From 831f81ed152d87249c46d395d17e3b3acae2a07a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C6=ACHE=20=D0=AFAW=20=E2=98=A3?= Date: Tue, 7 May 2019 19:42:10 +0200 Subject: [PATCH] Update default --- static/vhost/default | 27 +++------------------------ 1 file changed, 3 insertions(+), 24 deletions(-) diff --git a/static/vhost/default b/static/vhost/default index 5f87c0c..8db8b90 100644 --- a/static/vhost/default +++ b/static/vhost/default @@ -8,41 +8,20 @@ server { # LIMIT CONNECTION FOR IP / IPs WILL BE AUTO BANNED IF YOU HAVE INSTALL IPTABLES/FAIL2BAN limit_conn max 800; limit_req zone=one burst=300 nodelay; + limit_req_status 444; # ================================================ # ================================================ - # 1. Don't put log files into location / {..} it will not work as you think. Use like this. - # 2. If you change their name or location make sure you also change those https://github.com/theraw/The-World-Is-Yours/blob/master/iptables/jail.local#L105-L118 access_log /hostdata/default/logs/access.log main; error_log /hostdata/default/logs/error.log; # ================================================ # ================================================ location / { - SecRulesEnabled; - LearningMode; - DeniedUrl "/denied/"; - CheckRule "$SQL >= 8" BLOCK; - CheckRule "$RFI >= 8" BLOCK; - CheckRule "$TRAVERSAL >= 4" BLOCK; - CheckRule "$EVADE >= 4" BLOCK; - CheckRule "$XSS >= 8" BLOCK; - try_files $uri $uri/ =404; } - # ================================================ - - location /denied/ { - return 444; + location /L7 { + testcookie off; } - - # ================================================ - location ~ \.php { - try_files $uri /index.php =404; - fastcgi_pass 127.0.0.1:9000; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - include fastcgi_params; - } # ================================================ }