theraw/The-World-Is-Yours
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update README.md

Browse Source
This commit is contained in:
𝓙𝓾𝓵𝓲𝓸
2017-12-30 01:17:15 +01:00
committed by GitHub
parent ffe903487f
commit a876bc8f7f
1 changed files with 52 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
README.md
+52
View File
@@ -8,3 +8,55 @@ Ubuntu 14.04 in you VM/VPS/DEDICATED so
2. **`cd The-World-Is-Yours/; chmod +x *`** 2. **`cd The-World-Is-Yours/; chmod +x *`**
3. **`./install`** 3. **`./install`**
# Check.
1. L7 (Cookie Based Protection) => https://github.com/theraw/The-World-Is-Yours/blob/master/static/nginx.conf#L19-L301
2. Naxsi Rules Included => https://github.com/theraw/The-World-Is-Yours/blob/master/static/nginx.conf#L392
3. ModSecurity is not loaded. However you need to set it up by yourself. you have a folder `/nginx/modsecurity/`
where its stored open `/nginx/modsecurity/modsecurity.conf` add those
```bash
Include crs-setup.conf
Include rules/*.conf
```
ModSecurity is by default enabled as "detect only" you can turn it on always by doing this
```bash
SecRuleEngine On
```
Using modSecurity for your site
```bash
server {
.....
modsecurity on;
modsecurity_rules_file /nginx/modsecurity/modsecurity.conf;
location / {
.....
}
}
```
**Careful** Using modsec rules like
```
location / {
modsecurity_rules_file /nginx/modsecurity/modsecurity.conf;
}
```
it means that's enabled just for your main place `/` not for other dirs in your site ex `/admin/` (:
Test it!
`curl 'http://localhost/?q="><script>wanna hack</script>'`
```bash
<html>
<head><title>403 Forbidden</title></head>
<body bgcolor="white">
<center><h1>403 Forbidden</h1></center>
<hr><center>nginx</center>
</body>
</html>
```