 256k;
 proxy_max_temp_file_size 0;
+proxy_read_timeout 3000;
\ No newline at end of file
diff --git a/etc/nginx/sites-available/22222 b/etc/nginx/sites-available/22222
index 78310ac..01c9f44 100644
--- a/etc/nginx/sites-available/22222
+++ b/etc/nginx/sites-available/22222
@@ -25,6 +25,12 @@ server {
   location / {
     try_files $uri $uri/ /index.php?$args;
   }
+  
+  # nginx-vts-status 
+  #location /vts_status {
+  #vhost_traffic_status_display;
+  #vhost_traffic_status_display_format html;
+  #}
 
   # Display menu at location /fpm/status/
   location =  /fpm/status/ {}