diff --git a/static/nginx/live/default b/static/nginx/live/default new file mode 100644 index 0000000..900eede --- /dev/null +++ b/static/nginx/live/default @@ -0,0 +1,68 @@ + server { + listen 80; + server_name localhost; + testcookie on; + root /hostdata/default/public_html/; + + modsecurity on; + modsecurity_rules_file /nginx/modsec/tester.conf; + + location ^~ /cdn { + testcookie off; + } + + location / { + SecRulesEnabled; + DeniedUrl "/denied/"; + CheckRule "$SQL >= 8" BLOCK; + CheckRule "$RFI >= 8" BLOCK; + CheckRule "$TRAVERSAL >= 4" BLOCK; + CheckRule "$EVADE >= 4" BLOCK; + CheckRule "$XSS >= 8" BLOCK; + + index index.html index.htm; + } + + location /lua-test { + default_type 'text/plain'; + content_by_lua_block { + ngx.say('Hello, world!') + } + } + + location /denied/ { + return 403; + } + + #error_page 404 /404.html; + + # redirect server error pages to the static page /50x.html + # + error_page 500 502 503 504 /50x.html; + location = /50x.html { + root html; + } + + # proxy the PHP scripts to Apache listening on 127.0.0.1:80 + # + #location ~ \.php$ { + # proxy_pass http://127.0.0.1; + #} + + # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 + # + #location ~ \.php$ { + # root html; + # fastcgi_pass 127.0.0.1:9000; + # fastcgi_index index.php; + # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; + # include fastcgi_params; + #} + + # deny access to .htaccess files, if Apache's document root + # concurs with nginx's one + # + #location ~ /\.ht { + # deny all; + #} + }