theraw/The-World-Is-Yours
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

focal-release

Browse Source
This commit is contained in:
root
2022-03-18 23:03:43 +00:00
parent 12f0ad5fac
commit b55641d072
32 changed files with 0 additions and 2457 deletions
Download Patch File Download Diff File Expand all files Collapse all files
UBUNTU14/conf.d/bot.conf
-4
View File
@@ -1,4 +0,0 @@
geo $white_bot {
default 0;
include /nginx/whitelist/whitelist-ips.conf;
}
UBUNTU14/install
-63
View File
@@ -1,63 +0,0 @@
#!/bin/bash
ireqs() {
mkdir -p /tmp/nginx-plus/; cd /tmp/nginx-plus
wget
apt-get update; apt-get upgrade -y; apt-get dist-upgrade -y
apt-get autoremove -y
apt-get install apt-utils build-essential -y
apt-get install git -y
apt-get install checkinstall libpcre3 libpcre3-dev zlib1g zlib1g-dbg libxml2 zlib1g-dev -y
apt-get install -y unzip
apt-get install -y libicu-dev libcurl4-gnutls-dev libtool
apt-get install -y libmozjs-24-dev
apt-get install -y libmozjs-24-bin; sudo ln -sf /usr/bin/js24 /usr/bin/js
apt-get install openssl libssl-dev libperl-dev libexpat-dev -y
apt-get install mercurial meld -y
apt-get install libxslt-dev -y
apt-get install libgd2-xpm -y
apt-get install libgd2-xpm-dev -y
apt-get install libgeoip-dev -y
apt-get install libssl libssl-dev -y
apt-get install dh-autoreconf -y
apt-get install -y software-properties-common
apt-get install -y python-software-properties
apt-get install -y libcairo2 libcairo2-dev
apt-get install -y python-dev
sudo add-apt-repository ppa:maxmind/ppa -y
apt-get install aptitude -y
aptitude update -y
aptitude upgrade -y
aptitude install libmaxminddb0 libmaxminddb-dev mmdb-bin -y
apt-get install libmysqlclient-dev -y
apt-get install libmariadbclient-dev -y
apt-get install g++ flex bison curl doxygen libyajl-dev libgeoip-dev libtool dh-autoreconf libcurl4-gnutls-dev libxml2 libpcre++-dev libxml2-dev -y
}
# Nginx Env's Extra Stuff.
#ngx-envs() {
#
#}
download() {
cd /
wget https://github.com/systemroot/my-nginx/raw/master/nginx-plus/nginx-plus.zip
unzip -P ****** nginx-plus.zip; rm -Rf nginx-plus.zip
clear
}
rebuild-conf() {
}
download-mods() {
}
compile-mods() {
}
move-mods() {
}
UBUNTU14/whitelist/whitelist-ips.conf
-498
View File
@@ -1,498 +0,0 @@
# ====================================
# GOOGLE.
# ====================================
108.177.8.0/21 1;
54.36.0.0/16 1;
104.132.0.0/23 1;
104.132.11.0/24 1;
104.132.141.0/24 1;
104.132.34.0/24 1;
104.132.5.0/24 1;
104.132.51.0/24 1;
104.132.7.0/24 1;
104.132.8.0/24 1;
104.133.0.0/24 1;
104.133.2.0/23 1;
104.154.0.0/15 1;
104.196.0.0/14 1;
107.167.160.0/19 1;
107.178.192.0/18 1;
108.170.192.0/18 1;
108.177.0.0/17 1;
108.177.10.0/24 1;
108.177.103.0/24 1;
108.177.104.0/24 1;
108.177.11.0/24 1;
108.177.112.0/24 1;
108.177.119.0/24 1;
108.177.120.0/24 1;
108.177.12.0/24 1;
108.177.121.0/24 1;
108.177.125.0/24 1;
108.177.126.0/24 1;
108.177.127.0/24 1;
108.177.13.0/24 1;
108.177.14.0/24 1;
108.177.15.0/24 1;
108.177.28.0/24 1;
108.177.30.0/24 1;
108.177.8.0/24 1;
108.177.9.0/24 1;
108.177.96.0/24 1;
108.177.97.0/24 1;
108.177.98.0/24 1;
108.59.80.0/20 1;
130.211.0.0/16 1;
142.250.0.0/15 1;
146.148.0.0/17 1;
162.216.148.0/22 1;
162.222.176.0/21 1;
172.102.10.0/24 1;
172.102.11.0/24 1;
172.102.12.0/23 1;
172.102.14.0/23 1;
172.102.8.0/21 1;
172.102.8.0/24 1;
172.110.32.0/21 1;
172.217.0.0/16 1;
172.217.0.0/24 1;
172.217.10.0/24 1;
172.217.1.0/24 1;
172.217.11.0/24 1;
172.217.12.0/24 1;
172.217.13.0/24 1;
172.217.14.0/24 1;
172.217.15.0/24 1;
172.217.16.0/24 1;
172.217.17.0/24 1;
172.217.18.0/24 1;
172.217.19.0/24 1;
172.217.20.0/24 1;
172.217.2.0/24 1;
172.217.21.0/24 1;
172.217.22.0/24 1;
172.217.23.0/24 1;
172.217.24.0/24 1;
172.217.25.0/24 1;
172.217.26.0/24 1;
172.217.27.0/24 1;
172.217.28.0/24 1;
172.217.29.0/24 1;
172.217.30.0/24 1;
172.217.3.0/24 1;
172.217.31.0/24 1;
172.217.4.0/24 1;
172.217.5.0/24 1;
172.217.6.0/24 1;
172.217.7.0/24 1;
172.217.8.0/24 1;
172.217.9.0/24 1;
172.253.0.0/16 1;
173.194.112.0/24 1;
173.194.113.0/24 1;
173.194.117.0/24 1;
173.194.118.0/24 1;
173.194.119.0/24 1;
173.194.120.0/24 1;
173.194.121.0/24 1;
173.194.124.0/24 1;
173.194.132.0/24 1;
173.194.136.0/24 1;
173.194.140.0/24 1;
173.194.141.0/24 1;
173.194.142.0/24 1;
173.194.175.0/24 1;
173.194.192.0/24 1;
173.194.193.0/24 1;
173.194.194.0/24 1;
173.194.195.0/24 1;
173.194.196.0/24 1;
173.194.197.0/24 1;
173.194.198.0/24 1;
173.194.199.0/24 1;
173.194.200.0/24 1;
173.194.201.0/24 1;
173.194.202.0/24 1;
173.194.203.0/24 1;
173.194.204.0/24 1;
173.194.205.0/24 1;
173.194.206.0/24 1;
173.194.207.0/24 1;
173.194.208.0/24 1;
173.194.209.0/24 1;
173.194.210.0/24 1;
173.194.211.0/24 1;
173.194.212.0/24 1;
173.194.213.0/24 1;
173.194.214.0/24 1;
173.194.215.0/24 1;
173.194.216.0/24 1;
173.194.217.0/24 1;
173.194.218.0/24 1;
173.194.219.0/24 1;
173.194.220.0/24 1;
173.194.221.0/24 1;
173.194.222.0/24 1;
173.194.223.0/24 1;
173.194.32.0/24 1;
173.194.34.0/24 1;
173.194.35.0/24 1;
173.194.36.0/24 1;
173.194.37.0/24 1;
173.194.38.0/24 1;
173.194.39.0/24 1;
173.194.40.0/24 1;
173.194.41.0/24 1;
173.194.42.0/24 1;
173.194.44.0/24 1;
173.194.46.0/24 1;
173.194.53.0/24 1;
173.194.63.0/24 1;
173.194.66.0/24 1;
173.194.67.0/24 1;
173.194.68.0/24 1;
173.194.69.0/24 1;
173.194.70.0/24 1;
173.194.7.0/24 1;
173.194.73.0/24 1;
173.194.74.0/24 1;
173.194.76.0/24 1;
173.194.78.0/24 1;
173.194.79.0/24 1;
173.255.112.0/20 1;
185.150.148.0/22 1;
185.25.28.0/23 1;
192.104.160.0/23 1;
192.158.28.0/22 1;
192.178.0.0/15 1;
199.192.112.0/22 1;
199.223.232.0/21 1;
207.223.160.0/20 1;
208.68.108.0/22 1;
208.81.188.0/22 1;
209.107.176.0/20 1;
209.107.176.0/23 1;
209.107.182.0/23 1;
209.107.184.0/23 1;
209.107.185.0/24 1;
209.85.144.0/24 1;
209.85.145.0/24 1;
209.85.147.0/24 1;
209.85.200.0/24 1;
209.85.201.0/24 1;
209.85.202.0/24 1;
209.85.203.0/24 1;
209.85.232.0/24 1;
209.85.233.0/24 1;
209.85.234.0/24 1;
209.85.235.0/24 1;
216.239.32.0/24 1;
216.239.33.0/24 1;
216.239.34.0/24 1;
216.239.35.0/24 1;
216.239.36.0/24 1;
216.239.38.0/24 1;
216.239.39.0/24 1;
216.252.220.0/22 1;
216.252.220.0/24 1;
216.252.222.0/24 1;
216.58.200.0/24 1;
216.58.208.0/24 1;
216.58.209.0/24 1;
216.58.210.0/24 1;
216.58.211.0/24 1;
216.58.212.0/24 1;
216.58.213.0/24 1;
216.58.214.0/24 1;
216.58.215.0/24 1;
216.58.216.0/24 1;
216.58.217.0/24 1;
216.58.218.0/24 1;
216.58.219.0/24 1;
216.58.220.0/24 1;
216.58.221.0/24 1;
216.58.222.0/24 1;
216.58.223.0/24 1;
216.73.80.0/20 1;
23.236.48.0/20 1;
23.251.128.0/19 1;
35.184.0.0/13 1;
35.192.0.0/13 1;
35.200.0.0/14 1;
35.204.0.0/15 1;
35.224.0.0/14 1;
35.228.0.0/14 1;
35.232.0.0/14 1;
35.236.0.0/14 1;
35.240.0.0/14 1;
35.244.0.0/14 1;
64.233.161.0/24 1;
64.233.162.0/24 1;
64.233.163.0/24 1;
64.233.164.0/24 1;
64.233.165.0/24 1;
64.233.166.0/24 1;
64.233.167.0/24 1;
64.233.168.0/24 1;
64.233.169.0/24 1;
64.233.170.0/24 1;
64.233.171.0/24 1;
64.233.176.0/24 1;
64.233.177.0/24 1;
64.233.178.0/24 1;
64.233.179.0/24 1;
64.233.180.0/24 1;
64.233.181.0/24 1;
64.233.182.0/24 1;
64.233.183.0/24 1;
64.233.184.0/24 1;
64.233.185.0/24 1;
64.233.186.0/24 1;
64.233.187.0/24 1;
64.233.188.0/24 1;
64.233.189.0/24 1;
64.233.190.0/24 1;
64.233.191.0/24 1;
66.102.1.0/24 1;
66.102.12.0/24 1;
66.102.2.0/24 1;
66.102.3.0/24 1;
66.102.4.0/24 1;
66.249.64.0/19 1;
70.32.128.0/19 1;
70.32.131.0/24 1;
70.32.145.0/24 1;
70.32.146.0/23 1;
70.32.151.0/24 1;
74.114.24.0/21 1;
74.125.124.0/24 1;
74.125.126.0/24 1;
74.125.127.0/24 1;
74.125.128.0/24 1;
74.125.129.0/24 1;
74.125.130.0/24 1;
74.125.131.0/24 1;
74.125.132.0/24 1;
74.125.133.0/24 1;
74.125.134.0/24 1;
74.125.135.0/24 1;
74.125.136.0/24 1;
74.125.138.0/24 1;
74.125.139.0/24 1;
74.125.140.0/24 1;
74.125.141.0/24 1;
74.125.143.0/24 1;
74.125.192.0/24 1;
74.125.196.0/24 1;
74.125.197.0/24 1;
74.125.198.0/24 1;
74.125.199.0/24 1;
74.125.200.0/24 1;
74.125.201.0/24 1;
74.125.202.0/24 1;
74.125.203.0/24 1;
74.125.204.0/24 1;
74.125.205.0/24 1;
74.125.206.0/24 1;
74.125.21.0/24 1;
74.125.22.0/24 1;
74.125.225.0/24 1;
74.125.226.0/24 1;
74.125.227.0/24 1;
74.125.228.0/24 1;
74.125.230.0/24 1;
74.125.23.0/24 1;
74.125.232.0/24 1;
74.125.234.0/24 1;
74.125.235.0/24 1;
74.125.236.0/24 1;
74.125.238.0/24 1;
74.125.24.0/24 1;
74.125.26.0/24 1;
74.125.27.0/24 1;
74.125.28.0/24 1;
74.125.29.0/24 1;
74.125.30.0/24 1;
74.125.31.0/24 1;
74.125.39.0/24 1;
74.125.6.0/24 1;
74.125.68.0/24 1;
74.125.69.0/24 1;
74.125.70.0/24 1;
74.125.71.0/24 1;
8.34.208.0/21 1;
8.34.216.0/21 1;
8.35.192.0/21 1;
8.35.200.0/21 1;
8.8.4.0/24 1;
8.8.8.0/24 1;
108.177.96.0/19 1;
172.217.0.0/19 1;
173.194.0.0/16 1;
2001:4860:4000::/36 1;
203.208.60.0/24 1;
207.126.144.0/20 1;
209.85.128.0/17 1;
216.239.32.0/19 1;
216.58.192.0/19 1;
2404:6800:4000::/36 1;
2607:f8b0:4000::/36 1;
2800:3f0:4000::/36 1;
2a00:1450:4000::/36 1;
2c0f:fb50:4000::/36 1;
64.18.0.0/20 1;
64.233.160.0/19 1;
64.68.80.0/21 1;
66.102.0.0/20 1;
66.249.64.0/18 1;
72.14.192.0/18 1;
74.125.0.0/16 1;
# ====================================
# END GOOGLE.
# ====================================
# ====================================
# START BING.
# ====================================
131.253.24.0/22 1;
131.253.46.0/23 1;
157.54.0.0/15 1;
157.56.0.0/14 1;
157.60.0.0/16 1;
199.30.16.0/24 1;
199.30.27.0/24 1;
207.46.0.0/16 1;
40.112.0.0/13 1;
40.120.0.0/14 1;
40.124.0.0/16 1;
40.125.0.0/17 1;
40.74.0.0/15 1;
40.76.0.0/14 1;
40.80.0.0/12 1;
40.96.0.0/12 1;
65.52.104.0/24 1;
65.52.108.0/22 1;
65.55.213.0/24 1;
65.55.217.0/24 1;
65.55.24.0/24 1;
65.55.52.0/24 1;
65.55.55.0/24 1;
# ====================================
# END BING.
# ====================================
# ====================================
# START CLOUDFLARE.
# ====================================
103.21.244.0/22 1;
103.22.200.0/22 1;
103.31.4.0/22 1;
104.16.0.0/12 1;
108.162.192.0/18 1;
131.0.72.0/22 1;
141.101.64.0/18 1;
162.158.0.0/15 1;
172.64.0.0/13 1;
173.245.48.0/20 1;
188.114.96.0/20 1;
190.93.240.0/20 1;
197.234.240.0/22 1;
198.41.128.0/17 1;
# ====================================
# END CLOUDFLARE.
# ====================================
# ====================================
# START UPTIME ROBOT.
# ====================================
216.144.250.150 1;
69.162.124.226 1;
69.162.124.227 1;
69.162.124.228 1;
69.162.124.229 1;
69.162.124.230 1;
69.162.124.231 1;
69.162.124.232 1;
69.162.124.233 1;
69.162.124.234 1;
69.162.124.235 1;
69.162.124.236 1;
69.162.124.237 1;
63.143.42.242 1;
63.143.42.243 1;
63.143.42.244 1;
63.143.42.245 1;
63.143.42.246 1;
63.143.42.247 1;
63.143.42.248 1;
63.143.42.249 1;
63.143.42.250 1;
63.143.42.251 1;
63.143.42.252 1;
63.143.42.253 1;
46.137.190.132 1;
122.248.234.23 1;
188.226.183.141 1;
178.62.52.237 1;
54.79.28.129 1;
54.94.142.218 1;
104.131.107.63 1;
54.67.10.127 1;
54.64.67.106 1;
159.203.30.41 1;
46.101.250.135 1;
18.221.56.27 1;
52.60.129.180 1;
159.89.8.111 1;
146.185.143.14 1;
139.59.173.249 1;
165.227.83.148 1;
128.199.195.156 1;
138.197.150.151 1;
34.233.66.117 1;
# ====================================
# END UPTIME ROBOT.
# ====================================
# ====================================
# START DOPEHOSTING.NET
# ====================================
54.37.223.16/30 1;
37.59.144.72/30 1;
137.74.180.224 1;
54.36.45.68 1;
46.105.102.209 1;
188.165.209.76 1;
178.32.143.180 1;
94.23.174.121 1;
145.239.109.72/30 1;
51.254.165.84/30 1;
176.31.143.0/30 1;
151.80.88.22 1;
151.80.88.23 1;
164.132.205.172 1;
91.134.123.247 1;
145.239.77.50 1;
178.33.104.93 1;
178.33.104.96 1;
178.33.104.181 1;
178.33.106.145 1;
51.254.94.129 1;
178.32.56.33 1;
164.132.30.228 1;
137.74.234.202 1;
94.23.172.79 1;
46.105.53.116 1;
91.134.201.79 1;
137.74.234.209 1;
54.36.100.120 1;
94.23.172.83 1;
46.105.51.193 1;
178.32.53.54 1;
# ====================================
# END DOPEHOSTING.NET
# ====================================
iptables/filter.d/nginx-ban.conf
-5
View File
@@ -1,5 +0,0 @@
[Definition]
failregex = ^.*client: <HOST>.* 444.*$
ignoreregex =
iptables/filter.d/nginx-limits.conf
-8
View File
@@ -1,8 +0,0 @@
# fail2ban filter configuration for nginx limit connection for ip.
[Definition]
failregex = ^.*client: <HOST>.*$
ignoreregex =
iptables/install
-27
View File
@@ -1,27 +0,0 @@
#!/bin/bash
apt-get update; apt-get upgrade -y; apt-get dist-upgrade -y; apt-get autoremove -y
sudo apt-get install iptables-persistent
sudo invoke-rc.d iptables-persistent save
clear
# ========================================================================
mkdir -p /firewall/iptables/bin
echo '#!/bin/bash' > /firewall/iptables/bin/fire.sh
echo 'sudo service fail2ban stop' >> /firewall/iptables/bin/fire.sh
echo 'nano /etc/iptables/rules.v4' >> /firewall/iptables/bin/fire.sh
echo 'iptables-restore < /etc/iptables/rules.v4' >> /firewall/iptables/bin/fire.sh
echo 'iptables-save > /etc/iptables/rules.v4' >> /firewall/iptables/bin/fire.sh
echo 'sudo service fail2ban start' >> /firewall/iptables/bin/fire.sh
ln -sf /firewall/iptables/bin/fire.sh /bin/fire
curl -s https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/iptables/rules > /etc/iptables/rules.v4
chmod +x /bin/fire
# ========================================================================
sudo apt-get install fail2ban -y
sudo service fail2ban stop
curl -s https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/iptables/jail.local > /etc/fail2ban/jail.local
touch /nginx/logs/error.log
sudo service fail2ban start
clear
iptables/jail.local
-471
View File
@@ -1,471 +0,0 @@
[DEFAULT]
ignoreip = 127.0.0.1/8
# "bantime" is the number of seconds that a host is banned.
bantime = 1200
# A host is banned if it has generated "maxretry" during the last "findtime"
# seconds.
findtime = 600
maxretry = 3
# "backend" specifies the backend used to get files modification.
# Available options are "pyinotify", "gamin", "polling" and "auto".
# This option can be overridden in each jail as well.
#
# pyinotify: requires pyinotify (a file alteration monitor) to be installed.
# If pyinotify is not installed, Fail2ban will use auto.
# gamin: requires Gamin (a file alteration monitor) to be installed.
# If Gamin is not installed, Fail2ban will use auto.
# polling: uses a polling algorithm which does not require external libraries.
# auto: will try to use the following backends, in order:
# pyinotify, gamin, polling.
backend = auto
# "usedns" specifies if jails should trust hostnames in logs,
# warn when reverse DNS lookups are performed, or ignore all hostnames in logs
#
# yes: if a hostname is encountered, a reverse DNS lookup will be performed.
# warn: if a hostname is encountered, a reverse DNS lookup will be performed,
# but it will be logged as a warning.
# no: if a hostname is encountered, will not be used for banning,
# but it will be logged as info.
usedns = warn
# Destination email address used solely for the interpolations in
# jail.{conf,local} configuration files.
destemail = root@localhost
# Name of the sender for mta actions
sendername = Fail2Ban
# ACTIONS
# Default banning action (e.g. iptables, iptables-new,
# iptables-multiport, shorewall, etc) It is used to define
# action_* variables. Can be overridden globally or per
# section within jail.local file
banaction = iptables-multiport
# email action. Since 0.8.1 upstream fail2ban uses sendmail
# MTA for the mailing. Change mta configuration parameter to mail
# if you want to revert to conventional 'mail'.
mta = sendmail
# Default protocol
protocol = tcp
# Specify chain where jumps would need to be added in iptables-* actions
chain = INPUT
#
# Action shortcuts. To be used to define action parameter
# The simplest action to take: ban only
action_ = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
# ban & send an e-mail with whois report to the destemail.
action_mw = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
%(mta)s-whois[name=%(__name__)s, dest="%(destemail)s", protocol="%(protocol)s", chain="%(chain)s", sendername="%(sendername)s"]
# ban & send an e-mail with whois report and relevant log lines
# to the destemail.
action_mwl = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
%(mta)s-whois-lines[name=%(__name__)s, dest="%(destemail)s", logpath=%(logpath)s, chain="%(chain)s", sendername="%(sendername)s"]
# Choose default action. To change, just override value of 'action' with the
# interpolation to the chosen action shortcut (e.g. action_mw, action_mwl, etc) in jail.local
# globally (section [DEFAULT]) or per specific section
action = %(action_)s
#
# JAILS
#
# Next jails corresponds to the standard configuration in Fail2ban 0.6 which
# was shipped in Debian. Enable any defined here jail by including
#
# [SECTION_NAME]
# enabled = true
#
# in /etc/fail2ban/jail.local.
#
# Optionally you may override any other parameter (e.g. banaction,
# action, port, logpath, etc) in that section within jail.local
[ssh]
enabled = true
port = ssh
filter = sshd
logpath = /var/log/auth.log
maxretry = 6
[nginx-limits]
enabled = true
port = http,https
filter = nginx-limits
logpath = /hostdata/*/logs/error.log
maxretry = 6
[nginx-ban]
enabled = true
port = http,https
filter = nginx-ban
logpath = /hostdata/*/logs/access.log
maxretry = 1
[dropbear]
enabled = false
port = ssh
filter = dropbear
logpath = /var/log/auth.log
maxretry = 6
# Generic filter for pam. Has to be used with action which bans all ports
# such as iptables-allports, shorewall
[pam-generic]
enabled = false
# pam-generic filter can be customized to monitor specific subset of 'tty's
filter = pam-generic
# port actually must be irrelevant but lets leave it all for some possible uses
port = all
banaction = iptables-allports
port = anyport
logpath = /var/log/auth.log
maxretry = 6
[xinetd-fail]
enabled = false
filter = xinetd-fail
port = all
banaction = iptables-multiport-log
logpath = /var/log/daemon.log
maxretry = 2
[ssh-ddos]
enabled = false
port = ssh
filter = sshd-ddos
logpath = /var/log/auth.log
maxretry = 6
# Here we use blackhole routes for not requiring any additional kernel support
# to store large volumes of banned IPs
[ssh-route]
enabled = false
filter = sshd
action = route
logpath = /var/log/sshd.log
maxretry = 6
# Here we use a combination of Netfilter/Iptables and IPsets
# for storing large volumes of banned IPs
#
# IPset comes in two versions. See ipset -V for which one to use
# requires the ipset package and kernel support.
[ssh-iptables-ipset4]
enabled = false
port = ssh
filter = sshd
banaction = iptables-ipset-proto4
logpath = /var/log/sshd.log
maxretry = 6
[ssh-iptables-ipset6]
enabled = false
port = ssh
filter = sshd
banaction = iptables-ipset-proto6
logpath = /var/log/sshd.log
maxretry = 6
#
# HTTP servers
#
[apache]
enabled = false
port = http,https
filter = apache-auth
logpath = /var/log/apache*/*error.log
maxretry = 6
# default action is now multiport, so apache-multiport jail was left
# for compatibility with previous (<0.7.6-2) releases
[apache-multiport]
enabled = false
port = http,https
filter = apache-auth
logpath = /var/log/apache*/*error.log
maxretry = 6
[apache-noscript]
enabled = false
port = http,https
filter = apache-noscript
logpath = /var/log/apache*/*error.log
maxretry = 6
[apache-overflows]
enabled = false
port = http,https
filter = apache-overflows
logpath = /var/log/apache*/*error.log
maxretry = 2
# Ban attackers that try to use PHP's URL-fopen() functionality
# through GET/POST variables. - Experimental, with more than a year
# of usage in production environments.
[php-url-fopen]
enabled = false
port = http,https
filter = php-url-fopen
logpath = /var/www/*/logs/access_log
# A simple PHP-fastcgi jail which works with lighttpd.
# If you run a lighttpd server, then you probably will
# find these kinds of messages in your error_log:
# ALERT tried to register forbidden variable GLOBALS
# through GET variables (attacker '1.2.3.4', file '/var/www/default/htdocs/index.php')
[lighttpd-fastcgi]
enabled = false
port = http,https
filter = lighttpd-fastcgi
logpath = /var/log/lighttpd/error.log
# Same as above for mod_auth
# It catches wrong authentifications
[lighttpd-auth]
enabled = false
port = http,https
filter = suhosin
logpath = /var/log/lighttpd/error.log
[nginx-http-auth]
enabled = true
filter = nginx-http-auth
port = http,https
logpath = /var/log/nginx/error.log
# Monitor roundcube server
[roundcube-auth]
enabled = false
filter = roundcube-auth
port = http,https
logpath = /var/log/roundcube/userlogins
[sogo-auth]
enabled = false
filter = sogo-auth
port = http, https
# without proxy this would be:
# port = 20000
logpath = /var/log/sogo/sogo.log
# FTP servers
[vsftpd]
enabled = false
port = ftp,ftp-data,ftps,ftps-data
filter = vsftpd
logpath = /var/log/vsftpd.log
# or overwrite it in jails.local to be
# logpath = /var/log/auth.log
# if you want to rely on PAM failed login attempts
# vsftpd's failregex should match both of those formats
maxretry = 6
[proftpd]
enabled = false
port = ftp,ftp-data,ftps,ftps-data
filter = proftpd
logpath = /var/log/proftpd/proftpd.log
maxretry = 6
[pure-ftpd]
enabled = false
port = ftp,ftp-data,ftps,ftps-data
filter = pure-ftpd
logpath = /var/log/syslog
maxretry = 6
[wuftpd]
enabled = false
port = ftp,ftp-data,ftps,ftps-data
filter = wuftpd
logpath = /var/log/syslog
maxretry = 6
# Mail servers
[postfix]
enabled = false
port = smtp,ssmtp,submission
filter = postfix
logpath = /var/log/mail.log
[couriersmtp]
enabled = false
port = smtp,ssmtp,submission
filter = couriersmtp
logpath = /var/log/mail.log
#
# Mail servers authenticators: might be used for smtp,ftp,imap servers, so
# all relevant ports get banned
#
[courierauth]
enabled = false
port = smtp,ssmtp,submission,imap2,imap3,imaps,pop3,pop3s
filter = courierlogin
logpath = /var/log/mail.log
[sasl]
enabled = false
port = smtp,ssmtp,submission,imap2,imap3,imaps,pop3,pop3s
filter = postfix-sasl
# You might consider monitoring /var/log/mail.warn instead if you are
# running postfix since it would provide the same log lines at the
# "warn" level but overall at the smaller filesize.
logpath = /var/log/mail.log
[dovecot]
enabled = false
port = smtp,ssmtp,submission,imap2,imap3,imaps,pop3,pop3s
filter = dovecot
logpath = /var/log/mail.log
# To log wrong MySQL access attempts add to /etc/my.cnf:
# log-error=/var/log/mysqld.log
# log-warning = 2
[mysqld-auth]
enabled = false
filter = mysqld-auth
port = 3306
logpath = /var/log/mysqld.log
# DNS Servers
# These jails block attacks against named (bind9). By default, logging is off
# with bind9 installation. You will need something like this:
#
# logging {
# channel security_file {
# file "/var/log/named/security.log" versions 3 size 30m;
# severity dynamic;
# print-time yes;
# };
# category security {
# security_file;
# };
# };
#
# in your named.conf to provide proper logging
# !!! WARNING !!!
# Since UDP is connection-less protocol, spoofing of IP and imitation
# of illegal actions is way too simple. Thus enabling of this filter
# might provide an easy way for implementing a DoS against a chosen
# victim. See
# http://nion.modprobe.de/blog/archives/690-fail2ban-+-dns-fail.html
# Please DO NOT USE this jail unless you know what you are doing.
#[named-refused-udp]
#
#enabled = false
#port = domain,953
#protocol = udp
#filter = named-refused
#logpath = /var/log/named/security.log
[named-refused-tcp]
enabled = false
port = domain,953
protocol = tcp
filter = named-refused
logpath = /var/log/named/security.log
# Multiple jails, 1 per protocol, are necessary ATM:
# see https://github.com/fail2ban/fail2ban/issues/37
[asterisk-tcp]
enabled = false
filter = asterisk
port = 5060,5061
protocol = tcp
logpath = /var/log/asterisk/messages
[asterisk-udp]
enabled = false
filter = asterisk
port = 5060,5061
protocol = udp
logpath = /var/log/asterisk/messages
# Jail for more extended banning of persistent abusers
# !!! WARNING !!!
# Make sure that your loglevel specified in fail2ban.conf/.local
# is not at DEBUG level -- which might then cause fail2ban to fall into
# an infinite loop constantly feeding itself with non-informative lines
[recidive]
enabled = false
filter = recidive
logpath = /var/log/fail2ban.log
action = iptables-allports[name=recidive]
sendmail-whois-lines[name=recidive, logpath=/var/log/fail2ban.log]
bantime = 604800 ; 1 week
findtime = 86400 ; 1 day
maxretry = 5
iptables/rules
-33
View File
@@ -1,33 +0,0 @@
# Generated by iptables-save v1.6.1 on Fri May 3 07:22:39 2019
*mangle
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [3:376]
:POSTROUTING ACCEPT [3:376]
COMMIT
# Completed on Fri May 3 07:22:39 2019
# Generated by iptables-save v1.6.1 on Fri May 3 07:22:39 2019
*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
COMMIT
# Completed on Fri May 3 07:22:39 2019
# Generated by iptables-save v1.6.1 on Fri May 3 07:22:39 2019
*filter
:INPUT DROP [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [3:376]
-A INPUT -i lo -j ACCEPT
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
-A INPUT -m conntrack --ctstate INVALID -j DROP
-A INPUT -p udp -j REJECT --reject-with icmp-port-unreachable
-A INPUT -p tcp -j REJECT --reject-with tcp-reset
-A INPUT -j REJECT --reject-with icmp-proto-unreachable
COMMIT
# Completed on Fri May 3 07:22:39 2019
static/GeoLite2-Country.mmdb
BIN
View File
Binary file not shown.
static/conf.d/banlist.conf
-195
View File
@@ -1,195 +0,0 @@
# ========================================
# Proxies used for brute force.
deny 185.145.200.0/22;
deny 175.139.192.0/18;
deny 160.16.128.0/17;
deny 35.190.128.0/19;
deny 34.192.0.0/12;
deny 123.30.174.0/24;
deny 58.82.144.0/21;
deny 92.63.96.0/21;
deny 109.68.150.0/24;
deny 171.248.0.0/13;
deny 196.220.97.0/24;
deny 185.145.202.171/32;
deny 123.30.174.151/32;
deny 47.90.87.225/32;
deny 204.12.155.201/32;
deny 168.90.224.75/32;
deny 47.52.231.140/32;
deny 47.90.72.227/32;
deny 47.91.139.78/32;
deny 62.109.14.242/32;
deny 118.193.26.18/32;
deny 159.224.176.205/32;
deny 74.217.93.206/32;
deny 27.111.43.178/32;
deny 47.206.51.67/32;
deny 194.190.17.23/32;
deny 50.233.136.254/32;
deny 62.133.191.113/32;
deny 80.95.11.139/32;
deny 37.99.214.45/32;
deny 103.74.246.161/32;
deny 69.85.70.37/32;
deny 187.58.213.116/32;
deny 85.30.219.24/32;
deny 34.200.213.29/32;
deny 92.63.103.226/32;
deny 181.196.50.238/32;
deny 36.73.121.24/32;
deny 74.217.93.211/32;
deny 81.22.54.60/32;
deny 36.73.159.128/32;
deny 2.138.24.102/32;
deny 188.244.185.94/32;
deny 89.255.94.111/32;
deny 74.217.93.208/32;
deny 58.82.151.37/32;
deny 74.217.93.207/32;
deny 74.217.93.209/32;
deny 74.217.93.212/32;
deny 24.155.93.123/32;
deny 74.217.93.204/32;
deny 74.217.93.210/32;
deny 117.6.161.118/32;
deny 154.119.50.246/32;
deny 74.217.93.205/32;
deny 37.76.234.230/32;
deny 176.122.251.56/32;
deny 113.254.33.38/32;
deny 185.145.202.171/32;
deny 175.139.252.193/32;
deny 5.188.10.8/32;
deny 5.199.130.127/32;
deny 185.220.101.10/32;
deny 192.160.102.169/32;
deny 185.220.101.9/32;
deny 216.218.134.12/32;
deny 144.217.245.23/32;
deny 185.220.101.22/32;
deny 104.192.0.58/32;
deny 91.195.158.95/32;
deny 51.15.72.211/32;
deny 185.220.101.30/32;
deny 185.100.87.206/32;
deny 104.218.63.72/32;
deny 185.38.14.171/32;
deny 65.19.167.130/32;
deny 185.220.101.29/32;
deny 65.19.167.131/32;
deny 216.218.222.12/32;
deny 204.85.191.30/32;
deny 196.220.97.1/32;
deny 193.90.12.119/32;
deny 54.36.222.37/32;
deny 163.172.171.163/32;
deny 51.15.143.28/32;
deny 84.141.66.143/32;
deny 93.115.95.207/32;
deny 62.210.105.116/32;
deny 193.90.12.116/32;
deny 185.220.101.24/32;
deny 51.254.208.245/32;
deny 37.187.94.86/32;
deny 185.220.101.21/32;
deny 51.15.64.39/32;
deny 91.250.241.241/32;
deny 188.214.104.146/32;
deny 172.104.252.154/32;
deny 77.247.181.162/32;
deny 176.10.104.243/32;
deny 192.36.27.4/32;
deny 93.115.86.4/32;
deny 149.202.170.60/32;
deny 144.217.60.239/32;
deny 185.220.101.1/32;
deny 185.11.167.4/32;
deny 185.10.68.114/32;
deny 109.201.133.100/32;
deny 171.25.193.77/32;
deny 5.79.86.15/32;
deny 172.104.29.241/32;
deny 163.172.41.228/32;
deny 163.172.160.182/32;
deny 94.100.6.27/32;
deny 185.220.101.28/32;
deny 176.31.180.157/32;
deny 5.135.158.101/32;
deny 185.195.25.111/32;
deny 185.220.101.25/32;
deny 62.210.110.181/32;
deny 193.90.12.115/32;
deny 195.22.126.147/32;
deny 84.53.65.151/32;
deny 104.218.63.74/32;
deny 144.217.245.243/32;
deny 178.17.170.156/32;
deny 46.182.106.190/32;
deny 84.209.48.106/32;
deny 185.117.118.234/32;
deny 185.220.101.44/32;
deny 192.99.247.1/32;
deny 163.172.174.24/32;
deny 46.101.128.0/18;
deny 192.36.27.6/32;
deny 185.129.62.63/32;
deny 104.223.123.98/32;
deny 193.90.12.117/32;
deny 171.25.193.235/32;
deny 51.15.64.212/32;
deny 166.70.207.2/32;
deny 216.218.222.14/32;
deny 176.223.113.26/32;
deny 178.63.97.34/32;
deny 176.10.99.200/32;
deny 37.233.103.114/32;
deny 78.109.23.1/32;
deny 185.165.168.229/32;
deny 109.228.51.164/32;
deny 170.250.140.52/32;
deny 176.107.188.11/32;
deny 185.220.101.6/32;
deny 185.220.101.46/32;
deny 146.185.177.103/32;
deny 64.113.32.29/32;
deny 95.128.43.164/32;
deny 37.220.35.202/32;
deny 5.196.66.162/32;
deny 5.254.112.154/32;
deny 31.171.155.131/32;
deny 93.115.95.206/32;
deny 185.220.101.15/32;
deny 185.220.101.4/32;
deny 185.100.85.101/32;
deny 185.222.209.32/32;
deny 185.227.82.9/32;
deny 85.93.218.204/32;
deny 93.115.95.205/32;
deny 87.118.92.43/32;
deny 51.15.56.204/32;
deny 66.70.217.179/32;
deny 185.100.87.207/32;
deny 185.220.101.32/32;
deny 176.8.24.228/32;
deny 51.15.209.128/32;
deny 193.90.12.118/32;
deny 52.224.48.30/32;
deny 62.210.37.82/32;
deny 80.127.116.96/32;
deny 122.183.242.53/32;
deny 93.115.95.204/32;
deny 165.227.39.194/32;
deny 144.217.60.211/32;
deny 176.126.252.12/32;
deny 178.165.72.177/32;
deny 185.38.14.215/32;
deny 27.124.124.126/32;
deny 185.165.168.77/32;
deny 185.220.101.26/32;
deny 217.147.169.75/32;
deny 185.169.43.68/32;
deny 185.220.101.8/32;
deny 144.217.45.37/32;
deny 65.19.167.132/32;
# ==========================================
static/conf.d/country.conf
-23
View File
@@ -1,23 +0,0 @@
map $geoip2_data_country_code $allowed_country {
default yes;
BD no;
IT no;
PL no;
CM no;
CA no;
TH no;
ZA no;
EC no;
HK no;
CZ no;
ID no;
BR no;
SA no;
FK no;
FM no;
EH no;
CN no;
VN no;
RU no;
TR no;
}
static/etc/init.d/nginx
-209
View File
@@ -1,209 +0,0 @@
#!/bin/sh
### BEGIN INIT INFO
# Provides: nginx
# Required-Start: $local_fs $remote_fs $network $syslog $named
# Required-Stop: $local_fs $remote_fs $network $syslog $named
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: starts the nginx web server
# Description: starts nginx using start-stop-daemon
### END INIT INFO
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
DAEMON=/usr/sbin/nginx
NAME=nginx
DESC=nginx
# Include nginx defaults if available
if [ -r /etc/default/nginx ]; then
. /etc/default/nginx
fi
test -x $DAEMON || exit 0
. /lib/init/vars.sh
. /lib/lsb/init-functions
# Try to extract nginx pidfile
PID=$(cat /nginx/nginx.conf | grep -Ev '^\s*#' | awk 'BEGIN { RS="[;{}]" } { if ($1 == "pid") print $2 }' | head -n1)
if [ -z "$PID" ]
then
PID=/run/nginx.pid
fi
# Check if the ULIMIT is set in /etc/default/nginx
if [ -n "$ULIMIT" ]; then
# Set the ulimits
ulimit $ULIMIT
fi
#
# Function that starts the daemon/service
#
do_start()
{
# Return
# 0 if daemon has been started
# 1 if daemon was already running
# 2 if daemon could not be started
start-stop-daemon --start --quiet --pidfile $PID --exec $DAEMON --test > /dev/null \
|| return 1
start-stop-daemon --start --quiet --pidfile $PID --exec $DAEMON -- \
$DAEMON_OPTS 2>/dev/null \
|| return 2
}
test_nginx_config() {
$DAEMON -t $DAEMON_OPTS >/dev/null 2>&1
}
#
# Function that stops the daemon/service
#
do_stop()
{
# Return
# 0 if daemon has been stopped
# 1 if daemon was already stopped
# 2 if daemon could not be stopped
# other if a failure occurred
start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PID --name $NAME
RETVAL="$?"
sleep 1
return "$RETVAL"
}
#
# Function that sends a SIGHUP to the daemon/service
#
do_reload() {
start-stop-daemon --stop --signal HUP --quiet --pidfile $PID --name $NAME
return 0
}
#
# Rotate log files
#
do_rotate() {
start-stop-daemon --stop --signal USR1 --quiet --pidfile $PID --name $NAME
return 0
}
#
# Online upgrade nginx executable
#
# "Upgrading Executable on the Fly"
# http://nginx.org/en/docs/control.html
#
do_upgrade() {
# Return
# 0 if nginx has been successfully upgraded
# 1 if nginx is not running
# 2 if the pid files were not created on time
# 3 if the old master could not be killed
if start-stop-daemon --stop --signal USR2 --quiet --pidfile $PID --name $NAME; then
# Wait for both old and new master to write their pid file
while [ ! -s "${PID}.oldbin" ] || [ ! -s "${PID}" ]; do
cnt=`expr $cnt + 1`
if [ $cnt -gt 10 ]; then
return 2
fi
sleep 1
done
# Everything is ready, gracefully stop the old master
if start-stop-daemon --stop --signal QUIT --quiet --pidfile "${PID}.oldbin" --name $NAME; then
return 0
else
return 3
fi
else
return 1
fi
}
case "$1" in
start)
[ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME"
do_start
case "$?" in
0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
esac
;;
stop)
[ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME"
do_stop
case "$?" in
0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
esac
;;
restart)
log_daemon_msg "Restarting $DESC" "$NAME"
# Check configuration before stopping nginx
if ! test_nginx_config; then
log_end_msg 1 # Configuration error
exit 0
fi
do_stop
case "$?" in
0|1)
do_start
case "$?" in
0) log_end_msg 0 ;;
1) log_end_msg 1 ;; # Old process is still running
*) log_end_msg 1 ;; # Failed to start
esac
;;
*)
# Failed to stop
log_end_msg 1
;;
esac
;;
reload|force-reload)
log_daemon_msg "Reloading $DESC configuration" "$NAME"
# Check configuration before reload nginx
#
# This is not entirely correct since the on-disk nginx binary
# may differ from the in-memory one, but that's not common.
# We prefer to check the configuration and return an error
# to the administrator.
if ! test_nginx_config; then
log_end_msg 1 # Configuration error
exit 0
fi
do_reload
log_end_msg $?
;;
configtest|testconfig)
log_daemon_msg "Testing $DESC configuration"
test_nginx_config
log_end_msg $?
;;
status)
status_of_proc -p $PID "$DAEMON" "$NAME" && exit 0 || exit $?
;;
upgrade)
log_daemon_msg "Upgrading binary" "$NAME"
do_upgrade
log_end_msg 0
;;
rotate)
log_daemon_msg "Re-opening $DESC log files" "$NAME"
do_rotate
log_end_msg $?
;;
*)
echo "Usage: $NAME {start|stop|restart|reload|force-reload|status|configtest|rotate|upgrade}" >&2
exit 3
;;
esac
:
static/html/index.html
-5
View File
@@ -1,5 +0,0 @@
<html>
<center><h1>NGINX-AS-WEB-FIREWALL Default Page!?</h1></center>
<center><h2>If you can see this that means your installation was successful!</h2></center>
<center><h2>Thank You For Using This Project, For Issues or suggestion Post them on <a href="https://github.com/theraw/The-World-Is-Yours" target="_blank">(Github)</a></h2></center>
</html>
static/mod/ndk_http_module.so
Executable
BIN
View File
Binary file not shown.
static/mod/ngx_http_brotli_filter_module.so
Executable
BIN
View File
Binary file not shown.
static/mod/ngx_http_brotli_static_module.so
Executable
BIN
View File
Binary file not shown.
static/mod/ngx_http_flv_live_module.so
Executable
BIN
View File
Binary file not shown.
static/mod/ngx_http_geoip2_module.so
Executable
BIN
View File
Binary file not shown.
static/mod/ngx_http_headers_more_filter_module.so
Executable
BIN
View File
Binary file not shown.
static/mod/ngx_http_js_module.so
Executable
BIN
View File
Binary file not shown.
static/mod/ngx_http_lua_module.so
Executable
BIN
View File
Binary file not shown.
static/mod/ngx_http_modsecurity_module.so
Executable
BIN
View File
Binary file not shown.
static/mod/ngx_http_naxsi_module.so
Executable
BIN
View File
Binary file not shown.
static/mod/ngx_http_set_misc_module.so
Executable
BIN
View File
Binary file not shown.
static/mod/ngx_http_testcookie_access_module.so
Executable
BIN
View File
Binary file not shown.
static/mod/ngx_pagespeed.so
Executable
BIN
View File
Binary file not shown.
static/mod/ngx_stream_geoip2_module.so
Executable
BIN
View File
Binary file not shown.
static/mod/ngx_stream_js_module.so
Executable
BIN
View File
Binary file not shown.
static/raws/template
-55
View File
@@ -1,55 +0,0 @@
server {
listen 80;
root /hostdata/raws.com/public_html;
index index.html index.php;
server_name raws.com www.raws.com;
location / {
SecRulesEnabled;
LearningMode;
DeniedUrl "/denied/";
CheckRule "$SQL >= 8" BLOCK;
CheckRule "$RFI >= 8" BLOCK;
CheckRule "$TRAVERSAL >= 4" BLOCK;
CheckRule "$EVADE >= 4" BLOCK;
CheckRule "$XSS >= 8" BLOCK;
access_log /hostdata/raws.com/logs/access.log main;
error_log /hostdata/raws.com/logs/error.log;
try_files $uri $uri/ =404;
}
location /denied/ {
return 444;
}
# =========================================
# PHPMYADMIN.
# =========================================
location /phpmyadmin {
root /hostdata/default/;
location ~ ^/phpmyadmin/(.+\.php)$ {
try_files $uri =404;
root /hostdata/default/;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include /nginx/fastcgi_params;
}
}
# =========================================
# END PHPMYADMIN.
# =========================================
# =========================================
# PHP.
# =========================================
location ~ \.php {
try_files $uri /index.php =404;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include /nginx/fastcgi_params;
}
# =========================================
# END PHP.
# =========================================
}
static/sysctl.conf
-23
View File
@@ -1,23 +0,0 @@
vm.nr_hugepages = 0
vm.vfs_cache_pressure = 30
fs.file-max = 1000000
net.core.wmem_max = 16777216
net.core.rmem_max = 16777216
kernel.randomize_va_space = 2
net.ipv4.ip_forward = 1
net.ipv4.tcp_syncookies = 1
net.ipv4.ip_local_port_range = 1024 64999
net.ipv4.tcp_wmem = 4096 65536 16777216
net.ipv4.tcp_rmem = 4096 87380 16777216
net.ipv4.tcp_window_scaling = 1
net.core.somaxconn = 32768
net.core.netdev_max_backlog = 30000
net.ipv4.tcp_max_syn_backlog = 2048
net.ipv4.tcp_fin_timeout = 90
net.ipv4.tcp_tw_reuse = 1
net.core.default_qdisc = fq
net.ipv4.tcp_congestion_control = bbr
net.ipv4.tcp_synack_retries = 2
net.ipv4.tcp_syn_retries = 2
kernel.sched_autogroup_enabled = 0
net.ipv4.tcp_max_orphans = 32768
static/vhost/aes.min.js
Vendored
-790
View File
@@ -1,790 +0,0 @@
/*
* aes.js: implements AES - Advanced Encryption Standard
* from the SlowAES project, http://code.google.com/p/slowaes/
*
* Copyright (c) 2008 Josh Davis ( http://www.josh-davis.org ),
* Mark Percival ( http://mpercival.com ),
*
* Ported from C code written by Laurent Haan ( http://www.progressive-coding.com )
*
* Licensed under the Apache License, Version 2.0
* http://www.apache.org/licenses/
*/
var slowAES = {
/*
* START AES SECTION
*/
aes:{
// structure of valid key sizes
keySize:{
SIZE_128:16,
SIZE_192:24,
SIZE_256:32
},
// Rijndael S-box
sbox:[
0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5, 0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76,
0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0, 0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0,
0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc, 0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15,
0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a, 0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75,
0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0, 0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84,
0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b, 0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf,
0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85, 0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8,
0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5, 0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2,
0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17, 0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73,
0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88, 0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb,
0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c, 0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79,
0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9, 0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08,
0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6, 0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a,
0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e, 0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e,
0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94, 0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf,
0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68, 0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16 ],
// Rijndael Inverted S-box
rsbox:
[ 0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38, 0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb
, 0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87, 0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb
, 0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d, 0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e
, 0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2, 0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25
, 0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16, 0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92
, 0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda, 0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84
, 0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a, 0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06
, 0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02, 0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b
, 0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea, 0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73
, 0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85, 0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e
, 0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89, 0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b
, 0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20, 0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4
, 0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31, 0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f
, 0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d, 0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef
, 0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0, 0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61
, 0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26, 0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d ],
/* rotate the word eight bits to the left */
rotate:function(word)
{
var c = word[0];
for (var i = 0; i < 3; i++)
word[i] = word[i+1];
word[3] = c;
return word;
},
// Rijndael Rcon
Rcon:[
0x8d, 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1b, 0x36, 0x6c, 0xd8,
0xab, 0x4d, 0x9a, 0x2f, 0x5e, 0xbc, 0x63, 0xc6, 0x97, 0x35, 0x6a, 0xd4, 0xb3,
0x7d, 0xfa, 0xef, 0xc5, 0x91, 0x39, 0x72, 0xe4, 0xd3, 0xbd, 0x61, 0xc2, 0x9f,
0x25, 0x4a, 0x94, 0x33, 0x66, 0xcc, 0x83, 0x1d, 0x3a, 0x74, 0xe8, 0xcb, 0x8d,
0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1b, 0x36, 0x6c, 0xd8, 0xab,
0x4d, 0x9a, 0x2f, 0x5e, 0xbc, 0x63, 0xc6, 0x97, 0x35, 0x6a, 0xd4, 0xb3, 0x7d,
0xfa, 0xef, 0xc5, 0x91, 0x39, 0x72, 0xe4, 0xd3, 0xbd, 0x61, 0xc2, 0x9f, 0x25,
0x4a, 0x94, 0x33, 0x66, 0xcc, 0x83, 0x1d, 0x3a, 0x74, 0xe8, 0xcb, 0x8d, 0x01,
0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1b, 0x36, 0x6c, 0xd8, 0xab, 0x4d,
0x9a, 0x2f, 0x5e, 0xbc, 0x63, 0xc6, 0x97, 0x35, 0x6a, 0xd4, 0xb3, 0x7d, 0xfa,
0xef, 0xc5, 0x91, 0x39, 0x72, 0xe4, 0xd3, 0xbd, 0x61, 0xc2, 0x9f, 0x25, 0x4a,
0x94, 0x33, 0x66, 0xcc, 0x83, 0x1d, 0x3a, 0x74, 0xe8, 0xcb, 0x8d, 0x01, 0x02,
0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1b, 0x36, 0x6c, 0xd8, 0xab, 0x4d, 0x9a,
0x2f, 0x5e, 0xbc, 0x63, 0xc6, 0x97, 0x35, 0x6a, 0xd4, 0xb3, 0x7d, 0xfa, 0xef,
0xc5, 0x91, 0x39, 0x72, 0xe4, 0xd3, 0xbd, 0x61, 0xc2, 0x9f, 0x25, 0x4a, 0x94,
0x33, 0x66, 0xcc, 0x83, 0x1d, 0x3a, 0x74, 0xe8, 0xcb, 0x8d, 0x01, 0x02, 0x04,
0x08, 0x10, 0x20, 0x40, 0x80, 0x1b, 0x36, 0x6c, 0xd8, 0xab, 0x4d, 0x9a, 0x2f,
0x5e, 0xbc, 0x63, 0xc6, 0x97, 0x35, 0x6a, 0xd4, 0xb3, 0x7d, 0xfa, 0xef, 0xc5,
0x91, 0x39, 0x72, 0xe4, 0xd3, 0xbd, 0x61, 0xc2, 0x9f, 0x25, 0x4a, 0x94, 0x33,
0x66, 0xcc, 0x83, 0x1d, 0x3a, 0x74, 0xe8, 0xcb ],
G2X: [
0x00, 0x02, 0x04, 0x06, 0x08, 0x0a, 0x0c, 0x0e, 0x10, 0x12, 0x14, 0x16,
0x18, 0x1a, 0x1c, 0x1e, 0x20, 0x22, 0x24, 0x26, 0x28, 0x2a, 0x2c, 0x2e,
0x30, 0x32, 0x34, 0x36, 0x38, 0x3a, 0x3c, 0x3e, 0x40, 0x42, 0x44, 0x46,
0x48, 0x4a, 0x4c, 0x4e, 0x50, 0x52, 0x54, 0x56, 0x58, 0x5a, 0x5c, 0x5e,
0x60, 0x62, 0x64, 0x66, 0x68, 0x6a, 0x6c, 0x6e, 0x70, 0x72, 0x74, 0x76,
0x78, 0x7a, 0x7c, 0x7e, 0x80, 0x82, 0x84, 0x86, 0x88, 0x8a, 0x8c, 0x8e,
0x90, 0x92, 0x94, 0x96, 0x98, 0x9a, 0x9c, 0x9e, 0xa0, 0xa2, 0xa4, 0xa6,
0xa8, 0xaa, 0xac, 0xae, 0xb0, 0xb2, 0xb4, 0xb6, 0xb8, 0xba, 0xbc, 0xbe,
0xc0, 0xc2, 0xc4, 0xc6, 0xc8, 0xca, 0xcc, 0xce, 0xd0, 0xd2, 0xd4, 0xd6,
0xd8, 0xda, 0xdc, 0xde, 0xe0, 0xe2, 0xe4, 0xe6, 0xe8, 0xea, 0xec, 0xee,
0xf0, 0xf2, 0xf4, 0xf6, 0xf8, 0xfa, 0xfc, 0xfe, 0x1b, 0x19, 0x1f, 0x1d,
0x13, 0x11, 0x17, 0x15, 0x0b, 0x09, 0x0f, 0x0d, 0x03, 0x01, 0x07, 0x05,
0x3b, 0x39, 0x3f, 0x3d, 0x33, 0x31, 0x37, 0x35, 0x2b, 0x29, 0x2f, 0x2d,
0x23, 0x21, 0x27, 0x25, 0x5b, 0x59, 0x5f, 0x5d, 0x53, 0x51, 0x57, 0x55,
0x4b, 0x49, 0x4f, 0x4d, 0x43, 0x41, 0x47, 0x45, 0x7b, 0x79, 0x7f, 0x7d,
0x73, 0x71, 0x77, 0x75, 0x6b, 0x69, 0x6f, 0x6d, 0x63, 0x61, 0x67, 0x65,
0x9b, 0x99, 0x9f, 0x9d, 0x93, 0x91, 0x97, 0x95, 0x8b, 0x89, 0x8f, 0x8d,
0x83, 0x81, 0x87, 0x85, 0xbb, 0xb9, 0xbf, 0xbd, 0xb3, 0xb1, 0xb7, 0xb5,
0xab, 0xa9, 0xaf, 0xad, 0xa3, 0xa1, 0xa7, 0xa5, 0xdb, 0xd9, 0xdf, 0xdd,
0xd3, 0xd1, 0xd7, 0xd5, 0xcb, 0xc9, 0xcf, 0xcd, 0xc3, 0xc1, 0xc7, 0xc5,
0xfb, 0xf9, 0xff, 0xfd, 0xf3, 0xf1, 0xf7, 0xf5, 0xeb, 0xe9, 0xef, 0xed,
0xe3, 0xe1, 0xe7, 0xe5
],
G3X: [
0x00, 0x03, 0x06, 0x05, 0x0c, 0x0f, 0x0a, 0x09, 0x18, 0x1b, 0x1e, 0x1d,
0x14, 0x17, 0x12, 0x11, 0x30, 0x33, 0x36, 0x35, 0x3c, 0x3f, 0x3a, 0x39,
0x28, 0x2b, 0x2e, 0x2d, 0x24, 0x27, 0x22, 0x21, 0x60, 0x63, 0x66, 0x65,
0x6c, 0x6f, 0x6a, 0x69, 0x78, 0x7b, 0x7e, 0x7d, 0x74, 0x77, 0x72, 0x71,
0x50, 0x53, 0x56, 0x55, 0x5c, 0x5f, 0x5a, 0x59, 0x48, 0x4b, 0x4e, 0x4d,
0x44, 0x47, 0x42, 0x41, 0xc0, 0xc3, 0xc6, 0xc5, 0xcc, 0xcf, 0xca, 0xc9,
0xd8, 0xdb, 0xde, 0xdd, 0xd4, 0xd7, 0xd2, 0xd1, 0xf0, 0xf3, 0xf6, 0xf5,
0xfc, 0xff, 0xfa, 0xf9, 0xe8, 0xeb, 0xee, 0xed, 0xe4, 0xe7, 0xe2, 0xe1,
0xa0, 0xa3, 0xa6, 0xa5, 0xac, 0xaf, 0xaa, 0xa9, 0xb8, 0xbb, 0xbe, 0xbd,
0xb4, 0xb7, 0xb2, 0xb1, 0x90, 0x93, 0x96, 0x95, 0x9c, 0x9f, 0x9a, 0x99,
0x88, 0x8b, 0x8e, 0x8d, 0x84, 0x87, 0x82, 0x81, 0x9b, 0x98, 0x9d, 0x9e,
0x97, 0x94, 0x91, 0x92, 0x83, 0x80, 0x85, 0x86, 0x8f, 0x8c, 0x89, 0x8a,
0xab, 0xa8, 0xad, 0xae, 0xa7, 0xa4, 0xa1, 0xa2, 0xb3, 0xb0, 0xb5, 0xb6,
0xbf, 0xbc, 0xb9, 0xba, 0xfb, 0xf8, 0xfd, 0xfe, 0xf7, 0xf4, 0xf1, 0xf2,
0xe3, 0xe0, 0xe5, 0xe6, 0xef, 0xec, 0xe9, 0xea, 0xcb, 0xc8, 0xcd, 0xce,
0xc7, 0xc4, 0xc1, 0xc2, 0xd3, 0xd0, 0xd5, 0xd6, 0xdf, 0xdc, 0xd9, 0xda,
0x5b, 0x58, 0x5d, 0x5e, 0x57, 0x54, 0x51, 0x52, 0x43, 0x40, 0x45, 0x46,
0x4f, 0x4c, 0x49, 0x4a, 0x6b, 0x68, 0x6d, 0x6e, 0x67, 0x64, 0x61, 0x62,
0x73, 0x70, 0x75, 0x76, 0x7f, 0x7c, 0x79, 0x7a, 0x3b, 0x38, 0x3d, 0x3e,
0x37, 0x34, 0x31, 0x32, 0x23, 0x20, 0x25, 0x26, 0x2f, 0x2c, 0x29, 0x2a,
0x0b, 0x08, 0x0d, 0x0e, 0x07, 0x04, 0x01, 0x02, 0x13, 0x10, 0x15, 0x16,
0x1f, 0x1c, 0x19, 0x1a
],
G9X: [
0x00, 0x09, 0x12, 0x1b, 0x24, 0x2d, 0x36, 0x3f, 0x48, 0x41, 0x5a, 0x53,
0x6c, 0x65, 0x7e, 0x77, 0x90, 0x99, 0x82, 0x8b, 0xb4, 0xbd, 0xa6, 0xaf,
0xd8, 0xd1, 0xca, 0xc3, 0xfc, 0xf5, 0xee, 0xe7, 0x3b, 0x32, 0x29, 0x20,
0x1f, 0x16, 0x0d, 0x04, 0x73, 0x7a, 0x61, 0x68, 0x57, 0x5e, 0x45, 0x4c,
0xab, 0xa2, 0xb9, 0xb0, 0x8f, 0x86, 0x9d, 0x94, 0xe3, 0xea, 0xf1, 0xf8,
0xc7, 0xce, 0xd5, 0xdc, 0x76, 0x7f, 0x64, 0x6d, 0x52, 0x5b, 0x40, 0x49,
0x3e, 0x37, 0x2c, 0x25, 0x1a, 0x13, 0x08, 0x01, 0xe6, 0xef, 0xf4, 0xfd,
0xc2, 0xcb, 0xd0, 0xd9, 0xae, 0xa7, 0xbc, 0xb5, 0x8a, 0x83, 0x98, 0x91,
0x4d, 0x44, 0x5f, 0x56, 0x69, 0x60, 0x7b, 0x72, 0x05, 0x0c, 0x17, 0x1e,
0x21, 0x28, 0x33, 0x3a, 0xdd, 0xd4, 0xcf, 0xc6, 0xf9, 0xf0, 0xeb, 0xe2,
0x95, 0x9c, 0x87, 0x8e, 0xb1, 0xb8, 0xa3, 0xaa, 0xec, 0xe5, 0xfe, 0xf7,
0xc8, 0xc1, 0xda, 0xd3, 0xa4, 0xad, 0xb6, 0xbf, 0x80, 0x89, 0x92, 0x9b,
0x7c, 0x75, 0x6e, 0x67, 0x58, 0x51, 0x4a, 0x43, 0x34, 0x3d, 0x26, 0x2f,
0x10, 0x19, 0x02, 0x0b, 0xd7, 0xde, 0xc5, 0xcc, 0xf3, 0xfa, 0xe1, 0xe8,
0x9f, 0x96, 0x8d, 0x84, 0xbb, 0xb2, 0xa9, 0xa0, 0x47, 0x4e, 0x55, 0x5c,
0x63, 0x6a, 0x71, 0x78, 0x0f, 0x06, 0x1d, 0x14, 0x2b, 0x22, 0x39, 0x30,
0x9a, 0x93, 0x88, 0x81, 0xbe, 0xb7, 0xac, 0xa5, 0xd2, 0xdb, 0xc0, 0xc9,
0xf6, 0xff, 0xe4, 0xed, 0x0a, 0x03, 0x18, 0x11, 0x2e, 0x27, 0x3c, 0x35,
0x42, 0x4b, 0x50, 0x59, 0x66, 0x6f, 0x74, 0x7d, 0xa1, 0xa8, 0xb3, 0xba,
0x85, 0x8c, 0x97, 0x9e, 0xe9, 0xe0, 0xfb, 0xf2, 0xcd, 0xc4, 0xdf, 0xd6,
0x31, 0x38, 0x23, 0x2a, 0x15, 0x1c, 0x07, 0x0e, 0x79, 0x70, 0x6b, 0x62,
0x5d, 0x54, 0x4f, 0x46
],
GBX: [
0x00, 0x0b, 0x16, 0x1d, 0x2c, 0x27, 0x3a, 0x31, 0x58, 0x53, 0x4e, 0x45,
0x74, 0x7f, 0x62, 0x69, 0xb0, 0xbb, 0xa6, 0xad, 0x9c, 0x97, 0x8a, 0x81,
0xe8, 0xe3, 0xfe, 0xf5, 0xc4, 0xcf, 0xd2, 0xd9, 0x7b, 0x70, 0x6d, 0x66,
0x57, 0x5c, 0x41, 0x4a, 0x23, 0x28, 0x35, 0x3e, 0x0f, 0x04, 0x19, 0x12,
0xcb, 0xc0, 0xdd, 0xd6, 0xe7, 0xec, 0xf1, 0xfa, 0x93, 0x98, 0x85, 0x8e,
0xbf, 0xb4, 0xa9, 0xa2, 0xf6, 0xfd, 0xe0, 0xeb, 0xda, 0xd1, 0xcc, 0xc7,
0xae, 0xa5, 0xb8, 0xb3, 0x82, 0x89, 0x94, 0x9f, 0x46, 0x4d, 0x50, 0x5b,
0x6a, 0x61, 0x7c, 0x77, 0x1e, 0x15, 0x08, 0x03, 0x32, 0x39, 0x24, 0x2f,
0x8d, 0x86, 0x9b, 0x90, 0xa1, 0xaa, 0xb7, 0xbc, 0xd5, 0xde, 0xc3, 0xc8,
0xf9, 0xf2, 0xef, 0xe4, 0x3d, 0x36, 0x2b, 0x20, 0x11, 0x1a, 0x07, 0x0c,
0x65, 0x6e, 0x73, 0x78, 0x49, 0x42, 0x5f, 0x54, 0xf7, 0xfc, 0xe1, 0xea,
0xdb, 0xd0, 0xcd, 0xc6, 0xaf, 0xa4, 0xb9, 0xb2, 0x83, 0x88, 0x95, 0x9e,
0x47, 0x4c, 0x51, 0x5a, 0x6b, 0x60, 0x7d, 0x76, 0x1f, 0x14, 0x09, 0x02,
0x33, 0x38, 0x25, 0x2e, 0x8c, 0x87, 0x9a, 0x91, 0xa0, 0xab, 0xb6, 0xbd,
0xd4, 0xdf, 0xc2, 0xc9, 0xf8, 0xf3, 0xee, 0xe5, 0x3c, 0x37, 0x2a, 0x21,
0x10, 0x1b, 0x06, 0x0d, 0x64, 0x6f, 0x72, 0x79, 0x48, 0x43, 0x5e, 0x55,
0x01, 0x0a, 0x17, 0x1c, 0x2d, 0x26, 0x3b, 0x30, 0x59, 0x52, 0x4f, 0x44,
0x75, 0x7e, 0x63, 0x68, 0xb1, 0xba, 0xa7, 0xac, 0x9d, 0x96, 0x8b, 0x80,
0xe9, 0xe2, 0xff, 0xf4, 0xc5, 0xce, 0xd3, 0xd8, 0x7a, 0x71, 0x6c, 0x67,
0x56, 0x5d, 0x40, 0x4b, 0x22, 0x29, 0x34, 0x3f, 0x0e, 0x05, 0x18, 0x13,
0xca, 0xc1, 0xdc, 0xd7, 0xe6, 0xed, 0xf0, 0xfb, 0x92, 0x99, 0x84, 0x8f,
0xbe, 0xb5, 0xa8, 0xa3
],
GDX: [
0x00, 0x0d, 0x1a, 0x17, 0x34, 0x39, 0x2e, 0x23, 0x68, 0x65, 0x72, 0x7f,
0x5c, 0x51, 0x46, 0x4b, 0xd0, 0xdd, 0xca, 0xc7, 0xe4, 0xe9, 0xfe, 0xf3,
0xb8, 0xb5, 0xa2, 0xaf, 0x8c, 0x81, 0x96, 0x9b, 0xbb, 0xb6, 0xa1, 0xac,
0x8f, 0x82, 0x95, 0x98, 0xd3, 0xde, 0xc9, 0xc4, 0xe7, 0xea, 0xfd, 0xf0,
0x6b, 0x66, 0x71, 0x7c, 0x5f, 0x52, 0x45, 0x48, 0x03, 0x0e, 0x19, 0x14,
0x37, 0x3a, 0x2d, 0x20, 0x6d, 0x60, 0x77, 0x7a, 0x59, 0x54, 0x43, 0x4e,
0x05, 0x08, 0x1f, 0x12, 0x31, 0x3c, 0x2b, 0x26, 0xbd, 0xb0, 0xa7, 0xaa,
0x89, 0x84, 0x93, 0x9e, 0xd5, 0xd8, 0xcf, 0xc2, 0xe1, 0xec, 0xfb, 0xf6,
0xd6, 0xdb, 0xcc, 0xc1, 0xe2, 0xef, 0xf8, 0xf5, 0xbe, 0xb3, 0xa4, 0xa9,
0x8a, 0x87, 0x90, 0x9d, 0x06, 0x0b, 0x1c, 0x11, 0x32, 0x3f, 0x28, 0x25,
0x6e, 0x63, 0x74, 0x79, 0x5a, 0x57, 0x40, 0x4d, 0xda, 0xd7, 0xc0, 0xcd,
0xee, 0xe3, 0xf4, 0xf9, 0xb2, 0xbf, 0xa8, 0xa5, 0x86, 0x8b, 0x9c, 0x91,
0x0a, 0x07, 0x10, 0x1d, 0x3e, 0x33, 0x24, 0x29, 0x62, 0x6f, 0x78, 0x75,
0x56, 0x5b, 0x4c, 0x41, 0x61, 0x6c, 0x7b, 0x76, 0x55, 0x58, 0x4f, 0x42,
0x09, 0x04, 0x13, 0x1e, 0x3d, 0x30, 0x27, 0x2a, 0xb1, 0xbc, 0xab, 0xa6,
0x85, 0x88, 0x9f, 0x92, 0xd9, 0xd4, 0xc3, 0xce, 0xed, 0xe0, 0xf7, 0xfa,
0xb7, 0xba, 0xad, 0xa0, 0x83, 0x8e, 0x99, 0x94, 0xdf, 0xd2, 0xc5, 0xc8,
0xeb, 0xe6, 0xf1, 0xfc, 0x67, 0x6a, 0x7d, 0x70, 0x53, 0x5e, 0x49, 0x44,
0x0f, 0x02, 0x15, 0x18, 0x3b, 0x36, 0x21, 0x2c, 0x0c, 0x01, 0x16, 0x1b,
0x38, 0x35, 0x22, 0x2f, 0x64, 0x69, 0x7e, 0x73, 0x50, 0x5d, 0x4a, 0x47,
0xdc, 0xd1, 0xc6, 0xcb, 0xe8, 0xe5, 0xf2, 0xff, 0xb4, 0xb9, 0xae, 0xa3,
0x80, 0x8d, 0x9a, 0x97
],
GEX: [
0x00, 0x0e, 0x1c, 0x12, 0x38, 0x36, 0x24, 0x2a, 0x70, 0x7e, 0x6c, 0x62,
0x48, 0x46, 0x54, 0x5a, 0xe0, 0xee, 0xfc, 0xf2, 0xd8, 0xd6, 0xc4, 0xca,
0x90, 0x9e, 0x8c, 0x82, 0xa8, 0xa6, 0xb4, 0xba, 0xdb, 0xd5, 0xc7, 0xc9,
0xe3, 0xed, 0xff, 0xf1, 0xab, 0xa5, 0xb7, 0xb9, 0x93, 0x9d, 0x8f, 0x81,
0x3b, 0x35, 0x27, 0x29, 0x03, 0x0d, 0x1f, 0x11, 0x4b, 0x45, 0x57, 0x59,
0x73, 0x7d, 0x6f, 0x61, 0xad, 0xa3, 0xb1, 0xbf, 0x95, 0x9b, 0x89, 0x87,
0xdd, 0xd3, 0xc1, 0xcf, 0xe5, 0xeb, 0xf9, 0xf7, 0x4d, 0x43, 0x51, 0x5f,
0x75, 0x7b, 0x69, 0x67, 0x3d, 0x33, 0x21, 0x2f, 0x05, 0x0b, 0x19, 0x17,
0x76, 0x78, 0x6a, 0x64, 0x4e, 0x40, 0x52, 0x5c, 0x06, 0x08, 0x1a, 0x14,
0x3e, 0x30, 0x22, 0x2c, 0x96, 0x98, 0x8a, 0x84, 0xae, 0xa0, 0xb2, 0xbc,
0xe6, 0xe8, 0xfa, 0xf4, 0xde, 0xd0, 0xc2, 0xcc, 0x41, 0x4f, 0x5d, 0x53,
0x79, 0x77, 0x65, 0x6b, 0x31, 0x3f, 0x2d, 0x23, 0x09, 0x07, 0x15, 0x1b,
0xa1, 0xaf, 0xbd, 0xb3, 0x99, 0x97, 0x85, 0x8b, 0xd1, 0xdf, 0xcd, 0xc3,
0xe9, 0xe7, 0xf5, 0xfb, 0x9a, 0x94, 0x86, 0x88, 0xa2, 0xac, 0xbe, 0xb0,
0xea, 0xe4, 0xf6, 0xf8, 0xd2, 0xdc, 0xce, 0xc0, 0x7a, 0x74, 0x66, 0x68,
0x42, 0x4c, 0x5e, 0x50, 0x0a, 0x04, 0x16, 0x18, 0x32, 0x3c, 0x2e, 0x20,
0xec, 0xe2, 0xf0, 0xfe, 0xd4, 0xda, 0xc8, 0xc6, 0x9c, 0x92, 0x80, 0x8e,
0xa4, 0xaa, 0xb8, 0xb6, 0x0c, 0x02, 0x10, 0x1e, 0x34, 0x3a, 0x28, 0x26,
0x7c, 0x72, 0x60, 0x6e, 0x44, 0x4a, 0x58, 0x56, 0x37, 0x39, 0x2b, 0x25,
0x0f, 0x01, 0x13, 0x1d, 0x47, 0x49, 0x5b, 0x55, 0x7f, 0x71, 0x63, 0x6d,
0xd7, 0xd9, 0xcb, 0xc5, 0xef, 0xe1, 0xf3, 0xfd, 0xa7, 0xa9, 0xbb, 0xb5,
0x9f, 0x91, 0x83, 0x8d
],
// Key Schedule Core
core:function(word,iteration)
{
/* rotate the 32-bit word 8 bits to the left */
word = this.rotate(word);
/* apply S-Box substitution on all 4 parts of the 32-bit word */
for (var i = 0; i < 4; ++i)
word[i] = this.sbox[word[i]];
/* XOR the output of the rcon operation with i to the first part (leftmost) only */
word[0] = word[0]^this.Rcon[iteration];
return word;
},
/* Rijndael's key expansion
* expands an 128,192,256 key into an 176,208,240 bytes key
*
* expandedKey is a pointer to an char array of large enough size
* key is a pointer to a non-expanded key
*/
expandKey:function(key,size)
{
var expandedKeySize = (16*(this.numberOfRounds(size)+1));
/* current expanded keySize, in bytes */
var currentSize = 0;
var rconIteration = 1;
var t = []; // temporary 4-byte variable
var expandedKey = [];
for(var i = 0;i < expandedKeySize;i++)
expandedKey[i] = 0;
/* set the 16,24,32 bytes of the expanded key to the input key */
for (var j = 0; j < size; j++)
expandedKey[j] = key[j];
currentSize += size;
while (currentSize < expandedKeySize)
{
/* assign the previous 4 bytes to the temporary value t */
for (var k = 0; k < 4; k++)
t[k] = expandedKey[(currentSize - 4) + k];
/* every 16,24,32 bytes we apply the core schedule to t
* and increment rconIteration afterwards
*/
if(currentSize % size == 0)
t = this.core(t, rconIteration++);
/* For 256-bit keys, we add an extra sbox to the calculation */
if(size == this.keySize.SIZE_256 && ((currentSize % size) == 16))
for(var l = 0; l < 4; l++)
t[l] = this.sbox[t[l]];
/* We XOR t with the four-byte block 16,24,32 bytes before the new expanded key.
* This becomes the next four bytes in the expanded key.
*/
for(var m = 0; m < 4; m++) {
expandedKey[currentSize] = expandedKey[currentSize - size] ^ t[m];
currentSize++;
}
}
return expandedKey;
},
// Adds (XORs) the round key to the state
addRoundKey:function(state,roundKey)
{
for (var i = 0; i < 16; i++)
state[i] ^= roundKey[i];
return state;
},
// Creates a round key from the given expanded key and the
// position within the expanded key.
createRoundKey:function(expandedKey,roundKeyPointer)
{
var roundKey = [];
for (var i = 0; i < 4; i++)
for (var j = 0; j < 4; j++)
roundKey[j*4+i] = expandedKey[roundKeyPointer + i*4 + j];
return roundKey;
},
/* substitute all the values from the state with the value in the SBox
* using the state value as index for the SBox
*/
subBytes:function(state,isInv)
{
for (var i = 0; i < 16; i++)
state[i] = isInv?this.rsbox[state[i]]:this.sbox[state[i]];
return state;
},
/* iterate over the 4 rows and call shiftRow() with that row */
shiftRows:function(state,isInv)
{
for (var i = 0; i < 4; i++)
state = this.shiftRow(state,i*4, i,isInv);
return state;
},
/* each iteration shifts the row to the left by 1 */
shiftRow:function(state,statePointer,nbr,isInv)
{
for (var i = 0; i < nbr; i++)
{
if(isInv)
{
var tmp = state[statePointer + 3];
for (var j = 3; j > 0; j--)
state[statePointer + j] = state[statePointer + j-1];
state[statePointer] = tmp;
}
else
{
var tmp = state[statePointer];
for (var j = 0; j < 3; j++)
state[statePointer + j] = state[statePointer + j+1];
state[statePointer + 3] = tmp;
}
}
return state;
},
// galois multiplication of 8 bit characters a and b
galois_multiplication:function(a,b)
{
var p = 0;
for(var counter = 0; counter < 8; counter++)
{
if((b & 1) == 1)
p ^= a;
if(p > 0x100) p ^= 0x100;
var hi_bit_set = (a & 0x80); //keep p 8 bit
a <<= 1;
if(a > 0x100) a ^= 0x100; //keep a 8 bit
if(hi_bit_set == 0x80)
a ^= 0x1b;
if(a > 0x100) a ^= 0x100; //keep a 8 bit
b >>= 1;
if(b > 0x100) b ^= 0x100; //keep b 8 bit
}
return p;
},
// galois multipication of the 4x4 matrix
mixColumns:function(state,isInv)
{
var column = [];
/* iterate over the 4 columns */
for (var i = 0; i < 4; i++)
{
/* construct one column by iterating over the 4 rows */
for (var j = 0; j < 4; j++)
column[j] = state[(j*4)+i];
/* apply the mixColumn on one column */
column = this.mixColumn(column,isInv);
/* put the values back into the state */
for (var k = 0; k < 4; k++)
state[(k*4)+i] = column[k];
}
return state;
},
// galois multipication of 1 column of the 4x4 matrix
mixColumn:function(column,isInv)
{
var mult = [];
if(isInv)
mult = [14,9,13,11];
else
mult = [2,1,1,3];
var cpy = [];
for(var i = 0; i < 4; i++)
cpy[i] = column[i];
column[0] = this.galois_multiplication(cpy[0],mult[0]) ^
this.galois_multiplication(cpy[3],mult[1]) ^
this.galois_multiplication(cpy[2],mult[2]) ^
this.galois_multiplication(cpy[1],mult[3]);
column[1] = this.galois_multiplication(cpy[1],mult[0]) ^
this.galois_multiplication(cpy[0],mult[1]) ^
this.galois_multiplication(cpy[3],mult[2]) ^
this.galois_multiplication(cpy[2],mult[3]);
column[2] = this.galois_multiplication(cpy[2],mult[0]) ^
this.galois_multiplication(cpy[1],mult[1]) ^
this.galois_multiplication(cpy[0],mult[2]) ^
this.galois_multiplication(cpy[3],mult[3]);
column[3] = this.galois_multiplication(cpy[3],mult[0]) ^
this.galois_multiplication(cpy[2],mult[1]) ^
this.galois_multiplication(cpy[1],mult[2]) ^
this.galois_multiplication(cpy[0],mult[3]);
return column;
},
// applies the 4 operations of the forward round in sequence
round:function(state, roundKey)
{
state = this.subBytes(state,false);
state = this.shiftRows(state,false);
state = this.mixColumns(state,false);
state = this.addRoundKey(state, roundKey);
return state;
},
// applies the 4 operations of the inverse round in sequence
invRound:function(state,roundKey)
{
state = this.shiftRows(state,true);
state = this.subBytes(state,true);
state = this.addRoundKey(state, roundKey);
state = this.mixColumns(state,true);
return state;
},
/*
* Perform the initial operations, the standard round, and the final operations
* of the forward aes, creating a round key for each round
*/
main:function(state,expandedKey,nbrRounds)
{
state = this.addRoundKey(state, this.createRoundKey(expandedKey,0));
for (var i = 1; i < nbrRounds; i++)
state = this.round(state, this.createRoundKey(expandedKey,16*i));
state = this.subBytes(state,false);
state = this.shiftRows(state,false);
state = this.addRoundKey(state, this.createRoundKey(expandedKey,16*nbrRounds));
return state;
},
/*
* Perform the initial operations, the standard round, and the final operations
* of the inverse aes, creating a round key for each round
*/
invMain:function(state, expandedKey, nbrRounds)
{
state = this.addRoundKey(state, this.createRoundKey(expandedKey,16*nbrRounds));
for (var i = nbrRounds-1; i > 0; i--)
state = this.invRound(state, this.createRoundKey(expandedKey,16*i));
state = this.shiftRows(state,true);
state = this.subBytes(state,true);
state = this.addRoundKey(state, this.createRoundKey(expandedKey,0));
return state;
},
numberOfRounds:function(size)
{
var nbrRounds;
switch (size) /* set the number of rounds */
{
case this.keySize.SIZE_128:
nbrRounds = 10;
break;
case this.keySize.SIZE_192:
nbrRounds = 12;
break;
case this.keySize.SIZE_256:
nbrRounds = 14;
break;
default:
return null;
break;
}
return nbrRounds;
},
// encrypts a 128 bit input block against the given key of size specified
encrypt:function(input,key,size)
{
var output = [];
var block = []; /* the 128 bit block to encode */
var nbrRounds = this.numberOfRounds(size);
/* Set the block values, for the block:
* a0,0 a0,1 a0,2 a0,3
* a1,0 a1,1 a1,2 a1,3
* a2,0 a2,1 a2,2 a2,3
* a3,0 a3,1 a3,2 a3,3
* the mapping order is a0,0 a1,0 a2,0 a3,0 a0,1 a1,1 ... a2,3 a3,3
*/
for (var i = 0; i < 4; i++) /* iterate over the columns */
for (var j = 0; j < 4; j++) /* iterate over the rows */
block[(i+(j*4))] = input[(i*4)+j];
/* expand the key into an 176, 208, 240 bytes key */
var expandedKey = this.expandKey(key, size); /* the expanded key */
/* encrypt the block using the expandedKey */
block = this.main(block, expandedKey, nbrRounds);
for (var k = 0; k < 4; k++) /* unmap the block again into the output */
for (var l = 0; l < 4; l++) /* iterate over the rows */
output[(k*4)+l] = block[(k+(l*4))];
return output;
},
// decrypts a 128 bit input block against the given key of size specified
decrypt:function(input, key, size)
{
var output = [];
var block = []; /* the 128 bit block to decode */
var nbrRounds = this.numberOfRounds(size);
/* Set the block values, for the block:
* a0,0 a0,1 a0,2 a0,3
* a1,0 a1,1 a1,2 a1,3
* a2,0 a2,1 a2,2 a2,3
* a3,0 a3,1 a3,2 a3,3
* the mapping order is a0,0 a1,0 a2,0 a3,0 a0,1 a1,1 ... a2,3 a3,3
*/
for (var i = 0; i < 4; i++) /* iterate over the columns */
for (var j = 0; j < 4; j++) /* iterate over the rows */
block[(i+(j*4))] = input[(i*4)+j];
/* expand the key into an 176, 208, 240 bytes key */
var expandedKey = this.expandKey(key, size);
/* decrypt the block using the expandedKey */
block = this.invMain(block, expandedKey, nbrRounds);
for (var k = 0; k < 4; k++)/* unmap the block again into the output */
for (var l = 0; l < 4; l++)/* iterate over the rows */
output[(k*4)+l] = block[(k+(l*4))];
return output;
}
},
/*
* END AES SECTION
*/
/*
* START MODE OF OPERATION SECTION
*/
//structure of supported modes of operation
modeOfOperation:{
OFB:0,
CFB:1,
CBC:2
},
// get a 16 byte block (aes operates on 128bits)
getBlock: function(bytesIn,start,end,mode)
{
if(end - start > 16)
end = start + 16;
return bytesIn.slice(start, end);
},
/*
* Mode of Operation Encryption
* bytesIn - Input String as array of bytes
* mode - mode of type modeOfOperation
* key - a number array of length 'size'
* size - the bit length of the key
* iv - the 128 bit number array Initialization Vector
*/
encrypt: function (bytesIn, mode, key, iv)
{
var size = key.length;
if(iv.length%16)
{
throw 'iv length must be 128 bits.';
}
// the AES input/output
var byteArray = [];
var input = [];
var output = [];
var ciphertext = [];
var cipherOut = [];
// char firstRound
var firstRound = true;
if (mode == this.modeOfOperation.CBC)
this.padBytesIn(bytesIn);
if (bytesIn !== null)
{
for (var j = 0;j < Math.ceil(bytesIn.length/16); j++)
{
var start = j*16;
var end = j*16+16;
if(j*16+16 > bytesIn.length)
end = bytesIn.length;
byteArray = this.getBlock(bytesIn,start,end,mode);
if (mode == this.modeOfOperation.CFB)
{
if (firstRound)
{
output = this.aes.encrypt(iv, key, size);
firstRound = false;
}
else
output = this.aes.encrypt(input, key, size);
for (var i = 0; i < 16; i++)
ciphertext[i] = byteArray[i] ^ output[i];
for(var k = 0;k < end-start;k++)
cipherOut.push(ciphertext[k]);
input = ciphertext;
}
else if (mode == this.modeOfOperation.OFB)
{
if (firstRound)
{
output = this.aes.encrypt(iv, key, size);
firstRound = false;
}
else
output = this.aes.encrypt(input, key, size);
for (var i = 0; i < 16; i++)
ciphertext[i] = byteArray[i] ^ output[i];
for(var k = 0;k < end-start;k++)
cipherOut.push(ciphertext[k]);
input = output;
}
else if (mode == this.modeOfOperation.CBC)
{
for (var i = 0; i < 16; i++)
input[i] = byteArray[i] ^ ((firstRound) ? iv[i] : ciphertext[i]);
firstRound = false;
ciphertext = this.aes.encrypt(input, key, size);
// always 16 bytes because of the padding for CBC
for(var k = 0;k < 16;k++)
cipherOut.push(ciphertext[k]);
}
}
}
return cipherOut;
},
/*
* Mode of Operation Decryption
* cipherIn - Encrypted String as array of bytes
* originalsize - The unencrypted string length - required for CBC
* mode - mode of type modeOfOperation
* key - a number array of length 'size'
* size - the bit length of the key
* iv - the 128 bit number array Initialization Vector
*/
decrypt:function(cipherIn,mode,key,iv)
{
var size = key.length;
if(iv.length%16)
{
throw 'iv length must be 128 bits.';
}
// the AES input/output
var ciphertext = [];
var input = [];
var output = [];
var byteArray = [];
var bytesOut = [];
// char firstRound
var firstRound = true;
if (cipherIn !== null)
{
for (var j = 0;j < Math.ceil(cipherIn.length/16); j++)
{
var start = j*16;
var end = j*16+16;
if(j*16+16 > cipherIn.length)
end = cipherIn.length;
ciphertext = this.getBlock(cipherIn,start,end,mode);
if (mode == this.modeOfOperation.CFB)
{
if (firstRound)
{
output = this.aes.encrypt(iv, key, size);
firstRound = false;
}
else
output = this.aes.encrypt(input, key, size);
for (i = 0; i < 16; i++)
byteArray[i] = output[i] ^ ciphertext[i];
for(var k = 0;k < end-start;k++)
bytesOut.push(byteArray[k]);
input = ciphertext;
}
else if (mode == this.modeOfOperation.OFB)
{
if (firstRound)
{
output = this.aes.encrypt(iv, key, size);
firstRound = false;
}
else
output = this.aes.encrypt(input, key, size);
for (i = 0; i < 16; i++)
byteArray[i] = output[i] ^ ciphertext[i];
for(var k = 0;k < end-start;k++)
bytesOut.push(byteArray[k]);
input = output;
}
else if(mode == this.modeOfOperation.CBC)
{
output = this.aes.decrypt(ciphertext, key, size);
for (i = 0; i < 16; i++)
byteArray[i] = ((firstRound) ? iv[i] : input[i]) ^ output[i];
firstRound = false;
for(var k = 0;k < end-start;k++)
bytesOut.push(byteArray[k]);
input = ciphertext;
}
}
if(mode == this.modeOfOperation.CBC)
this.unpadBytesOut(bytesOut);
}
return bytesOut;
},
padBytesIn: function(data) {
var len = data.length;
var padByte = 16 - (len % 16);
for (var i = 0; i < padByte; i++) {
data.push(padByte);
}
},
unpadBytesOut: function(data) {
var padCount = 0;
var padByte = -1;
var blockSize = 16;
if(data.length > 16) {
for (var i = data.length - 1; i >= data.length-1 - blockSize; i--) {
if (data[i] <= blockSize) {
if (padByte == -1)
padByte = data[i];
if (data[i] != padByte) {
padCount = 0;
break;
}
padCount++;
} else
break;
if (padCount == padByte) {
break;
}
}
if (padCount > 0) {
data.splice(data.length - padCount, padCount);
}
}
}
/*
* END MODE OF OPERATION SECTION
*/
};
static/vhost/default
-48
View File
@@ -1,48 +0,0 @@
server {
listen 80 default_server;
root /hostdata/default/public_html;
index index.html;
server_name localhost;
# ================================================
# LIMIT CONNECTION FOR IP / IPs WILL BE AUTO BANNED IF YOU HAVE INSTALL IPTABLES/FAIL2BAN
limit_conn max 800;
limit_req zone=one burst=300 nodelay;
# ================================================
# ================================================
# 1. Don't put log files into location / {..} it will not work as you think. Use like this.
# 2. If you change their name or location make sure you also change those https://github.com/theraw/The-World-Is-Yours/blob/master/iptables/jail.local#L105-L118
access_log /hostdata/default/logs/access.log main;
error_log /hostdata/default/logs/error.log;
# ================================================
# ================================================
location / {
SecRulesEnabled;
LearningMode;
DeniedUrl "/denied/";
CheckRule "$SQL >= 8" BLOCK;
CheckRule "$RFI >= 8" BLOCK;
CheckRule "$TRAVERSAL >= 4" BLOCK;
CheckRule "$EVADE >= 4" BLOCK;
CheckRule "$XSS >= 8" BLOCK;
try_files $uri $uri/ =404;
}
# ================================================
location /denied/ {
return 444;
}
# ================================================
location ~ \.php {
try_files $uri /index.php =404;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
# ================================================
}