add nginx vts module settings
This commit is contained in:
parent
c611472eec
commit
b07f07de37
|
@ -0,0 +1,21 @@
|
||||||
|
# nginx common web app exploits protection
|
||||||
|
|
||||||
|
location ~* "(eval\()" { deny all; }
|
||||||
|
location ~* "(127\.0\.0\.1)" { deny all; }
|
||||||
|
location ~* "([a-z0-9]{2000})" { deny all; }
|
||||||
|
location ~* "(javascript\:)(.*)(\;)" { deny all; }
|
||||||
|
location ~* "(base64_encode)(.*)(\()" { deny all; }
|
||||||
|
location ~* "(GLOBALS|REQUEST)(=|\[|%)" { deny all; }
|
||||||
|
location ~* "(<|%3C).*script.*(>|%3)" { deny all; }
|
||||||
|
location ~ "(\\|\.\.\.|\.\./|~|`|<|>|\|)" { deny all; }
|
||||||
|
location ~* "(boot\.ini|etc/passwd|self/environ)" { deny all; }
|
||||||
|
location ~* "(thumbs?(_editor|open)?|tim(thumb)?)\.php" { deny all; }
|
||||||
|
location ~* "(\'|\")(.*)(drop|insert|md5|select|union)" { deny all; }
|
||||||
|
location ~* "(https?|ftp|php):/" { deny all; }
|
||||||
|
location ~* "(=\\\'|=\\%27|/\\\'/?)\." { deny all; }
|
||||||
|
location ~ "(\{0\}|\(/\(|\.\.\.|\+\+\+|\\\"\\\")" { deny all; }
|
||||||
|
location ~ "(~|`|<|>|:|;|%|\\|\s|\{|\}|\[|\]|\|)" { deny all; }
|
||||||
|
location ~* "/(=|\$&|_mm|(wp-)?config\.|cgi-|etc/passwd|muieblack)" { deny all; }
|
||||||
|
location ~* "(&pws=0|_vti_|\(null\)|\{\$itemURL\}|echo(.*)kae|etc/passwd|eval\(|self/environ)" { deny all; }
|
||||||
|
location ~* "\.(aspx?|bash|bak?|cfg|cgi|dll|exe|git|hg|ini|jsp|log|mdb|out|sql|svn|swp|tar|rdf)$" { deny all; }
|
||||||
|
location ~* "/(^$|mobiquo|phpinfo|shell|sqlpatch|thumb|thumb_editor|thumbopen|timthumb|webshell)\.php" { deny all; }
|
|
@ -53,6 +53,12 @@ http
|
||||||
|
|
||||||
# tls dynamic records patch directive
|
# tls dynamic records patch directive
|
||||||
ssl_dyn_rec_enable on;
|
ssl_dyn_rec_enable on;
|
||||||
|
|
||||||
|
# nginx-vts-status module
|
||||||
|
#vhost_traffic_status_zone;
|
||||||
|
|
||||||
|
resolver 8.8.8.8 1.1.1.1 valid=300s;
|
||||||
|
resolver_timeout 10;
|
||||||
|
|
||||||
##
|
##
|
||||||
# GeoIP module configuration, before removing comments
|
# GeoIP module configuration, before removing comments
|
||||||
|
|
|
@ -53,6 +53,12 @@ http
|
||||||
|
|
||||||
# tls dynamic records patch directive
|
# tls dynamic records patch directive
|
||||||
ssl_dyn_rec_enable on;
|
ssl_dyn_rec_enable on;
|
||||||
|
|
||||||
|
# nginx-vts-status module
|
||||||
|
#vhost_traffic_status_zone;
|
||||||
|
|
||||||
|
resolver 8.8.8.8 1.1.1.1 valid=300s;
|
||||||
|
resolver_timeout 10;
|
||||||
|
|
||||||
##
|
##
|
||||||
# GeoIP module configuration, before removing comments
|
# GeoIP module configuration, before removing comments
|
||||||
|
|
|
@ -53,6 +53,13 @@ http
|
||||||
|
|
||||||
# tls dynamic records patch directive
|
# tls dynamic records patch directive
|
||||||
ssl_dyn_rec_enable on;
|
ssl_dyn_rec_enable on;
|
||||||
|
|
||||||
|
# nginx-vts-status module
|
||||||
|
#vhost_traffic_status_zone;
|
||||||
|
|
||||||
|
# dns resolver for oscp
|
||||||
|
resolver 8.8.8.8 1.1.1.1 valid=300s;
|
||||||
|
resolver_timeout 10;
|
||||||
|
|
||||||
##
|
##
|
||||||
# GeoIP module configuration, before removing comments
|
# GeoIP module configuration, before removing comments
|
||||||
|
|
|
@ -8,3 +8,4 @@ proxy_buffers 256 16k;
|
||||||
proxy_busy_buffers_size 256k;
|
proxy_busy_buffers_size 256k;
|
||||||
proxy_temp_file_write_size 256k;
|
proxy_temp_file_write_size 256k;
|
||||||
proxy_max_temp_file_size 0;
|
proxy_max_temp_file_size 0;
|
||||||
|
proxy_read_timeout 3000;
|
|
@ -25,6 +25,12 @@ server {
|
||||||
location / {
|
location / {
|
||||||
try_files $uri $uri/ /index.php?$args;
|
try_files $uri $uri/ /index.php?$args;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# nginx-vts-status
|
||||||
|
#location /vts_status {
|
||||||
|
#vhost_traffic_status_display;
|
||||||
|
#vhost_traffic_status_display_format html;
|
||||||
|
#}
|
||||||
|
|
||||||
# Display menu at location /fpm/status/
|
# Display menu at location /fpm/status/
|
||||||
location = /fpm/status/ {}
|
location = /fpm/status/ {}
|
||||||
|
|
|
@ -0,0 +1,21 @@
|
||||||
|
# nginx common web app exploits protection
|
||||||
|
|
||||||
|
location ~* "(eval\()" { deny all; }
|
||||||
|
location ~* "(127\.0\.0\.1)" { deny all; }
|
||||||
|
location ~* "([a-z0-9]{2000})" { deny all; }
|
||||||
|
location ~* "(javascript\:)(.*)(\;)" { deny all; }
|
||||||
|
location ~* "(base64_encode)(.*)(\()" { deny all; }
|
||||||
|
location ~* "(GLOBALS|REQUEST)(=|\[|%)" { deny all; }
|
||||||
|
location ~* "(<|%3C).*script.*(>|%3)" { deny all; }
|
||||||
|
location ~ "(\\|\.\.\.|\.\./|~|`|<|>|\|)" { deny all; }
|
||||||
|
location ~* "(boot\.ini|etc/passwd|self/environ)" { deny all; }
|
||||||
|
location ~* "(thumbs?(_editor|open)?|tim(thumb)?)\.php" { deny all; }
|
||||||
|
location ~* "(\'|\")(.*)(drop|insert|md5|select|union)" { deny all; }
|
||||||
|
location ~* "(https?|ftp|php):/" { deny all; }
|
||||||
|
location ~* "(=\\\'|=\\%27|/\\\'/?)\." { deny all; }
|
||||||
|
location ~ "(\{0\}|\(/\(|\.\.\.|\+\+\+|\\\"\\\")" { deny all; }
|
||||||
|
location ~ "(~|`|<|>|:|;|%|\\|\s|\{|\}|\[|\]|\|)" { deny all; }
|
||||||
|
location ~* "/(=|\$&|_mm|(wp-)?config\.|cgi-|etc/passwd|muieblack)" { deny all; }
|
||||||
|
location ~* "(&pws=0|_vti_|\(null\)|\{\$itemURL\}|echo(.*)kae|etc/passwd|eval\(|self/environ)" { deny all; }
|
||||||
|
location ~* "\.(aspx?|bash|bak?|cfg|cgi|dll|exe|git|hg|ini|jsp|log|mdb|out|sql|svn|swp|tar|rdf)$" { deny all; }
|
||||||
|
location ~* "/(^$|mobiquo|phpinfo|shell|sqlpatch|thumb|thumb_editor|thumbopen|timthumb|webshell)\.php" { deny all; }
|
|
@ -53,6 +53,13 @@ http
|
||||||
|
|
||||||
# tls dynamic records patch directive
|
# tls dynamic records patch directive
|
||||||
ssl_dyn_rec_enable on;
|
ssl_dyn_rec_enable on;
|
||||||
|
|
||||||
|
# nginx-vts-status module
|
||||||
|
#vhost_traffic_status_zone;
|
||||||
|
|
||||||
|
resolver 8.8.8.8 1.1.1.1 valid=300s;
|
||||||
|
resolver_timeout 10;
|
||||||
|
|
||||||
|
|
||||||
##
|
##
|
||||||
# GeoIP module configuration, before removing comments
|
# GeoIP module configuration, before removing comments
|
||||||
|
|
|
@ -53,6 +53,12 @@ http
|
||||||
|
|
||||||
# tls dynamic records patch directive
|
# tls dynamic records patch directive
|
||||||
ssl_dyn_rec_enable on;
|
ssl_dyn_rec_enable on;
|
||||||
|
|
||||||
|
# nginx-vts-status module
|
||||||
|
#vhost_traffic_status_zone;
|
||||||
|
|
||||||
|
resolver 8.8.8.8 1.1.1.1 valid=300s;
|
||||||
|
resolver_timeout 10;
|
||||||
|
|
||||||
##
|
##
|
||||||
# GeoIP module configuration, before removing comments
|
# GeoIP module configuration, before removing comments
|
||||||
|
|
|
@ -53,6 +53,12 @@ http
|
||||||
|
|
||||||
# tls dynamic records patch directive
|
# tls dynamic records patch directive
|
||||||
ssl_dyn_rec_enable on;
|
ssl_dyn_rec_enable on;
|
||||||
|
|
||||||
|
# nginx-vts-status module
|
||||||
|
#vhost_traffic_status_zone;
|
||||||
|
|
||||||
|
resolver 8.8.8.8 1.1.1.1 valid=300s;
|
||||||
|
resolver_timeout 10;
|
||||||
|
|
||||||
##
|
##
|
||||||
# GeoIP module configuration, before removing comments
|
# GeoIP module configuration, before removing comments
|
||||||
|
|
|
@ -8,3 +8,4 @@ proxy_buffers 256 16k;
|
||||||
proxy_busy_buffers_size 256k;
|
proxy_busy_buffers_size 256k;
|
||||||
proxy_temp_file_write_size 256k;
|
proxy_temp_file_write_size 256k;
|
||||||
proxy_max_temp_file_size 0;
|
proxy_max_temp_file_size 0;
|
||||||
|
proxy_read_timeout 3000;
|
|
@ -25,6 +25,12 @@ server {
|
||||||
location / {
|
location / {
|
||||||
try_files $uri $uri/ /index.php?$args;
|
try_files $uri $uri/ /index.php?$args;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# nginx-vts-status
|
||||||
|
#location /vts_status {
|
||||||
|
#vhost_traffic_status_display;
|
||||||
|
#vhost_traffic_status_display_format html;
|
||||||
|
#}
|
||||||
|
|
||||||
# Display menu at location /fpm/status/
|
# Display menu at location /fpm/status/
|
||||||
location = /fpm/status/ {}
|
location = /fpm/status/ {}
|
||||||
|
|
Loading…
Reference in New Issue