49 lines
1.8 KiB
Plaintext
49 lines
1.8 KiB
Plaintext
server {
|
|
listen 80 default_server;
|
|
root /hostdata/default/public_html;
|
|
index index.html;
|
|
server_name localhost;
|
|
|
|
# ================================================
|
|
# LIMIT CONNECTION FOR IP / IPs WILL BE AUTO BANNED IF YOU HAVE INSTALL IPTABLES/FAIL2BAN
|
|
limit_conn max 800;
|
|
limit_req zone=one burst=300 nodelay;
|
|
# ================================================
|
|
|
|
# ================================================
|
|
# 1. Don't put log files into location / {..} it will not work as you think. Use like this.
|
|
# 2. If you change their name or location make sure you also change those https://github.com/theraw/The-World-Is-Yours/blob/master/iptables/jail.local#L105-L118
|
|
access_log /hostdata/default/logs/access.log main;
|
|
error_log /hostdata/default/logs/error.log main;
|
|
# ================================================
|
|
|
|
# ================================================
|
|
location / {
|
|
SecRulesEnabled;
|
|
LearningMode;
|
|
DeniedUrl "/denied/";
|
|
CheckRule "$SQL >= 8" BLOCK;
|
|
CheckRule "$RFI >= 8" BLOCK;
|
|
CheckRule "$TRAVERSAL >= 4" BLOCK;
|
|
CheckRule "$EVADE >= 4" BLOCK;
|
|
CheckRule "$XSS >= 8" BLOCK;
|
|
|
|
try_files $uri $uri/ =404;
|
|
}
|
|
# ================================================
|
|
|
|
location /denied/ {
|
|
return 444;
|
|
}
|
|
|
|
# ================================================
|
|
location ~ \.php {
|
|
try_files $uri /index.php =404;
|
|
fastcgi_pass 127.0.0.1:9000;
|
|
fastcgi_index index.php;
|
|
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
|
include fastcgi_params;
|
|
}
|
|
# ================================================
|
|
}
|