diff --git a/static/nginx.conf b/static/nginx.conf
index 2abcbda..3823620 100644
--- a/static/nginx.conf
+++ b/static/nginx.conf
@@ -15,29 +15,7 @@ http {
# ////////////////////////////////////////////////////// #
# =================== START L7 ========================= #
# turn this 'on' if you want to use L7 For every domain hosted in your server
- testcookie off;
- testcookie_name DOPEHOSTING;
- testcookie_secret random;
- testcookie_session $remote_addr;
- #testcookie_arg GO;
- testcookie_httponly_flag on;
- testcookie_max_attempts 3;
- testcookie_secure_flag on;
- testcookie_get_only on;
- testcookie_p3p 'CP="CUR ADM OUR NOR STA NID", policyref="/w3c/p3p.xml"';
- testcookie_fallback /cookies.html?backurl=$scheme://$host$request_uri;
-
- # Those are some ip's whitelisted by me. mostly are search engines. But not everything!
- testcookie_whitelist {
- 8.8.8.8/32;
- 127.0.0.1/32;
- # I don't suggest using alot of IPs here as this whitelist can fail!.
- }
- testcookie_redirect_via_refresh on;
- testcookie_refresh_encrypt_cookie on;
- testcookie_refresh_encrypt_cookie_key random;
- testcookie_refresh_encrypt_cookie_iv random;
- testcookie_refresh_template 'Just a moment please... ';
+ include modsec/l7.conf;
# ===================== END L7 ========================= #
# ////////////////////////////////////////////////////// #
@@ -45,42 +23,15 @@ http {
# ===================== LOGS =========================== #
log_format main '$remote_addr |==| $status |==| $request |==| $time_local';
# -------------------------------------------------------#
- log_format agent '$remote_addr |==| $status |==| $request |==| $http_user_agent';
- # -------------------------------------------------------#
- log_format full '$remote_addr |==| $remote_user |==| $time_local |==| $request |==| $status |==| $body_bytes_sent |==| $http_referer |==| $http_user_agent |==| $http_x_forwarded_for';
# =================== END LOGS ========================= #
# ////////////////////////////////////////////////////// #
- # ////////////////////////////////////////////////////// #
- # ===================== GEIP =========================== #
- geoip2 /nginx/db/GeoLite2-Country.mmdb {
- $geoip2_data_country_code default=US country iso_code;
- $geoip2_data_country_name country names en;
- }
-
- # EX Ban China!
- #map $geoip2_data_country_code $allowed_country {
- # default yes;
- # CN no;
- #}
- # =================== END GEIP ========================= #
- # ////////////////////////////////////////////////////// #
-
- # ////////////////////////////////////////////////////// #
- # ===================== EXTRA ========================== #
- # Don't Go with "Nginx Can Handle Everything" !
- limit_conn_zone $server_name zone=max:1m;
- limit_req_zone $binary_remote_addr zone=one:1m rate=1r/s;
- # =================== END EXTRA ======================== #
- # ////////////////////////////////////////////////////// #
-
# ////////////////////////////////////////////////////// #
# ==================== BACKENDS ======================== #
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
-
# Example Of Backend
#upstream varnish {
# zone tcp_servers 64k;
@@ -96,7 +47,7 @@ http {
client_body_timeout 90s;
client_header_timeout 90s;
client_max_body_size 2M;
- keepalive_timeout 10s;
+ keepalive_timeout 15s;
port_in_redirect off;
sendfile on;
server_names_hash_bucket_size 6969;
@@ -113,9 +64,8 @@ http {
# ////////////////////////////////////////////////////// #
# =================== LOAD CONFIGS ===================== #
- include /nginx/live/*;
- include /nginx/conf.d/*;
- include /nginx/naxsi_core.rules;
+ include live/*;
+ include modsec/naxi.core;
# =================== END CONFIGS ====================== #
# ////////////////////////////////////////////////////// #
}