parent
ec57ddc4c2
commit
b40e7abc4e
BIN
common.zip
BIN
common.zip
Binary file not shown.
Binary file not shown.
|
@ -1,133 +1,131 @@
|
||||||
# NGINX CONFIGURATION FOR COMMON LOCATION
|
# NGINX CONFIGURATION FOR COMMON LOCATION
|
||||||
# DO NOT MODIFY, ALL CHANGES LOST AFTER UPDATE EasyEngine (ee)
|
# DO NOT MODIFY, ALL CHANGES LOST AFTER UPDATE EasyEngine (ee)
|
||||||
# Basic locations files
|
# Basic locations files
|
||||||
location = /favicon.ico {
|
location = /favicon.ico {
|
||||||
access_log off;
|
access_log off;
|
||||||
log_not_found off;
|
log_not_found off;
|
||||||
expires max;
|
expires max;
|
||||||
}
|
}
|
||||||
location = /robots.txt {
|
location = /robots.txt {
|
||||||
# Some WordPress plugin gererate robots.txt file
|
# Some WordPress plugin gererate robots.txt file
|
||||||
# Refer #340 issue
|
# Refer #340 issue
|
||||||
try_files $uri $uri/ /index.php?$args;
|
try_files $uri $uri/ /index.php?$args;
|
||||||
access_log off;
|
access_log off;
|
||||||
log_not_found off;
|
log_not_found off;
|
||||||
}
|
}
|
||||||
# Cache static files
|
# Cache static files
|
||||||
location ~* \.(ogg|ogv|svg|svgz|eot|otf|woff|m4a|mp4|ttf|rss|atom|jpe?g|gif|cur|heic|png|tiff|ico|zip|webm|mp3|aac|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf|swf|webp)$
|
location ~* \.(ogg|ogv|svg|svgz|eot|otf|woff|m4a|mp4|ttf|rss|atom|jpe?g|gif|cur|heic|png|tiff|ico|zip|webm|mp3|aac|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf|swf|webp)$ {
|
||||||
{
|
add_header "Access-Control-Allow-Origin" "*";
|
||||||
add_header "Access-Control-Allow-Origin" "*";
|
access_log off;
|
||||||
access_log off;
|
log_not_found off;
|
||||||
log_not_found off;
|
expires max;
|
||||||
expires max;
|
}
|
||||||
}
|
# Cache css & js files
|
||||||
# Cache css & js files
|
location ~* \.(?:css(\.map)?|js(\.map)?)$ {
|
||||||
location ~* \.(?:css(\.map)?|js(\.map)?)$
|
add_header "Access-Control-Allow-Origin" "*";
|
||||||
{
|
access_log off;
|
||||||
add_header "Access-Control-Allow-Origin" "*";
|
log_not_found off;
|
||||||
access_log off;
|
expires 30d;
|
||||||
log_not_found off;
|
}
|
||||||
expires 30d;
|
# Security settings for better privacy
|
||||||
}
|
# Deny hidden files
|
||||||
# Security settings for better privacy
|
location ~ /\. {
|
||||||
# Deny hidden files
|
deny all;
|
||||||
location ~ /\. {
|
}
|
||||||
deny all;
|
# Use the directory /var/www/html to valide acme-challenge
|
||||||
}
|
# just create the sub-directories .well-known/acme-challenge and set www-data as owner
|
||||||
# Use the directory /var/www/html to valide acme-challenge
|
# #
|
||||||
# just create the sub-directories .well-known/acme-challenge and set www-data as owner
|
# chown -R www-data:www-data /var/www/html && sudo -u www-data mkdir -p /var/www/html/.well-known/acme-challenge
|
||||||
# #
|
# #
|
||||||
# chown -R www-data:www-data /var/www/html && sudo -u www-data mkdir -p /var/www/html/.well-known/acme-challenge
|
location /.well-known/acme-challenge/ {
|
||||||
# #
|
alias /var/www/html/.well-known/acme-challenge/;
|
||||||
location /.well-known/acme-challenge/ {
|
}
|
||||||
alias /var/www/html/.well-known/acme-challenge/;
|
# Return 403 forbidden for readme.(txt|html) or license.(txt|html) or example.(txt|html) or other common git repository files
|
||||||
}
|
location ~* "/(^$|readme|license|example|README|changelog)\.(txt|html|md)" {
|
||||||
# Return 403 forbidden for readme.(txt|html) or license.(txt|html) or example.(txt|html) or other common git repository files
|
deny all;
|
||||||
location ~* "/(^$|readme|license|example|README|changelog)\.(txt|html|md)" {
|
}
|
||||||
deny all;
|
# Deny backup extensions & log files and return 403 forbidden
|
||||||
}
|
location ~* "\.(old|orig|original|php#|php~|php_bak|save|swo|aspx?|bash|bak?|cfg|cgi|dll|exe|git|hg|ini|jsp|log|mdb|out|sql|svn|swp|tar|rdf)$" {
|
||||||
# Deny backup extensions & log files and return 403 forbidden
|
deny all;
|
||||||
location ~* "\.(old|orig|original|php#|php~|php_bak|save|swo|aspx?|bash|bak?|cfg|cgi|dll|exe|git|hg|ini|jsp|log|mdb|out|sql|svn|swp|tar|rdf)$" {
|
}
|
||||||
deny all;
|
# common nginx configuration to block sql injection and other attacks
|
||||||
}
|
location ~* "(eval\()" {
|
||||||
# common nginx configuration to block sql injection and other attacks
|
deny all;
|
||||||
location ~* "(eval\()" {
|
}
|
||||||
deny all;
|
location ~* "(127\.0\.0\.1)" {
|
||||||
}
|
deny all;
|
||||||
location ~* "(127\.0\.0\.1)" {
|
}
|
||||||
deny all;
|
location ~* "([a-z0-9]{2000})" {
|
||||||
}
|
deny all;
|
||||||
location ~* "([a-z0-9]{2000})" {
|
}
|
||||||
deny all;
|
location ~* "(javascript\:)(.*)(\;)" {
|
||||||
}
|
deny all;
|
||||||
location ~* "(javascript\:)(.*)(\;)" {
|
}
|
||||||
deny all;
|
location ~* "(base64_encode)(.*)(\()" {
|
||||||
}
|
deny all;
|
||||||
location ~* "(base64_encode)(.*)(\()" {
|
}
|
||||||
deny all;
|
location ~* "(GLOBALS|REQUEST)(=|\[|%)" {
|
||||||
}
|
deny all;
|
||||||
location ~* "(GLOBALS|REQUEST)(=|\[|%)" {
|
}
|
||||||
deny all;
|
location ~* "(<|%3C).*script.*(>|%3)" {
|
||||||
}
|
deny all;
|
||||||
location ~* "(<|%3C).*script.*(>|%3)" {
|
}
|
||||||
deny all;
|
location ~ "(\\|\.\.\.|\.\./|~|`|<|>|\|)" {
|
||||||
}
|
deny all;
|
||||||
location ~ "(\\|\.\.\.|\.\./|~|`|<|>|\|)" {
|
}
|
||||||
deny all;
|
location ~* "(boot\.ini|etc/passwd|self/environ)" {
|
||||||
}
|
deny all;
|
||||||
location ~* "(boot\.ini|etc/passwd|self/environ)" {
|
}
|
||||||
deny all;
|
location ~* "(thumbs?(_editor|open)?|tim(thumb)?)\.php" {
|
||||||
}
|
deny all;
|
||||||
location ~* "(thumbs?(_editor|open)?|tim(thumb)?)\.php" {
|
}
|
||||||
deny all;
|
location ~* "(\'|\")(.*)(drop|insert|md5|select|union)" {
|
||||||
}
|
deny all;
|
||||||
location ~* "(\'|\")(.*)(drop|insert|md5|select|union)" {
|
}
|
||||||
deny all;
|
location ~* "(https?|ftp|php):/" {
|
||||||
}
|
deny all;
|
||||||
location ~* "(https?|ftp|php):/" {
|
}
|
||||||
deny all;
|
location ~* "(=\\\'|=\\%27|/\\\'/?)\." {
|
||||||
}
|
deny all;
|
||||||
location ~* "(=\\\'|=\\%27|/\\\'/?)\." {
|
}
|
||||||
deny all;
|
location ~ "(\{0\}|\(/\(|\.\.\.|\+\+\+|\\\"\\\")" {
|
||||||
}
|
deny all;
|
||||||
location ~ "(\{0\}|\(/\(|\.\.\.|\+\+\+|\\\"\\\")" {
|
}
|
||||||
deny all;
|
location ~ "(~|`|<|>|:|;|%|\\|\s|\{|\}|\[|\]|\|)" {
|
||||||
}
|
deny all;
|
||||||
location ~ "(~|`|<|>|:|;|%|\\|\s|\{|\}|\[|\]|\|)" {
|
}
|
||||||
deny all;
|
location ~* "/(=|\$&|_mm|(wp-)?config\.|cgi-|etc/passwd|muieblack)" {
|
||||||
}
|
deny all;
|
||||||
location ~* "/(=|\$&|_mm|(wp-)?config\.|cgi-|etc/passwd|muieblack)" {
|
}
|
||||||
deny all;
|
location ~* "(&pws=0|_vti_|\(null\)|\{\$itemURL\}|echo(.*)kae|etc/passwd|eval\(|self/environ)" {
|
||||||
}
|
deny all;
|
||||||
location ~* "(&pws=0|_vti_|\(null\)|\{\$itemURL\}|echo(.*)kae|etc/passwd|eval\(|self/environ)" {
|
}
|
||||||
deny all;
|
location ~* "/(^$|mobiquo|phpinfo|shell|sqlpatch|thumb|thumb_editor|thumbopen|timthumb|webshell)\.php" {
|
||||||
}
|
deny all;
|
||||||
location ~* "/(^$|mobiquo|phpinfo|shell|sqlpatch|thumb|thumb_editor|thumbopen|timthumb|webshell)\.php" {
|
}
|
||||||
deny all;
|
# Status pages
|
||||||
}
|
location = /nginx_status {
|
||||||
# Status pages
|
stub_status on;
|
||||||
location = /nginx_status {
|
access_log off;
|
||||||
stub_status on;
|
include common/acl.conf;
|
||||||
access_log off;
|
}
|
||||||
include common/acl.conf;
|
location ~ ^/(status|ping)$ {
|
||||||
}
|
include fastcgi_params;
|
||||||
location ~ ^/(status|ping)$ {
|
include common/acl.conf;
|
||||||
include fastcgi_params;
|
fastcgi_pass php7;
|
||||||
fastcgi_pass php7;
|
}
|
||||||
include common/acl.conf;
|
# EasyEngine (ee) utilities
|
||||||
}
|
# phpMyAdmin settings
|
||||||
# EasyEngine (ee) utilities
|
location = /pma {
|
||||||
# phpMyAdmin settings
|
return 301 https://$host:22222/db/pma;
|
||||||
location = /pma {
|
}
|
||||||
return 301 https://$host:22222/db/pma;
|
location = /phpMyAdmin {
|
||||||
}
|
return 301 https://$host:22222/db/pma;
|
||||||
location = /phpMyAdmin {
|
}
|
||||||
return 301 https://$host:22222/db/pma;
|
location = /phpmyadmin {
|
||||||
}
|
return 301 https://$host:22222/db/pma;
|
||||||
location = /phpmyadmin {
|
}
|
||||||
return 301 https://$host:22222/db/pma;
|
# Adminer settings
|
||||||
}
|
location = /adminer {
|
||||||
# Adminer settings
|
return 301 https://$host:22222/db/adminer;
|
||||||
location = /adminer {
|
}
|
||||||
return 301 https://$host:22222/db/adminer;
|
|
||||||
}
|
|
||||||
|
|
|
@ -1,133 +1,133 @@
|
||||||
# NGINX CONFIGURATION FOR COMMON LOCATION
|
# NGINX CONFIGURATION FOR COMMON LOCATION
|
||||||
# DO NOT MODIFY, ALL CHANGES LOST AFTER UPDATE EasyEngine (ee)
|
# DO NOT MODIFY, ALL CHANGES LOST AFTER UPDATE EasyEngine (ee)
|
||||||
# Basic locations files
|
# Basic locations files
|
||||||
location = /favicon.ico {
|
location = /favicon.ico {
|
||||||
access_log off;
|
access_log off;
|
||||||
log_not_found off;
|
log_not_found off;
|
||||||
expires max;
|
expires max;
|
||||||
}
|
}
|
||||||
location = /robots.txt {
|
location = /robots.txt {
|
||||||
# Some WordPress plugin gererate robots.txt file
|
# Some WordPress plugin gererate robots.txt file
|
||||||
# Refer #340 issue
|
# Refer #340 issue
|
||||||
try_files $uri $uri/ /index.php?$args;
|
try_files $uri $uri/ /index.php?$args;
|
||||||
access_log off;
|
access_log off;
|
||||||
log_not_found off;
|
log_not_found off;
|
||||||
}
|
}
|
||||||
# Cache static files
|
# Cache static files
|
||||||
location ~* \.(ogg|ogv|svg|svgz|eot|otf|woff|m4a|mp4|ttf|rss|atom|jpe?g|gif|cur|heic|png|tiff|ico|zip|webm|mp3|aac|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf|swf|webp)$
|
location ~* \.(ogg|ogv|svg|svgz|eot|otf|woff|m4a|mp4|ttf|rss|atom|jpe?g|gif|cur|heic|png|tiff|ico|zip|webm|mp3|aac|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf|swf|webp)$
|
||||||
{
|
{
|
||||||
add_header "Access-Control-Allow-Origin" "*";
|
add_header "Access-Control-Allow-Origin" "*";
|
||||||
access_log off;
|
access_log off;
|
||||||
log_not_found off;
|
log_not_found off;
|
||||||
expires max;
|
expires max;
|
||||||
}
|
}
|
||||||
# Cache css & js files
|
# Cache css & js files
|
||||||
location ~* \.(?:css(\.map)?|js(\.map)?)$
|
location ~* \.(?:css(\.map)?|js(\.map)?)$
|
||||||
{
|
{
|
||||||
add_header "Access-Control-Allow-Origin" "*";
|
add_header "Access-Control-Allow-Origin" "*";
|
||||||
access_log off;
|
access_log off;
|
||||||
log_not_found off;
|
log_not_found off;
|
||||||
expires 30d;
|
expires 30d;
|
||||||
}
|
}
|
||||||
# Security settings for better privacy
|
# Security settings for better privacy
|
||||||
# Deny hidden files
|
# Deny hidden files
|
||||||
location ~ /\. {
|
location ~ /\. {
|
||||||
deny all;
|
deny all;
|
||||||
}
|
}
|
||||||
# Use the directory /var/www/html to valide acme-challenge
|
# Use the directory /var/www/html to valide acme-challenge
|
||||||
# just create the sub-directories .well-known/acme-challenge and set www-data as owner
|
# just create the sub-directories .well-known/acme-challenge and set www-data as owner
|
||||||
# #
|
# #
|
||||||
# chown -R www-data:www-data /var/www/html && sudo -u www-data mkdir -p /var/www/html/.well-known/acme-challenge
|
# chown -R www-data:www-data /var/www/html && sudo -u www-data mkdir -p /var/www/html/.well-known/acme-challenge
|
||||||
# #
|
# #
|
||||||
location /.well-known/acme-challenge/ {
|
location /.well-known/acme-challenge/ {
|
||||||
alias /var/www/html/.well-known/acme-challenge/;
|
alias /var/www/html/.well-known/acme-challenge/;
|
||||||
}
|
}
|
||||||
# Return 403 forbidden for readme.(txt|html) or license.(txt|html) or example.(txt|html) or other common git repository files
|
# Return 403 forbidden for readme.(txt|html) or license.(txt|html) or example.(txt|html) or other common git repository files
|
||||||
location ~* "/(^$|readme|license|example|README|changelog)\.(txt|html|md)" {
|
location ~* "/(^$|readme|license|example|README|changelog)\.(txt|html|md)" {
|
||||||
deny all;
|
deny all;
|
||||||
}
|
}
|
||||||
# Deny backup extensions & log files and return 403 forbidden
|
# Deny backup extensions & log files and return 403 forbidden
|
||||||
location ~* "\.(old|orig|original|php#|php~|php_bak|save|swo|aspx?|bash|bak?|cfg|cgi|dll|exe|git|hg|ini|jsp|log|mdb|out|sql|svn|swp|tar|rdf)$" {
|
location ~* "\.(old|orig|original|php#|php~|php_bak|save|swo|aspx?|bash|bak?|cfg|cgi|dll|exe|git|hg|ini|jsp|log|mdb|out|sql|svn|swp|tar|rdf)$" {
|
||||||
deny all;
|
deny all;
|
||||||
}
|
}
|
||||||
# common nginx configuration to block sql injection and other attacks
|
# common nginx configuration to block sql injection and other attacks
|
||||||
location ~* "(eval\()" {
|
location ~* "(eval\()" {
|
||||||
deny all;
|
deny all;
|
||||||
}
|
}
|
||||||
location ~* "(127\.0\.0\.1)" {
|
location ~* "(127\.0\.0\.1)" {
|
||||||
deny all;
|
deny all;
|
||||||
}
|
}
|
||||||
location ~* "([a-z0-9]{2000})" {
|
location ~* "([a-z0-9]{2000})" {
|
||||||
deny all;
|
deny all;
|
||||||
}
|
}
|
||||||
location ~* "(javascript\:)(.*)(\;)" {
|
location ~* "(javascript\:)(.*)(\;)" {
|
||||||
deny all;
|
deny all;
|
||||||
}
|
}
|
||||||
location ~* "(base64_encode)(.*)(\()" {
|
location ~* "(base64_encode)(.*)(\()" {
|
||||||
deny all;
|
deny all;
|
||||||
}
|
}
|
||||||
location ~* "(GLOBALS|REQUEST)(=|\[|%)" {
|
location ~* "(GLOBALS|REQUEST)(=|\[|%)" {
|
||||||
deny all;
|
deny all;
|
||||||
}
|
}
|
||||||
location ~* "(<|%3C).*script.*(>|%3)" {
|
location ~* "(<|%3C).*script.*(>|%3)" {
|
||||||
deny all;
|
deny all;
|
||||||
}
|
}
|
||||||
location ~ "(\\|\.\.\.|\.\./|~|`|<|>|\|)" {
|
location ~ "(\\|\.\.\.|\.\./|~|`|<|>|\|)" {
|
||||||
deny all;
|
deny all;
|
||||||
}
|
}
|
||||||
location ~* "(boot\.ini|etc/passwd|self/environ)" {
|
location ~* "(boot\.ini|etc/passwd|self/environ)" {
|
||||||
deny all;
|
deny all;
|
||||||
}
|
}
|
||||||
location ~* "(thumbs?(_editor|open)?|tim(thumb)?)\.php" {
|
location ~* "(thumbs?(_editor|open)?|tim(thumb)?)\.php" {
|
||||||
deny all;
|
deny all;
|
||||||
}
|
}
|
||||||
location ~* "(\'|\")(.*)(drop|insert|md5|select|union)" {
|
location ~* "(\'|\")(.*)(drop|insert|md5|select|union)" {
|
||||||
deny all;
|
deny all;
|
||||||
}
|
}
|
||||||
location ~* "(https?|ftp|php):/" {
|
location ~* "(https?|ftp|php):/" {
|
||||||
deny all;
|
deny all;
|
||||||
}
|
}
|
||||||
location ~* "(=\\\'|=\\%27|/\\\'/?)\." {
|
location ~* "(=\\\'|=\\%27|/\\\'/?)\." {
|
||||||
deny all;
|
deny all;
|
||||||
}
|
}
|
||||||
location ~ "(\{0\}|\(/\(|\.\.\.|\+\+\+|\\\"\\\")" {
|
location ~ "(\{0\}|\(/\(|\.\.\.|\+\+\+|\\\"\\\")" {
|
||||||
deny all;
|
deny all;
|
||||||
}
|
}
|
||||||
location ~ "(~|`|<|>|:|;|%|\\|\s|\{|\}|\[|\]|\|)" {
|
location ~ "(~|`|<|>|:|;|%|\\|\s|\{|\}|\[|\]|\|)" {
|
||||||
deny all;
|
deny all;
|
||||||
}
|
}
|
||||||
location ~* "/(=|\$&|_mm|(wp-)?config\.|cgi-|etc/passwd|muieblack)" {
|
location ~* "/(=|\$&|_mm|(wp-)?config\.|cgi-|etc/passwd|muieblack)" {
|
||||||
deny all;
|
deny all;
|
||||||
}
|
}
|
||||||
location ~* "(&pws=0|_vti_|\(null\)|\{\$itemURL\}|echo(.*)kae|etc/passwd|eval\(|self/environ)" {
|
location ~* "(&pws=0|_vti_|\(null\)|\{\$itemURL\}|echo(.*)kae|etc/passwd|eval\(|self/environ)" {
|
||||||
deny all;
|
deny all;
|
||||||
}
|
}
|
||||||
location ~* "/(^$|mobiquo|phpinfo|shell|sqlpatch|thumb|thumb_editor|thumbopen|timthumb|webshell)\.php" {
|
location ~* "/(^$|mobiquo|phpinfo|shell|sqlpatch|thumb|thumb_editor|thumbopen|timthumb|webshell)\.php" {
|
||||||
deny all;
|
deny all;
|
||||||
}
|
}
|
||||||
# Status pages
|
# Status pages
|
||||||
location /nginx_status {
|
location /nginx_status {
|
||||||
stub_status on;
|
stub_status on;
|
||||||
access_log off;
|
access_log off;
|
||||||
include common/acl.conf;
|
include common/acl.conf;
|
||||||
}
|
}
|
||||||
location ~ ^/(status|ping) {
|
location ~ ^/(status|ping) {
|
||||||
include fastcgi_params;
|
include fastcgi_params;
|
||||||
fastcgi_pass php71;
|
fastcgi_pass php71;
|
||||||
include common/acl.conf;
|
include common/acl.conf;
|
||||||
}
|
}
|
||||||
# EasyEngine (ee) utilities
|
# EasyEngine (ee) utilities
|
||||||
# phpMyAdmin settings
|
# phpMyAdmin settings
|
||||||
location /pma {
|
location /pma {
|
||||||
return 301 https://$host:22222/db/pma;
|
return 301 https://$host:22222/db/pma;
|
||||||
}
|
}
|
||||||
location /phpMyAdmin {
|
location /phpMyAdmin {
|
||||||
return 301 https://$host:22222/db/pma;
|
return 301 https://$host:22222/db/pma;
|
||||||
}
|
}
|
||||||
location /phpmyadmin {
|
location /phpmyadmin {
|
||||||
return 301 https://$host:22222/db/pma;
|
return 301 https://$host:22222/db/pma;
|
||||||
}
|
}
|
||||||
# Adminer settings
|
# Adminer settings
|
||||||
location /adminer {
|
location /adminer {
|
||||||
return 301 https://$host:22222/db/adminer;
|
return 301 https://$host:22222/db/adminer;
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,136 +1,137 @@
|
||||||
# NGINX CONFIGURATION FOR COMMON LOCATION
|
# NGINX CONFIGURATION FOR COMMON LOCATION
|
||||||
# DO NOT MODIFY, ALL CHANGES LOST AFTER UPDATE EasyEngine (ee)
|
# DO NOT MODIFY, ALL CHANGES LOST AFTER UPDATE EasyEngine (ee)
|
||||||
# Basic locations files
|
# Basic locations files
|
||||||
location = /favicon.ico {
|
location = /favicon.ico {
|
||||||
try_files /favicon.ico @empty;
|
try_files /favicon.ico @empty;
|
||||||
access_log off;
|
access_log off;
|
||||||
log_not_found off;
|
log_not_found off;
|
||||||
expires max;
|
expires max;
|
||||||
|
|
||||||
}
|
}
|
||||||
location @empty {
|
|
||||||
empty_gif;
|
location @empty {
|
||||||
}
|
empty_gif;
|
||||||
location = /robots.txt {
|
}
|
||||||
# Some WordPress plugin gererate robots.txt file
|
location = /robots.txt {
|
||||||
# Refer #340 issue
|
# Some WordPress plugin gererate robots.txt file
|
||||||
try_files $uri $uri/ /index.php?$args;
|
# Refer #340 issue
|
||||||
access_log off;
|
try_files $uri $uri/ /index.php?$args;
|
||||||
log_not_found off;
|
access_log off;
|
||||||
}
|
log_not_found off;
|
||||||
# Cache static files
|
}
|
||||||
location ~* \.(ogg|ogv|svg|svgz|eot|otf|woff|woff2|ttf|m4a|mp4|ttf|rss|atom|jpe?g|gif|cur|heic|png|tiff|ico|zip|webm|mp3|aac|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf|swf|webp)$ {
|
# Cache static files
|
||||||
add_header "Access-Control-Allow-Origin" "*";
|
location ~* \.(ogg|ogv|svg|svgz|eot|otf|woff|woff2|ttf|m4a|mp4|ttf|rss|atom|jpe?g|gif|cur|heic|png|tiff|ico|zip|webm|mp3|aac|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf|swf|webp)$ {
|
||||||
access_log off;
|
add_header "Access-Control-Allow-Origin" "*";
|
||||||
log_not_found off;
|
access_log off;
|
||||||
expires max;
|
log_not_found off;
|
||||||
}
|
expires max;
|
||||||
# Cache css & js files
|
}
|
||||||
location ~* \.(?:css(\.map)?|js(\.map)?)$ {
|
# Cache css & js files
|
||||||
add_header "Access-Control-Allow-Origin" "*";
|
location ~* \.(?:css(\.map)?|js(\.map)?)$ {
|
||||||
access_log off;
|
add_header "Access-Control-Allow-Origin" "*";
|
||||||
log_not_found off;
|
access_log off;
|
||||||
expires 30d;
|
log_not_found off;
|
||||||
}
|
expires 30d;
|
||||||
# Security settings for better privacy
|
}
|
||||||
# Deny hidden files
|
# Security settings for better privacy
|
||||||
location ~ /\. {
|
# Deny hidden files
|
||||||
deny all;
|
location ~ /\. {
|
||||||
}
|
deny all;
|
||||||
# Use the directory /var/www/html to valide acme-challenge
|
}
|
||||||
# just create the sub-directories .well-known/acme-challenge and set www-data as owner
|
# Use the directory /var/www/html to valide acme-challenge
|
||||||
# #
|
# just create the sub-directories .well-known/acme-challenge and set www-data as owner
|
||||||
# chown -R www-data:www-data /var/www/html && sudo -u www-data mkdir -p /var/www/html/.well-known/acme-challenge
|
# #
|
||||||
# #
|
# chown -R www-data:www-data /var/www/html && sudo -u www-data mkdir -p /var/www/html/.well-known/acme-challenge
|
||||||
location /.well-known/acme-challenge/ {
|
# #
|
||||||
alias /var/www/html/.well-known/acme-challenge/;
|
location /.well-known/acme-challenge/ {
|
||||||
}
|
alias /var/www/html/.well-known/acme-challenge/;
|
||||||
# Return 403 forbidden for readme.(txt|html) or license.(txt|html) or example.(txt|html) or other common git repository files
|
}
|
||||||
location ~* "/(^$|readme|license|example|README|LEGALNOTICE|INSTALLATION|CHANGELOG)\.(txt|html|md)" {
|
# Return 403 forbidden for readme.(txt|html) or license.(txt|html) or example.(txt|html) or other common git repository files
|
||||||
deny all;
|
location ~* "/(^$|readme|license|example|README|LEGALNOTICE|INSTALLATION|CHANGELOG)\.(txt|html|md)" {
|
||||||
}
|
deny all;
|
||||||
# Deny backup extensions & log files and return 403 forbidden
|
}
|
||||||
location ~* "\.(old|orig|original|php#|php~|php_bak|save|swo|aspx?|tpl|sh|bash|bak?|cfg|cgi|dll|exe|git|hg|ini|jsp|log|mdb|out|sql|svn|swp|tar|rdf)$" {
|
# Deny backup extensions & log files and return 403 forbidden
|
||||||
deny all;
|
location ~* "\.(old|orig|original|php#|php~|php_bak|save|swo|aspx?|tpl|sh|bash|bak?|cfg|cgi|dll|exe|git|hg|ini|jsp|log|mdb|out|sql|svn|swp|tar|rdf)$" {
|
||||||
}
|
deny all;
|
||||||
# common nginx configuration to block sql injection and other attacks
|
}
|
||||||
location ~* "(eval\()" {
|
# common nginx configuration to block sql injection and other attacks
|
||||||
deny all;
|
location ~* "(eval\()" {
|
||||||
}
|
deny all;
|
||||||
location ~* "(127\.0\.0\.1)" {
|
}
|
||||||
deny all;
|
location ~* "(127\.0\.0\.1)" {
|
||||||
}
|
deny all;
|
||||||
location ~* "([a-z0-9]{2000})" {
|
}
|
||||||
deny all;
|
location ~* "([a-z0-9]{2000})" {
|
||||||
}
|
deny all;
|
||||||
location ~* "(javascript\:)(.*)(\;)" {
|
}
|
||||||
deny all;
|
location ~* "(javascript\:)(.*)(\;)" {
|
||||||
}
|
deny all;
|
||||||
location ~* "(base64_encode)(.*)(\()" {
|
}
|
||||||
deny all;
|
location ~* "(base64_encode)(.*)(\()" {
|
||||||
}
|
deny all;
|
||||||
location ~* "(GLOBALS|REQUEST)(=|\[|%)" {
|
}
|
||||||
deny all;
|
location ~* "(GLOBALS|REQUEST)(=|\[|%)" {
|
||||||
}
|
deny all;
|
||||||
location ~* "(<|%3C).*script.*(>|%3)" {
|
}
|
||||||
deny all;
|
location ~* "(<|%3C).*script.*(>|%3)" {
|
||||||
}
|
deny all;
|
||||||
location ~ "(\\|\.\.\.|\.\./|~|`|<|>|\|)" {
|
}
|
||||||
deny all;
|
location ~ "(\\|\.\.\.|\.\./|~|`|<|>|\|)" {
|
||||||
}
|
deny all;
|
||||||
location ~* "(boot\.ini|etc/passwd|self/environ)" {
|
}
|
||||||
deny all;
|
location ~* "(boot\.ini|etc/passwd|self/environ)" {
|
||||||
}
|
deny all;
|
||||||
location ~* "(thumbs?(_editor|open)?|tim(thumb)?)\.php" {
|
}
|
||||||
deny all;
|
location ~* "(thumbs?(_editor|open)?|tim(thumb)?)\.php" {
|
||||||
}
|
deny all;
|
||||||
location ~* "(\'|\")(.*)(drop|insert|md5|select|union)" {
|
}
|
||||||
deny all;
|
location ~* "(\'|\")(.*)(drop|insert|md5|select|union)" {
|
||||||
}
|
deny all;
|
||||||
location ~* "(https?|ftp|php):/" {
|
}
|
||||||
deny all;
|
location ~* "(https?|ftp|php):/" {
|
||||||
}
|
deny all;
|
||||||
location ~* "(=\\\'|=\\%27|/\\\'/?)\." {
|
}
|
||||||
deny all;
|
location ~* "(=\\\'|=\\%27|/\\\'/?)\." {
|
||||||
}
|
deny all;
|
||||||
location ~ "(\{0\}|\(/\(|\.\.\.|\+\+\+|\\\"\\\")" {
|
}
|
||||||
deny all;
|
location ~ "(\{0\}|\(/\(|\.\.\.|\+\+\+|\\\"\\\")" {
|
||||||
}
|
deny all;
|
||||||
location ~ "(~|`|<|>|:|;|%|\\|\s|\{|\}|\[|\]|\|)" {
|
}
|
||||||
deny all;
|
location ~ "(~|`|<|>|:|;|%|\\|\s|\{|\}|\[|\]|\|)" {
|
||||||
}
|
deny all;
|
||||||
location ~* "/(=|\$&|_mm|(wp-)?config\.|cgi-|etc/passwd|muieblack)" {
|
}
|
||||||
deny all;
|
location ~* "/(=|\$&|_mm|(wp-)?config\.|cgi-|etc/passwd|muieblack)" {
|
||||||
}
|
deny all;
|
||||||
location ~* "(&pws=0|_vti_|\(null\)|\{\$itemURL\}|echo(.*)kae|etc/passwd|eval\(|self/environ)" {
|
}
|
||||||
deny all;
|
location ~* "(&pws=0|_vti_|\(null\)|\{\$itemURL\}|echo(.*)kae|etc/passwd|eval\(|self/environ)" {
|
||||||
}
|
deny all;
|
||||||
location ~* "/(^$|mobiquo|phpinfo|shell|sqlpatch|thumb|thumb_editor|thumbopen|timthumb|webshell|config|settings|configuration)\.php" {
|
}
|
||||||
deny all;
|
location ~* "/(^$|mobiquo|phpinfo|shell|sqlpatch|thumb|thumb_editor|thumbopen|timthumb|webshell|config|settings|configuration)\.php" {
|
||||||
}
|
deny all;
|
||||||
# Status pages
|
}
|
||||||
location /nginx_status {
|
# Status pages
|
||||||
stub_status on;
|
location /nginx_status {
|
||||||
access_log off;
|
stub_status on;
|
||||||
include common/acl.conf;
|
access_log off;
|
||||||
}
|
include common/acl.conf;
|
||||||
location ~ ^/(status|ping) {
|
}
|
||||||
include fastcgi_params;
|
location ~ ^/(status|ping) {
|
||||||
include common/acl.conf;
|
include fastcgi_params;
|
||||||
fastcgi_pass php72;
|
include common/acl.conf;
|
||||||
}
|
fastcgi_pass php72;
|
||||||
# EasyEngine (ee) utilities
|
}
|
||||||
# phpMyAdmin settings
|
# EasyEngine (ee) utilities
|
||||||
location /pma {
|
# phpMyAdmin settings
|
||||||
return 301 https://$host:22222/db/pma;
|
location /pma {
|
||||||
}
|
return 301 https://$host:22222/db/pma;
|
||||||
location /phpMyAdmin {
|
}
|
||||||
return 301 https://$host:22222/db/pma;
|
location /phpMyAdmin {
|
||||||
}
|
return 301 https://$host:22222/db/pma;
|
||||||
location /phpmyadmin {
|
}
|
||||||
return 301 https://$host:22222/db/pma;
|
location /phpmyadmin {
|
||||||
}
|
return 301 https://$host:22222/db/pma;
|
||||||
# Adminer settings
|
}
|
||||||
location /adminer {
|
# Adminer settings
|
||||||
return 301 https://$host:22222/db/adminer;
|
location /adminer {
|
||||||
}
|
return 301 https://$host:22222/db/adminer;
|
||||||
|
}
|
||||||
|
|
|
@ -1,37 +1,37 @@
|
||||||
# WordPress COMMON SETTINGS
|
# WordPress COMMON SETTINGS
|
||||||
# DO NOT MODIFY, ALL CHANGES LOST AFTER UPDATE EasyEngine (ee)
|
# DO NOT MODIFY, ALL CHANGES LOST AFTER UPDATE EasyEngine (ee)
|
||||||
# Limit access to avoid brute force attack
|
# Limit access to avoid brute force attack
|
||||||
location = /wp-login.php {
|
location = /wp-login.php {
|
||||||
limit_req zone=one burst=1 nodelay;
|
limit_req zone=one burst=1 nodelay;
|
||||||
include fastcgi_params;
|
include fastcgi_params;
|
||||||
fastcgi_pass php7;
|
fastcgi_pass php7;
|
||||||
}
|
}
|
||||||
# Disable wp-config.txt
|
# Disable wp-config.txt
|
||||||
location = /wp-config.txt {
|
location = /wp-config.txt {
|
||||||
deny all;
|
deny all;
|
||||||
access_log off;
|
access_log off;
|
||||||
log_not_found off;
|
log_not_found off;
|
||||||
}
|
}
|
||||||
# Disallow php in upload folder and add webp rewrite
|
# Disallow php in upload folder and add webp rewrite
|
||||||
location /wp-content/uploads/ {
|
location /wp-content/uploads/ {
|
||||||
location ~ \.php$ {
|
location ~ \.php$ {
|
||||||
#Prevent Direct Access Of PHP Files From Web Browsers
|
#Prevent Direct Access Of PHP Files From Web Browsers
|
||||||
deny all;
|
deny all;
|
||||||
}
|
}
|
||||||
# webp rewrite rules
|
# webp rewrite rules
|
||||||
location ~ \.(png|jpe?g)$ {
|
location ~ \.(png|jpe?g)$ {
|
||||||
add_header Vary "Accept-Encoding";
|
add_header Vary "Accept-Encoding";
|
||||||
add_header "Access-Control-Allow-Origin" "*";
|
add_header "Access-Control-Allow-Origin" "*";
|
||||||
add_header Cache-Control "public, no-transform";
|
add_header Cache-Control "public, no-transform";
|
||||||
access_log off;
|
access_log off;
|
||||||
log_not_found off;
|
log_not_found off;
|
||||||
expires max;
|
expires max;
|
||||||
try_files $uri$webp_suffix $uri =404;
|
try_files $uri$webp_suffix $uri =404;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
# mitigate DoS attack CVE with WordPress script concatenation
|
# mitigate DoS attack CVE with WordPress script concatenation
|
||||||
# add the following line to wp-config.php
|
# add the following line to wp-config.php
|
||||||
# define( 'CONCATENATE_SCRIPTS', false );
|
# define( 'CONCATENATE_SCRIPTS', false );
|
||||||
location ~ \/wp-admin\/load-(scripts|styles).php {
|
location ~ \/wp-admin\/load-(scripts|styles).php {
|
||||||
deny all;
|
deny all;
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,37 +1,37 @@
|
||||||
# WordPress COMMON SETTINGS
|
# WordPress COMMON SETTINGS
|
||||||
# DO NOT MODIFY, ALL CHANGES LOST AFTER UPDATE EasyEngine (ee)
|
# DO NOT MODIFY, ALL CHANGES LOST AFTER UPDATE EasyEngine (ee)
|
||||||
# Limit access to avoid brute force attack
|
# Limit access to avoid brute force attack
|
||||||
location = /wp-login.php {
|
location = /wp-login.php {
|
||||||
limit_req zone=one burst=1 nodelay;
|
limit_req zone=one burst=1 nodelay;
|
||||||
include fastcgi_params;
|
include fastcgi_params;
|
||||||
fastcgi_pass php71;
|
fastcgi_pass php71;
|
||||||
}
|
}
|
||||||
# Disable wp-config.txt
|
# Disable wp-config.txt
|
||||||
location = /wp-config.txt {
|
location = /wp-config.txt {
|
||||||
deny all;
|
deny all;
|
||||||
access_log off;
|
access_log off;
|
||||||
log_not_found off;
|
log_not_found off;
|
||||||
}
|
}
|
||||||
# Disallow php in upload folder and add webp rewrite
|
# Disallow php in upload folder and add webp rewrite
|
||||||
location /wp-content/uploads/ {
|
location /wp-content/uploads/ {
|
||||||
location ~ \.php$ {
|
location ~ \.php$ {
|
||||||
#Prevent Direct Access Of PHP Files From Web Browsers
|
#Prevent Direct Access Of PHP Files From Web Browsers
|
||||||
deny all;
|
deny all;
|
||||||
}
|
}
|
||||||
# webp rewrite rules
|
# webp rewrite rules
|
||||||
location ~ \.(png|jpe?g)$ {
|
location ~ \.(png|jpe?g)$ {
|
||||||
add_header Vary "Accept-Encoding";
|
add_header Vary "Accept-Encoding";
|
||||||
add_header "Access-Control-Allow-Origin" "*";
|
add_header "Access-Control-Allow-Origin" "*";
|
||||||
add_header Cache-Control "public, no-transform";
|
add_header Cache-Control "public, no-transform";
|
||||||
access_log off;
|
access_log off;
|
||||||
log_not_found off;
|
log_not_found off;
|
||||||
expires max;
|
expires max;
|
||||||
try_files $uri$webp_suffix $uri =404;
|
try_files $uri$webp_suffix $uri =404;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
# mitigate DoS attack CVE with WordPress script concatenation
|
# mitigate DoS attack CVE with WordPress script concatenation
|
||||||
# add the following line to wp-config.php
|
# add the following line to wp-config.php
|
||||||
# define( 'CONCATENATE_SCRIPTS', false );
|
# define( 'CONCATENATE_SCRIPTS', false );
|
||||||
location ~ \/wp-admin\/load-(scripts|styles).php {
|
location ~ \/wp-admin\/load-(scripts|styles).php {
|
||||||
deny all;
|
deny all;
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,37 +1,37 @@
|
||||||
# WordPress COMMON SETTINGS
|
# WordPress COMMON SETTINGS
|
||||||
# DO NOT MODIFY, ALL CHANGES LOST AFTER UPDATE EasyEngine (ee)
|
# DO NOT MODIFY, ALL CHANGES LOST AFTER UPDATE EasyEngine (ee)
|
||||||
# Limit access to avoid brute force attack
|
# Limit access to avoid brute force attack
|
||||||
location = /wp-login.php {
|
location = /wp-login.php {
|
||||||
limit_req zone=one burst=1 nodelay;
|
limit_req zone=one burst=1 nodelay;
|
||||||
include fastcgi_params;
|
include fastcgi_params;
|
||||||
fastcgi_pass php72;
|
fastcgi_pass php72;
|
||||||
}
|
}
|
||||||
# Disable wp-config.txt
|
# Disable wp-config.txt
|
||||||
location = /wp-config.txt {
|
location = /wp-config.txt {
|
||||||
deny all;
|
deny all;
|
||||||
access_log off;
|
access_log off;
|
||||||
log_not_found off;
|
log_not_found off;
|
||||||
}
|
}
|
||||||
# Disallow php in upload folder and add webp rewrite
|
# Disallow php in upload folder and add webp rewrite
|
||||||
location /wp-content/uploads/ {
|
location /wp-content/uploads/ {
|
||||||
location ~ \.php$ {
|
location ~ \.php$ {
|
||||||
#Prevent Direct Access Of PHP Files From Web Browsers
|
#Prevent Direct Access Of PHP Files From Web Browsers
|
||||||
deny all;
|
deny all;
|
||||||
}
|
}
|
||||||
# webp rewrite rules
|
# webp rewrite rules
|
||||||
location ~ \.(png|jpe?g)$ {
|
location ~ \.(png|jpe?g)$ {
|
||||||
add_header Vary "Accept-Encoding";
|
add_header Vary "Accept-Encoding";
|
||||||
add_header "Access-Control-Allow-Origin" "*";
|
add_header "Access-Control-Allow-Origin" "*";
|
||||||
add_header Cache-Control "public, no-transform";
|
add_header Cache-Control "public, no-transform";
|
||||||
access_log off;
|
access_log off;
|
||||||
log_not_found off;
|
log_not_found off;
|
||||||
expires max;
|
expires max;
|
||||||
try_files $uri$webp_suffix $uri =404;
|
try_files $uri$webp_suffix $uri =404;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
# mitigate DoS attack CVE with WordPress script concatenation
|
# mitigate DoS attack CVE with WordPress script concatenation
|
||||||
# add the following line to wp-config.php
|
# add the following line to wp-config.php
|
||||||
# define( 'CONCATENATE_SCRIPTS', false );
|
# define( 'CONCATENATE_SCRIPTS', false );
|
||||||
location ~ \/wp-admin\/load-(scripts|styles).php {
|
location ~ \/wp-admin\/load-(scripts|styles).php {
|
||||||
deny all;
|
deny all;
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,82 +1,131 @@
|
||||||
# NGINX CONFIGURATION FOR COMMON LOCATION
|
# NGINX CONFIGURATION FOR COMMON LOCATION
|
||||||
# DO NOT MODIFY, ALL CHANGES LOST AFTER UPDATE EasyEngine (ee)
|
# DO NOT MODIFY, ALL CHANGES LOST AFTER UPDATE EasyEngine (ee)
|
||||||
# Basic locations files
|
# Basic locations files
|
||||||
location = /favicon.ico {
|
location = /favicon.ico {
|
||||||
access_log off;
|
access_log off;
|
||||||
log_not_found off;
|
log_not_found off;
|
||||||
expires max;
|
expires max;
|
||||||
}
|
}
|
||||||
location = /robots.txt {
|
location = /robots.txt {
|
||||||
# Some WordPress plugin gererate robots.txt file
|
# Some WordPress plugin gererate robots.txt file
|
||||||
# Refer #340 issue
|
# Refer #340 issue
|
||||||
try_files $uri $uri/ /index.php?$args;
|
try_files $uri $uri/ /index.php?$args;
|
||||||
access_log off;
|
access_log off;
|
||||||
log_not_found off;
|
log_not_found off;
|
||||||
}
|
}
|
||||||
# Cache static files
|
# Cache static files
|
||||||
location ~* \.(ogg|ogv|svg|svgz|eot|otf|woff|m4a|mp4|ttf|rss|atom|jpe?g|gif|cur|heic|png|tiff|ico|zip|webm|mp3|aac|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf|swf|webp)$
|
location ~* \.(ogg|ogv|svg|svgz|eot|otf|woff|m4a|mp4|ttf|rss|atom|jpe?g|gif|cur|heic|png|tiff|ico|zip|webm|mp3|aac|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf|swf|webp)$ {
|
||||||
{
|
add_header "Access-Control-Allow-Origin" "*";
|
||||||
add_header "Access-Control-Allow-Origin" "*";
|
access_log off;
|
||||||
access_log off;
|
log_not_found off;
|
||||||
log_not_found off;
|
expires max;
|
||||||
expires max;
|
}
|
||||||
}
|
# Cache css & js files
|
||||||
# Cache css & js files
|
location ~* \.(?:css(\.map)?|js(\.map)?)$ {
|
||||||
location ~* \.(?:css(\.map)?|js(\.map)?)$
|
add_header "Access-Control-Allow-Origin" "*";
|
||||||
{
|
access_log off;
|
||||||
add_header "Access-Control-Allow-Origin" "*";
|
log_not_found off;
|
||||||
access_log off;
|
expires 30d;
|
||||||
log_not_found off;
|
}
|
||||||
expires 30d;
|
# Security settings for better privacy
|
||||||
}
|
# Deny hidden files
|
||||||
# Security settings for better privacy
|
location ~ /\. {
|
||||||
# Deny hidden files
|
deny all;
|
||||||
location ~ /\. {
|
}
|
||||||
deny all;
|
# Use the directory /var/www/html to valide acme-challenge
|
||||||
access_log off;
|
# just create the sub-directories .well-known/acme-challenge and set www-data as owner
|
||||||
log_not_found off;
|
# #
|
||||||
}
|
# chown -R www-data:www-data /var/www/html && sudo -u www-data mkdir -p /var/www/html/.well-known/acme-challenge
|
||||||
# Use the directory /var/www/html to valide acme-challenge
|
# #
|
||||||
# just create the sub-directories .well-known/acme-challenge and set www-data as owner
|
location /.well-known/acme-challenge/ {
|
||||||
# #
|
alias /var/www/html/.well-known/acme-challenge/;
|
||||||
# chown -R www-data:www-data /var/www/html && sudo -u www-data mkdir -p /var/www/html/.well-known/acme-challenge
|
}
|
||||||
# #
|
# Return 403 forbidden for readme.(txt|html) or license.(txt|html) or example.(txt|html) or other common git repository files
|
||||||
location /.well-known/acme-challenge/ {
|
location ~* "/(^$|readme|license|example|README|changelog)\.(txt|html|md)" {
|
||||||
alias /var/www/html/.well-known/acme-challenge/;
|
deny all;
|
||||||
}
|
}
|
||||||
# Deny backup extensions & log files
|
# Deny backup extensions & log files and return 403 forbidden
|
||||||
location ~* ^.+\.(bak|log|old|orig|original|php#|php~|php_bak|save|swo|swp|sql)$ {
|
location ~* "\.(old|orig|original|php#|php~|php_bak|save|swo|aspx?|bash|bak?|cfg|cgi|dll|exe|git|hg|ini|jsp|log|mdb|out|sql|svn|swp|tar|rdf)$" {
|
||||||
deny all;
|
deny all;
|
||||||
access_log off;
|
}
|
||||||
log_not_found off;
|
# common nginx configuration to block sql injection and other attacks
|
||||||
}
|
location ~* "(eval\()" {
|
||||||
# Return 403 forbidden for readme.(txt|html) or license.(txt|html) or example.(txt|html)
|
deny all;
|
||||||
location ~* "/(^$|readme|license|example)\.(txt|html)" {
|
}
|
||||||
return 403;
|
location ~* "(127\.0\.0\.1)" {
|
||||||
}
|
deny all;
|
||||||
# Status pages
|
}
|
||||||
location /nginx_status {
|
location ~* "([a-z0-9]{2000})" {
|
||||||
stub_status on;
|
deny all;
|
||||||
access_log off;
|
}
|
||||||
include common/acl.conf;
|
location ~* "(javascript\:)(.*)(\;)" {
|
||||||
}
|
deny all;
|
||||||
location ~ ^/(status|ping) {
|
}
|
||||||
include fastcgi_params;
|
location ~* "(base64_encode)(.*)(\()" {
|
||||||
fastcgi_pass php7;
|
deny all;
|
||||||
include common/acl.conf;
|
}
|
||||||
}
|
location ~* "(GLOBALS|REQUEST)(=|\[|%)" {
|
||||||
# EasyEngine (ee) utilities
|
deny all;
|
||||||
# phpMyAdmin settings
|
}
|
||||||
location /pma {
|
location ~* "(<|%3C).*script.*(>|%3)" {
|
||||||
return 301 https://$host:22222/db/pma;
|
deny all;
|
||||||
}
|
}
|
||||||
location /phpMyAdmin {
|
location ~ "(\\|\.\.\.|\.\./|~|`|<|>|\|)" {
|
||||||
return 301 https://$host:22222/db/pma;
|
deny all;
|
||||||
}
|
}
|
||||||
location /phpmyadmin {
|
location ~* "(boot\.ini|etc/passwd|self/environ)" {
|
||||||
return 301 https://$host:22222/db/pma;
|
deny all;
|
||||||
}
|
}
|
||||||
# Adminer settings
|
location ~* "(thumbs?(_editor|open)?|tim(thumb)?)\.php" {
|
||||||
location /adminer {
|
deny all;
|
||||||
return 301 https://$host:22222/db/adminer;
|
}
|
||||||
}
|
location ~* "(\'|\")(.*)(drop|insert|md5|select|union)" {
|
||||||
|
deny all;
|
||||||
|
}
|
||||||
|
location ~* "(https?|ftp|php):/" {
|
||||||
|
deny all;
|
||||||
|
}
|
||||||
|
location ~* "(=\\\'|=\\%27|/\\\'/?)\." {
|
||||||
|
deny all;
|
||||||
|
}
|
||||||
|
location ~ "(\{0\}|\(/\(|\.\.\.|\+\+\+|\\\"\\\")" {
|
||||||
|
deny all;
|
||||||
|
}
|
||||||
|
location ~ "(~|`|<|>|:|;|%|\\|\s|\{|\}|\[|\]|\|)" {
|
||||||
|
deny all;
|
||||||
|
}
|
||||||
|
location ~* "/(=|\$&|_mm|(wp-)?config\.|cgi-|etc/passwd|muieblack)" {
|
||||||
|
deny all;
|
||||||
|
}
|
||||||
|
location ~* "(&pws=0|_vti_|\(null\)|\{\$itemURL\}|echo(.*)kae|etc/passwd|eval\(|self/environ)" {
|
||||||
|
deny all;
|
||||||
|
}
|
||||||
|
location ~* "/(^$|mobiquo|phpinfo|shell|sqlpatch|thumb|thumb_editor|thumbopen|timthumb|webshell)\.php" {
|
||||||
|
deny all;
|
||||||
|
}
|
||||||
|
# Status pages
|
||||||
|
location = /nginx_status {
|
||||||
|
stub_status on;
|
||||||
|
access_log off;
|
||||||
|
include common/acl.conf;
|
||||||
|
}
|
||||||
|
location ~ ^/(status|ping)$ {
|
||||||
|
include fastcgi_params;
|
||||||
|
include common/acl.conf;
|
||||||
|
fastcgi_pass php7;
|
||||||
|
}
|
||||||
|
# EasyEngine (ee) utilities
|
||||||
|
# phpMyAdmin settings
|
||||||
|
location = /pma {
|
||||||
|
return 301 https://$host:22222/db/pma;
|
||||||
|
}
|
||||||
|
location = /phpMyAdmin {
|
||||||
|
return 301 https://$host:22222/db/pma;
|
||||||
|
}
|
||||||
|
location = /phpmyadmin {
|
||||||
|
return 301 https://$host:22222/db/pma;
|
||||||
|
}
|
||||||
|
# Adminer settings
|
||||||
|
location = /adminer {
|
||||||
|
return 301 https://$host:22222/db/adminer;
|
||||||
|
}
|
||||||
|
|
|
@ -1,82 +1,133 @@
|
||||||
# NGINX CONFIGURATION FOR COMMON LOCATION
|
# NGINX CONFIGURATION FOR COMMON LOCATION
|
||||||
# DO NOT MODIFY, ALL CHANGES LOST AFTER UPDATE EasyEngine (ee)
|
# DO NOT MODIFY, ALL CHANGES LOST AFTER UPDATE EasyEngine (ee)
|
||||||
# Basic locations files
|
# Basic locations files
|
||||||
location = /favicon.ico {
|
location = /favicon.ico {
|
||||||
access_log off;
|
access_log off;
|
||||||
log_not_found off;
|
log_not_found off;
|
||||||
expires max;
|
expires max;
|
||||||
}
|
}
|
||||||
location = /robots.txt {
|
location = /robots.txt {
|
||||||
# Some WordPress plugin gererate robots.txt file
|
# Some WordPress plugin gererate robots.txt file
|
||||||
# Refer #340 issue
|
# Refer #340 issue
|
||||||
try_files $uri $uri/ /index.php?$args;
|
try_files $uri $uri/ /index.php?$args;
|
||||||
access_log off;
|
access_log off;
|
||||||
log_not_found off;
|
log_not_found off;
|
||||||
}
|
}
|
||||||
# Cache static files
|
# Cache static files
|
||||||
location ~* \.(ogg|ogv|svg|svgz|eot|otf|woff|m4a|mp4|ttf|rss|atom|jpe?g|gif|cur|heic|png|tiff|ico|zip|webm|mp3|aac|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf|swf|webp)$
|
location ~* \.(ogg|ogv|svg|svgz|eot|otf|woff|m4a|mp4|ttf|rss|atom|jpe?g|gif|cur|heic|png|tiff|ico|zip|webm|mp3|aac|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf|swf|webp)$
|
||||||
{
|
{
|
||||||
add_header "Access-Control-Allow-Origin" "*";
|
add_header "Access-Control-Allow-Origin" "*";
|
||||||
access_log off;
|
access_log off;
|
||||||
log_not_found off;
|
log_not_found off;
|
||||||
expires max;
|
expires max;
|
||||||
}
|
}
|
||||||
# Cache css & js files
|
# Cache css & js files
|
||||||
location ~* \.(?:css(\.map)?|js(\.map)?)$
|
location ~* \.(?:css(\.map)?|js(\.map)?)$
|
||||||
{
|
{
|
||||||
add_header "Access-Control-Allow-Origin" "*";
|
add_header "Access-Control-Allow-Origin" "*";
|
||||||
access_log off;
|
access_log off;
|
||||||
log_not_found off;
|
log_not_found off;
|
||||||
expires 30d;
|
expires 30d;
|
||||||
}
|
}
|
||||||
# Security settings for better privacy
|
# Security settings for better privacy
|
||||||
# Deny hidden files
|
# Deny hidden files
|
||||||
location ~ /\. {
|
location ~ /\. {
|
||||||
deny all;
|
deny all;
|
||||||
access_log off;
|
}
|
||||||
log_not_found off;
|
# Use the directory /var/www/html to valide acme-challenge
|
||||||
}
|
# just create the sub-directories .well-known/acme-challenge and set www-data as owner
|
||||||
# Use the directory /var/www/html to valide acme-challenge
|
# #
|
||||||
# just create the sub-directories .well-known/acme-challenge and set www-data as owner
|
# chown -R www-data:www-data /var/www/html && sudo -u www-data mkdir -p /var/www/html/.well-known/acme-challenge
|
||||||
# #
|
# #
|
||||||
# chown -R www-data:www-data /var/www/html && sudo -u www-data mkdir -p /var/www/html/.well-known/acme-challenge
|
location /.well-known/acme-challenge/ {
|
||||||
# #
|
alias /var/www/html/.well-known/acme-challenge/;
|
||||||
location /.well-known/acme-challenge/ {
|
}
|
||||||
alias /var/www/html/.well-known/acme-challenge/;
|
# Return 403 forbidden for readme.(txt|html) or license.(txt|html) or example.(txt|html) or other common git repository files
|
||||||
}
|
location ~* "/(^$|readme|license|example|README|changelog)\.(txt|html|md)" {
|
||||||
# Deny backup extensions & log files
|
deny all;
|
||||||
location ~* ^.+\.(bak|log|old|orig|original|php#|php~|php_bak|save|swo|swp|sql)$ {
|
}
|
||||||
deny all;
|
# Deny backup extensions & log files and return 403 forbidden
|
||||||
access_log off;
|
location ~* "\.(old|orig|original|php#|php~|php_bak|save|swo|aspx?|bash|bak?|cfg|cgi|dll|exe|git|hg|ini|jsp|log|mdb|out|sql|svn|swp|tar|rdf)$" {
|
||||||
log_not_found off;
|
deny all;
|
||||||
}
|
}
|
||||||
# Return 403 forbidden for readme.(txt|html) or license.(txt|html) or example.(txt|html)
|
# common nginx configuration to block sql injection and other attacks
|
||||||
location ~* "/(^$|readme|license|example)\.(txt|html)" {
|
location ~* "(eval\()" {
|
||||||
return 403;
|
deny all;
|
||||||
}
|
}
|
||||||
# Status pages
|
location ~* "(127\.0\.0\.1)" {
|
||||||
location /nginx_status {
|
deny all;
|
||||||
stub_status on;
|
}
|
||||||
access_log off;
|
location ~* "([a-z0-9]{2000})" {
|
||||||
include common/acl.conf;
|
deny all;
|
||||||
}
|
}
|
||||||
location ~ ^/(status|ping) {
|
location ~* "(javascript\:)(.*)(\;)" {
|
||||||
include fastcgi_params;
|
deny all;
|
||||||
fastcgi_pass php71;
|
}
|
||||||
include common/acl.conf;
|
location ~* "(base64_encode)(.*)(\()" {
|
||||||
}
|
deny all;
|
||||||
# EasyEngine (ee) utilities
|
}
|
||||||
# phpMyAdmin settings
|
location ~* "(GLOBALS|REQUEST)(=|\[|%)" {
|
||||||
location /pma {
|
deny all;
|
||||||
return 301 https://$host:22222/db/pma;
|
}
|
||||||
}
|
location ~* "(<|%3C).*script.*(>|%3)" {
|
||||||
location /phpMyAdmin {
|
deny all;
|
||||||
return 301 https://$host:22222/db/pma;
|
}
|
||||||
}
|
location ~ "(\\|\.\.\.|\.\./|~|`|<|>|\|)" {
|
||||||
location /phpmyadmin {
|
deny all;
|
||||||
return 301 https://$host:22222/db/pma;
|
}
|
||||||
}
|
location ~* "(boot\.ini|etc/passwd|self/environ)" {
|
||||||
# Adminer settings
|
deny all;
|
||||||
location /adminer {
|
}
|
||||||
return 301 https://$host:22222/db/adminer;
|
location ~* "(thumbs?(_editor|open)?|tim(thumb)?)\.php" {
|
||||||
}
|
deny all;
|
||||||
|
}
|
||||||
|
location ~* "(\'|\")(.*)(drop|insert|md5|select|union)" {
|
||||||
|
deny all;
|
||||||
|
}
|
||||||
|
location ~* "(https?|ftp|php):/" {
|
||||||
|
deny all;
|
||||||
|
}
|
||||||
|
location ~* "(=\\\'|=\\%27|/\\\'/?)\." {
|
||||||
|
deny all;
|
||||||
|
}
|
||||||
|
location ~ "(\{0\}|\(/\(|\.\.\.|\+\+\+|\\\"\\\")" {
|
||||||
|
deny all;
|
||||||
|
}
|
||||||
|
location ~ "(~|`|<|>|:|;|%|\\|\s|\{|\}|\[|\]|\|)" {
|
||||||
|
deny all;
|
||||||
|
}
|
||||||
|
location ~* "/(=|\$&|_mm|(wp-)?config\.|cgi-|etc/passwd|muieblack)" {
|
||||||
|
deny all;
|
||||||
|
}
|
||||||
|
location ~* "(&pws=0|_vti_|\(null\)|\{\$itemURL\}|echo(.*)kae|etc/passwd|eval\(|self/environ)" {
|
||||||
|
deny all;
|
||||||
|
}
|
||||||
|
location ~* "/(^$|mobiquo|phpinfo|shell|sqlpatch|thumb|thumb_editor|thumbopen|timthumb|webshell)\.php" {
|
||||||
|
deny all;
|
||||||
|
}
|
||||||
|
# Status pages
|
||||||
|
location /nginx_status {
|
||||||
|
stub_status on;
|
||||||
|
access_log off;
|
||||||
|
include common/acl.conf;
|
||||||
|
}
|
||||||
|
location ~ ^/(status|ping) {
|
||||||
|
include fastcgi_params;
|
||||||
|
fastcgi_pass php71;
|
||||||
|
include common/acl.conf;
|
||||||
|
}
|
||||||
|
# EasyEngine (ee) utilities
|
||||||
|
# phpMyAdmin settings
|
||||||
|
location /pma {
|
||||||
|
return 301 https://$host:22222/db/pma;
|
||||||
|
}
|
||||||
|
location /phpMyAdmin {
|
||||||
|
return 301 https://$host:22222/db/pma;
|
||||||
|
}
|
||||||
|
location /phpmyadmin {
|
||||||
|
return 301 https://$host:22222/db/pma;
|
||||||
|
}
|
||||||
|
# Adminer settings
|
||||||
|
location /adminer {
|
||||||
|
return 301 https://$host:22222/db/adminer;
|
||||||
|
}
|
||||||
|
|
|
@ -1,82 +1,137 @@
|
||||||
# NGINX CONFIGURATION FOR COMMON LOCATION
|
# NGINX CONFIGURATION FOR COMMON LOCATION
|
||||||
# DO NOT MODIFY, ALL CHANGES LOST AFTER UPDATE EasyEngine (ee)
|
# DO NOT MODIFY, ALL CHANGES LOST AFTER UPDATE EasyEngine (ee)
|
||||||
# Basic locations files
|
# Basic locations files
|
||||||
location = /favicon.ico {
|
location = /favicon.ico {
|
||||||
access_log off;
|
try_files /favicon.ico @empty;
|
||||||
log_not_found off;
|
access_log off;
|
||||||
expires max;
|
log_not_found off;
|
||||||
}
|
expires max;
|
||||||
location = /robots.txt {
|
|
||||||
# Some WordPress plugin gererate robots.txt file
|
}
|
||||||
# Refer #340 issue
|
|
||||||
try_files $uri $uri/ /index.php?$args;
|
location @empty {
|
||||||
access_log off;
|
empty_gif;
|
||||||
log_not_found off;
|
}
|
||||||
}
|
location = /robots.txt {
|
||||||
# Cache static files
|
# Some WordPress plugin gererate robots.txt file
|
||||||
location ~* \.(ogg|ogv|svg|svgz|eot|otf|woff|m4a|mp4|ttf|rss|atom|jpe?g|gif|cur|heic|png|tiff|ico|zip|webm|mp3|aac|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf|swf|webp)$
|
# Refer #340 issue
|
||||||
{
|
try_files $uri $uri/ /index.php?$args;
|
||||||
add_header "Access-Control-Allow-Origin" "*";
|
access_log off;
|
||||||
access_log off;
|
log_not_found off;
|
||||||
log_not_found off;
|
}
|
||||||
expires max;
|
# Cache static files
|
||||||
}
|
location ~* \.(ogg|ogv|svg|svgz|eot|otf|woff|woff2|ttf|m4a|mp4|ttf|rss|atom|jpe?g|gif|cur|heic|png|tiff|ico|zip|webm|mp3|aac|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf|swf|webp)$ {
|
||||||
# Cache css & js files
|
add_header "Access-Control-Allow-Origin" "*";
|
||||||
location ~* \.(?:css(\.map)?|js(\.map)?)$
|
access_log off;
|
||||||
{
|
log_not_found off;
|
||||||
add_header "Access-Control-Allow-Origin" "*";
|
expires max;
|
||||||
access_log off;
|
}
|
||||||
log_not_found off;
|
# Cache css & js files
|
||||||
expires 30d;
|
location ~* \.(?:css(\.map)?|js(\.map)?)$ {
|
||||||
}
|
add_header "Access-Control-Allow-Origin" "*";
|
||||||
# Security settings for better privacy
|
access_log off;
|
||||||
# Deny hidden files
|
log_not_found off;
|
||||||
location ~ /\. {
|
expires 30d;
|
||||||
deny all;
|
}
|
||||||
access_log off;
|
# Security settings for better privacy
|
||||||
log_not_found off;
|
# Deny hidden files
|
||||||
}
|
location ~ /\. {
|
||||||
# Use the directory /var/www/html to valide acme-challenge
|
deny all;
|
||||||
# just create the sub-directories .well-known/acme-challenge and set www-data as owner
|
}
|
||||||
# #
|
# Use the directory /var/www/html to valide acme-challenge
|
||||||
# chown -R www-data:www-data /var/www/html && sudo -u www-data mkdir -p /var/www/html/.well-known/acme-challenge
|
# just create the sub-directories .well-known/acme-challenge and set www-data as owner
|
||||||
# #
|
# #
|
||||||
location /.well-known/acme-challenge/ {
|
# chown -R www-data:www-data /var/www/html && sudo -u www-data mkdir -p /var/www/html/.well-known/acme-challenge
|
||||||
alias /var/www/html/.well-known/acme-challenge/;
|
# #
|
||||||
}
|
location /.well-known/acme-challenge/ {
|
||||||
# Deny backup extensions & log files
|
alias /var/www/html/.well-known/acme-challenge/;
|
||||||
location ~* ^.+\.(bak|log|old|orig|original|php#|php~|php_bak|save|swo|swp|sql)$ {
|
}
|
||||||
deny all;
|
# Return 403 forbidden for readme.(txt|html) or license.(txt|html) or example.(txt|html) or other common git repository files
|
||||||
access_log off;
|
location ~* "/(^$|readme|license|example|README|LEGALNOTICE|INSTALLATION|CHANGELOG)\.(txt|html|md)" {
|
||||||
log_not_found off;
|
deny all;
|
||||||
}
|
}
|
||||||
# Return 403 forbidden for readme.(txt|html) or license.(txt|html) or example.(txt|html)
|
# Deny backup extensions & log files and return 403 forbidden
|
||||||
location ~* "/(^$|readme|license|example)\.(txt|html)" {
|
location ~* "\.(old|orig|original|php#|php~|php_bak|save|swo|aspx?|tpl|sh|bash|bak?|cfg|cgi|dll|exe|git|hg|ini|jsp|log|mdb|out|sql|svn|swp|tar|rdf)$" {
|
||||||
return 403;
|
deny all;
|
||||||
}
|
}
|
||||||
# Status pages
|
# common nginx configuration to block sql injection and other attacks
|
||||||
location /nginx_status {
|
location ~* "(eval\()" {
|
||||||
stub_status on;
|
deny all;
|
||||||
access_log off;
|
}
|
||||||
include common/acl.conf;
|
location ~* "(127\.0\.0\.1)" {
|
||||||
}
|
deny all;
|
||||||
location ~ ^/(status|ping) {
|
}
|
||||||
include fastcgi_params;
|
location ~* "([a-z0-9]{2000})" {
|
||||||
fastcgi_pass php72;
|
deny all;
|
||||||
include common/acl.conf;
|
}
|
||||||
}
|
location ~* "(javascript\:)(.*)(\;)" {
|
||||||
# EasyEngine (ee) utilities
|
deny all;
|
||||||
# phpMyAdmin settings
|
}
|
||||||
location /pma {
|
location ~* "(base64_encode)(.*)(\()" {
|
||||||
return 301 https://$host:22222/db/pma;
|
deny all;
|
||||||
}
|
}
|
||||||
location /phpMyAdmin {
|
location ~* "(GLOBALS|REQUEST)(=|\[|%)" {
|
||||||
return 301 https://$host:22222/db/pma;
|
deny all;
|
||||||
}
|
}
|
||||||
location /phpmyadmin {
|
location ~* "(<|%3C).*script.*(>|%3)" {
|
||||||
return 301 https://$host:22222/db/pma;
|
deny all;
|
||||||
}
|
}
|
||||||
# Adminer settings
|
location ~ "(\\|\.\.\.|\.\./|~|`|<|>|\|)" {
|
||||||
location /adminer {
|
deny all;
|
||||||
return 301 https://$host:22222/db/adminer;
|
}
|
||||||
}
|
location ~* "(boot\.ini|etc/passwd|self/environ)" {
|
||||||
|
deny all;
|
||||||
|
}
|
||||||
|
location ~* "(thumbs?(_editor|open)?|tim(thumb)?)\.php" {
|
||||||
|
deny all;
|
||||||
|
}
|
||||||
|
location ~* "(\'|\")(.*)(drop|insert|md5|select|union)" {
|
||||||
|
deny all;
|
||||||
|
}
|
||||||
|
location ~* "(https?|ftp|php):/" {
|
||||||
|
deny all;
|
||||||
|
}
|
||||||
|
location ~* "(=\\\'|=\\%27|/\\\'/?)\." {
|
||||||
|
deny all;
|
||||||
|
}
|
||||||
|
location ~ "(\{0\}|\(/\(|\.\.\.|\+\+\+|\\\"\\\")" {
|
||||||
|
deny all;
|
||||||
|
}
|
||||||
|
location ~ "(~|`|<|>|:|;|%|\\|\s|\{|\}|\[|\]|\|)" {
|
||||||
|
deny all;
|
||||||
|
}
|
||||||
|
location ~* "/(=|\$&|_mm|(wp-)?config\.|cgi-|etc/passwd|muieblack)" {
|
||||||
|
deny all;
|
||||||
|
}
|
||||||
|
location ~* "(&pws=0|_vti_|\(null\)|\{\$itemURL\}|echo(.*)kae|etc/passwd|eval\(|self/environ)" {
|
||||||
|
deny all;
|
||||||
|
}
|
||||||
|
location ~* "/(^$|mobiquo|phpinfo|shell|sqlpatch|thumb|thumb_editor|thumbopen|timthumb|webshell|config|settings|configuration)\.php" {
|
||||||
|
deny all;
|
||||||
|
}
|
||||||
|
# Status pages
|
||||||
|
location /nginx_status {
|
||||||
|
stub_status on;
|
||||||
|
access_log off;
|
||||||
|
include common/acl.conf;
|
||||||
|
}
|
||||||
|
location ~ ^/(status|ping) {
|
||||||
|
include fastcgi_params;
|
||||||
|
include common/acl.conf;
|
||||||
|
fastcgi_pass php72;
|
||||||
|
}
|
||||||
|
# EasyEngine (ee) utilities
|
||||||
|
# phpMyAdmin settings
|
||||||
|
location /pma {
|
||||||
|
return 301 https://$host:22222/db/pma;
|
||||||
|
}
|
||||||
|
location /phpMyAdmin {
|
||||||
|
return 301 https://$host:22222/db/pma;
|
||||||
|
}
|
||||||
|
location /phpmyadmin {
|
||||||
|
return 301 https://$host:22222/db/pma;
|
||||||
|
}
|
||||||
|
# Adminer settings
|
||||||
|
location /adminer {
|
||||||
|
return 301 https://$host:22222/db/adminer;
|
||||||
|
}
|
||||||
|
|
|
@ -1,33 +1,37 @@
|
||||||
# WordPress COMMON SETTINGS
|
# WordPress COMMON SETTINGS
|
||||||
# DO NOT MODIFY, ALL CHANGES LOST AFTER UPDATE EasyEngine (ee)
|
# DO NOT MODIFY, ALL CHANGES LOST AFTER UPDATE EasyEngine (ee)
|
||||||
# Limit access to avoid brute force attack
|
# Limit access to avoid brute force attack
|
||||||
location = /wp-login.php {
|
location = /wp-login.php {
|
||||||
limit_req zone=one burst=1 nodelay;
|
limit_req zone=one burst=1 nodelay;
|
||||||
include fastcgi_params;
|
include fastcgi_params;
|
||||||
fastcgi_pass php7;
|
fastcgi_pass php7;
|
||||||
}
|
}
|
||||||
# Disable wp-config.txt
|
# Disable wp-config.txt
|
||||||
location = /wp-config.txt {
|
location = /wp-config.txt {
|
||||||
deny all;
|
deny all;
|
||||||
access_log off;
|
access_log off;
|
||||||
log_not_found off;
|
log_not_found off;
|
||||||
}
|
}
|
||||||
# Disallow php in upload folder
|
# Disallow php in upload folder and add webp rewrite
|
||||||
location /wp-content/uploads/ {
|
location /wp-content/uploads/ {
|
||||||
location ~ \.php$ {
|
location ~ \.php$ {
|
||||||
#Prevent Direct Access Of PHP Files From Web Browsers
|
#Prevent Direct Access Of PHP Files From Web Browsers
|
||||||
deny all;
|
deny all;
|
||||||
}
|
}
|
||||||
}
|
# webp rewrite rules
|
||||||
location ~* ^/wp-content/.+\.(png|jpg)$ {
|
location ~ \.(png|jpe?g)$ {
|
||||||
add_header Vary Accept;
|
add_header Vary "Accept-Encoding";
|
||||||
add_header "Access-Control-Allow-Origin" "*";
|
add_header "Access-Control-Allow-Origin" "*";
|
||||||
access_log off;
|
add_header Cache-Control "public, no-transform";
|
||||||
log_not_found off;
|
access_log off;
|
||||||
expires max;
|
log_not_found off;
|
||||||
try_files $uri$webp_suffix $uri =404;
|
expires max;
|
||||||
}
|
try_files $uri$webp_suffix $uri =404;
|
||||||
|
}
|
||||||
location ~ \/wp-admin\/load-(scripts|styles).php {
|
}
|
||||||
deny all;
|
# mitigate DoS attack CVE with WordPress script concatenation
|
||||||
}
|
# add the following line to wp-config.php
|
||||||
|
# define( 'CONCATENATE_SCRIPTS', false );
|
||||||
|
location ~ \/wp-admin\/load-(scripts|styles).php {
|
||||||
|
deny all;
|
||||||
|
}
|
||||||
|
|
|
@ -1,35 +1,37 @@
|
||||||
# WordPress COMMON SETTINGS
|
# WordPress COMMON SETTINGS
|
||||||
# DO NOT MODIFY, ALL CHANGES LOST AFTER UPDATE EasyEngine (ee)
|
# DO NOT MODIFY, ALL CHANGES LOST AFTER UPDATE EasyEngine (ee)
|
||||||
# Limit access to avoid brute force attack
|
# Limit access to avoid brute force attack
|
||||||
location = /wp-login.php {
|
location = /wp-login.php {
|
||||||
limit_req zone=one burst=1 nodelay;
|
limit_req zone=one burst=1 nodelay;
|
||||||
include fastcgi_params;
|
include fastcgi_params;
|
||||||
fastcgi_pass php71;
|
fastcgi_pass php71;
|
||||||
}
|
}
|
||||||
# Disable wp-config.txt
|
# Disable wp-config.txt
|
||||||
location = /wp-config.txt {
|
location = /wp-config.txt {
|
||||||
deny all;
|
deny all;
|
||||||
access_log off;
|
access_log off;
|
||||||
log_not_found off;
|
log_not_found off;
|
||||||
}
|
}
|
||||||
# Disallow php in upload folder and add webp rewrite
|
# Disallow php in upload folder and add webp rewrite
|
||||||
location /wp-content/uploads/ {
|
location /wp-content/uploads/ {
|
||||||
location ~ \.php$ {
|
location ~ \.php$ {
|
||||||
#Prevent Direct Access Of PHP Files From Web Browsers
|
#Prevent Direct Access Of PHP Files From Web Browsers
|
||||||
deny all;
|
deny all;
|
||||||
}
|
}
|
||||||
location ~ \.(png|jpe?g)$ {
|
# webp rewrite rules
|
||||||
add_header Vary "Accept-Encoding";
|
location ~ \.(png|jpe?g)$ {
|
||||||
add_header "Access-Control-Allow-Origin" "*";
|
add_header Vary "Accept-Encoding";
|
||||||
add_header Cache-Control "public, no-transform";
|
add_header "Access-Control-Allow-Origin" "*";
|
||||||
access_log off;
|
add_header Cache-Control "public, no-transform";
|
||||||
log_not_found off;
|
access_log off;
|
||||||
expires max;
|
log_not_found off;
|
||||||
try_files $uri$webp_suffix $uri =404;
|
expires max;
|
||||||
}
|
try_files $uri$webp_suffix $uri =404;
|
||||||
}
|
}
|
||||||
|
}
|
||||||
# mitigate DoS attack CVE with WordPress script concatenation
|
# mitigate DoS attack CVE with WordPress script concatenation
|
||||||
location ~ \/wp-admin\/load-(scripts|styles).php {
|
# add the following line to wp-config.php
|
||||||
deny all;
|
# define( 'CONCATENATE_SCRIPTS', false );
|
||||||
}
|
location ~ \/wp-admin\/load-(scripts|styles).php {
|
||||||
|
deny all;
|
||||||
|
}
|
||||||
|
|
|
@ -1,35 +1,37 @@
|
||||||
# WordPress COMMON SETTINGS
|
# WordPress COMMON SETTINGS
|
||||||
# DO NOT MODIFY, ALL CHANGES LOST AFTER UPDATE EasyEngine (ee)
|
# DO NOT MODIFY, ALL CHANGES LOST AFTER UPDATE EasyEngine (ee)
|
||||||
# Limit access to avoid brute force attack
|
# Limit access to avoid brute force attack
|
||||||
location = /wp-login.php {
|
location = /wp-login.php {
|
||||||
limit_req zone=one burst=1 nodelay;
|
limit_req zone=one burst=1 nodelay;
|
||||||
include fastcgi_params;
|
include fastcgi_params;
|
||||||
fastcgi_pass php72;
|
fastcgi_pass php72;
|
||||||
}
|
}
|
||||||
# Disable wp-config.txt
|
# Disable wp-config.txt
|
||||||
location = /wp-config.txt {
|
location = /wp-config.txt {
|
||||||
deny all;
|
deny all;
|
||||||
access_log off;
|
access_log off;
|
||||||
log_not_found off;
|
log_not_found off;
|
||||||
}
|
}
|
||||||
# Disallow php in upload folder and add webp rewrite
|
# Disallow php in upload folder and add webp rewrite
|
||||||
location /wp-content/uploads/ {
|
location /wp-content/uploads/ {
|
||||||
location ~ \.php$ {
|
location ~ \.php$ {
|
||||||
#Prevent Direct Access Of PHP Files From Web Browsers
|
#Prevent Direct Access Of PHP Files From Web Browsers
|
||||||
deny all;
|
deny all;
|
||||||
}
|
}
|
||||||
location ~ \.(png|jpe?g)$ {
|
# webp rewrite rules
|
||||||
add_header Vary "Accept-Encoding";
|
location ~ \.(png|jpe?g)$ {
|
||||||
add_header "Access-Control-Allow-Origin" "*";
|
add_header Vary "Accept-Encoding";
|
||||||
add_header Cache-Control "public, no-transform";
|
add_header "Access-Control-Allow-Origin" "*";
|
||||||
access_log off;
|
add_header Cache-Control "public, no-transform";
|
||||||
log_not_found off;
|
access_log off;
|
||||||
expires max;
|
log_not_found off;
|
||||||
try_files $uri$webp_suffix $uri =404;
|
expires max;
|
||||||
}
|
try_files $uri$webp_suffix $uri =404;
|
||||||
}
|
}
|
||||||
|
}
|
||||||
# mitigate DoS attack CVE with WordPress script concatenation
|
# mitigate DoS attack CVE with WordPress script concatenation
|
||||||
location ~ \/wp-admin\/load-(scripts|styles).php {
|
# add the following line to wp-config.php
|
||||||
deny all;
|
# define( 'CONCATENATE_SCRIPTS', false );
|
||||||
}
|
location ~ \/wp-admin\/load-(scripts|styles).php {
|
||||||
|
deny all;
|
||||||
|
}
|
||||||
|
|
Loading…
Reference in New Issue