server {
        listen 80 default_server;
        root /hostdata/default/public_html;
        index index.html;
        server_name localhost;
        
        # ================================================
        # LIMIT CONNECTION FOR IP / IPs WILL BE AUTO BANNED IF YOU HAVE INSTALL IPTABLES/FAIL2BAN
        limit_conn max 800;
        limit_req zone=one burst=300 nodelay;
        # ================================================

        # ================================================
        # 1. Don't put log files into location / {..} it will not work as you think. Use like this.
        # 2. If you change their name or location make sure you also change those https://github.com/theraw/The-World-Is-Yours/blob/master/iptables/jail.local#L105-L118
        access_log /hostdata/default/logs/access.log main;
        error_log /hostdata/default/logs/error.log main;
        # ================================================

        # ================================================
        location / {
          SecRulesEnabled;
          LearningMode;
          DeniedUrl "/denied/";
          CheckRule "$SQL >= 8" BLOCK;
          CheckRule "$RFI >= 8" BLOCK;
          CheckRule "$TRAVERSAL >= 4" BLOCK;
          CheckRule "$EVADE >= 4" BLOCK;
          CheckRule "$XSS >= 8" BLOCK;
         
          try_files $uri $uri/ =404;
        }
        # ================================================
        
        location /denied/ {
          return 444;
        }
        
        # ================================================
        location ~ \.php {
          try_files $uri /index.php =404;
          fastcgi_pass 127.0.0.1:9000;
          fastcgi_index index.php;
          fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
          include fastcgi_params;
         }
        # ================================================
}
