From 60da7afa29a1686eaf8144b4520299c2d499056d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=C6=ACHE=20=D0=AFAW=20=E2=98=A3?= <daraw665@gmail.com>
Date: Sat, 19 Mar 2022 02:33:11 +0100
Subject: [PATCH] Update nginx.conf

---
 static/nginx.conf | 58 ++++-------------------------------------------
 1 file changed, 4 insertions(+), 54 deletions(-)

diff --git a/static/nginx.conf b/static/nginx.conf
index 2abcbda..3823620 100644
--- a/static/nginx.conf
+++ b/static/nginx.conf
@@ -15,29 +15,7 @@ http {
     # ////////////////////////////////////////////////////// #
     # =================== START L7 ========================= #
     # turn this 'on' if you want to use L7 For every domain hosted in your server
-    testcookie off;
-    testcookie_name DOPEHOSTING;
-    testcookie_secret random;
-    testcookie_session $remote_addr;
-    #testcookie_arg GO;
-    testcookie_httponly_flag on;
-    testcookie_max_attempts 3;
-    testcookie_secure_flag on;
-    testcookie_get_only on;
-    testcookie_p3p 'CP="CUR ADM OUR NOR STA NID", policyref="/w3c/p3p.xml"';
-    testcookie_fallback /cookies.html?backurl=$scheme://$host$request_uri;
-    
-    # Those are some ip's whitelisted by me. mostly are search engines. But not everything!
-    testcookie_whitelist {
-        8.8.8.8/32;
-        127.0.0.1/32;
-        # I don't suggest using alot of IPs here as this whitelist can fail!.
-    }
-    testcookie_redirect_via_refresh on;
-    testcookie_refresh_encrypt_cookie on;
-    testcookie_refresh_encrypt_cookie_key random;
-    testcookie_refresh_encrypt_cookie_iv random;
-    testcookie_refresh_template '<html><head><meta http-equiv="refresh" content="0; $testcookie_nexturl"><title>Just a moment please...</title></head><body> </script><script src="//ajax.googleapis.com/ajax/libs/jquery/1.11.2/jquery.min.js"></script><script type=\"text/javascript\" src="//proxy2.dopehosting.net/aes.min.js" ></script><script>function toNumbers(d){var e=[];d.replace(/(..)/g,function(d){e.push(parseInt(d,16))});return e}function toHex(){for(var d=[],d=1==arguments.length&&arguments[0].constructor==Array?arguments[0]:arguments,e="",f=0;f<d.length;f++)e+=(16>d[f]?"0":"")+d[f].toString(16);return e.toLowerCase()}var a=toNumbers("$testcookie_enc_key"),b=toNumbers("$testcookie_enc_iv"),c=toNumbers("$testcookie_enc_set");document.cookie="DOPEHOSTING="+toHex(slowAES.decrypt(c,2,a,b))+"; expires=Thu, 31-Dec-37 23:55:55 GMT; path=/";</script></body></html>';
+    include modsec/l7.conf;
     # ===================== END L7 ========================= #
     # ////////////////////////////////////////////////////// #
 
@@ -45,42 +23,15 @@ http {
     # ===================== LOGS =========================== #
     log_format main '$remote_addr  |==| $status |==| $request |==| $time_local';
     # -------------------------------------------------------#
-    log_format agent '$remote_addr |==| $status |==| $request |==| $http_user_agent';
-    # -------------------------------------------------------#
-    log_format full '$remote_addr  |==| $remote_user |==| $time_local |==| $request |==| $status |==| $body_bytes_sent |==| $http_referer |==| $http_user_agent |==| $http_x_forwarded_for';
     # =================== END LOGS ========================= #
     # ////////////////////////////////////////////////////// #
     
-    # ////////////////////////////////////////////////////// #
-    # ===================== GEIP =========================== #
-    geoip2 /nginx/db/GeoLite2-Country.mmdb {
-        $geoip2_data_country_code default=US country iso_code;
-        $geoip2_data_country_name country names en;
-    }
-    
-    # EX Ban China!
-    #map $geoip2_data_country_code $allowed_country {
-    #    default yes;
-    #    CN no;
-    #}
-    # =================== END GEIP ========================= #
-    # ////////////////////////////////////////////////////// #
-    
-    # ////////////////////////////////////////////////////// #
-    # ===================== EXTRA ========================== #
-    # Don't Go with "Nginx Can Handle Everything" !
-    limit_conn_zone $server_name zone=max:1m;
-    limit_req_zone $binary_remote_addr zone=one:1m rate=1r/s;
-    # =================== END EXTRA ======================== #
-    # ////////////////////////////////////////////////////// #
-    
     # ////////////////////////////////////////////////////// #
     # ==================== BACKENDS ======================== #
     map $http_upgrade $connection_upgrade {
     default upgrade;
     '' close;
     }
-    
     # Example Of Backend
     #upstream varnish {
     #    zone tcp_servers 64k;
@@ -96,7 +47,7 @@ http {
     client_body_timeout            90s;
     client_header_timeout          90s;
     client_max_body_size           2M;
-    keepalive_timeout              10s;
+    keepalive_timeout              15s;
     port_in_redirect               off;
     sendfile                       on;
     server_names_hash_bucket_size  6969;
@@ -113,9 +64,8 @@ http {
 
     # ////////////////////////////////////////////////////// #
     # =================== LOAD CONFIGS ===================== #
-    include /nginx/live/*;
-    include /nginx/conf.d/*;
-    include /nginx/naxsi_core.rules;
+    include live/*;
+    include modsec/naxi.core;
     # =================== END CONFIGS ====================== #
     # ////////////////////////////////////////////////////// #
 }