D7net
Home
Console
Upload
information
Create File
Create Folder
About
Tools
:
/
opt
/
bitninja-waf
/
etc
/
Filename :
nginx.conf
back
Copy
# v2 # ssl on worker_processes auto; #user bitninja-waf bitninja-waf; include default/waf-user.conf; events { worker_connections 1024; use epoll; } http { server_tokens off; # If we receive X-Forwarded-Proto, pass it through; otherwise, pass along the # scheme used to connect to this server map $http_x_forwarded_proto $proxy_x_forwarded_proto { default $http_x_forwarded_proto; '' $scheme; } # If we receive X-Forwarded-Port, pass it through; otherwise, pass along the # server port the client connected to map $http_x_forwarded_port $proxy_x_forwarded_port { default $http_x_forwarded_port; '' $server_port; } # If we receive Upgrade, set Connection to "upgrade"; otherwise, delete any # Connection header that may have been passed to this server map $http_upgrade $proxy_connection { default upgrade; '' close; } # Apply fix for very long server names server_names_hash_bucket_size 128; proxy_http_version 1.1; map $scheme $proxy_x_forwarded_ssl { default off; https on; } gzip_types text/plain text/css application/javascript application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript; map $server_addr $bind_ip { default $server_addr; "~^[a-fA-F0-9:\[\]]+$" [$server_addr]; } map $server_port $backend_port { default 80; 60300 80; } map $server_port $backend_port_ssl { 60301 443; } map $scheme $backend_proto { default "http"; } map $host $transparent { default 0; } map $transparent $tproxy_x_real_ip { default $remote_addr; 1 ""; } map $transparent $tproxy_add_x_forwarded_for { default $proxy_add_x_forwarded_for; 1 $http_bn_x_forwarded_for; } map $transparent $tproxy_x_forwarded_proto { default $proxy_x_forwarded_proto; 1 $http_bn_x_forwarded_proto; } map $transparent $tproxy_x_forwarded_ssl { default $proxy_x_forwarded_ssl; 1 $http_x_forwarded_ssl; } map $transparent $tproxy_x_forwarded_port { default $proxy_x_forwarded_port; 1 $http_bn_x_forwarded_port; } proxy_read_timeout 300; include default/*_map.conf; proxy_buffering off; proxy_set_header Host $http_host; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $proxy_connection; proxy_set_header X-Real-IP $tproxy_x_real_ip; proxy_set_header X-Forwarded-For $tproxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $tproxy_x_forwarded_proto; proxy_set_header X-Forwarded-Ssl $tproxy_x_forwarded_ssl; proxy_set_header X-Forwarded-Port $tproxy_x_forwarded_port; proxy_set_header BN-X-Forwarded-For ""; proxy_set_header BN-X-Forwarded-Proto ""; proxy_set_header BN-X-Forwarded-Port ""; proxy_set_header BN-Trusted-Proxy ""; proxy_set_header BN-Frontend ""; proxy_set_header BN-TP-Clientip ""; proxy_set_header BN-TP-Dstip ""; proxy_set_header BN-TP-Proto ""; proxy_set_header BN-TP-Dstport ""; proxy_buffer_size 128k; proxy_buffers 4 256k; proxy_busy_buffers_size 256k; # Custom log format added to show requested domains int the logs log_format combined_host '$host $remote_addr - $remote_user [$time_local] ' '"$request" $status $bytes_sent ' '"$http_referer" "$http_user_agent" "client-port [$http_bn_client_port]"'; access_log /var/log/bitninja-waf/access.log combined_host; # Set trusted proxy ips. We thrust in local proxies (bitninja-ssl-termanation and other loadbalancers). real_ip_header X-Forwarded-For; real_ip_recursive on; set_real_ip_from unix:; set_real_ip_from 192.168.0.0/16; set_real_ip_from 172.16.0.0/12; set_real_ip_from 10.0.0.0/8; set_real_ip_from 127.0.0.0/8; set_real_ip_from 122.201.124.49; set_real_ip_from 103.20.200.105; set_real_ip_from 103.20.200.106; set_real_ip_from 103.20.200.107; set_real_ip_from 103.20.200.108; set_real_ip_from 103.20.200.109; set_real_ip_from 103.20.200.110; # Mitigate httpoxy attack (see README for details) proxy_set_header Proxy ""; include /opt/bitninja-waf/etc/BitNinjaProxy/*.conf; include /opt/bitninja-waf/etc/mime.types; error_page 500 502 503 504 @errorz; # Default ModSecurity configuration modsecurity_rules_file /opt/bitninja-waf/etc/default/modsec.conf; # Appling local changes include /opt/bitninja-waf/etc/local_configs/global_*.conf; # IP based proxy settings server { include default/default-locations.conf; location / { # Appling location based local changes include /opt/bitninja-waf/etc/local_configs/6666cd76f9695646_*.conf; modsecurity On; modsecurity_rules_file /opt/bitninja-waf/etc/6666cd76f9695646/modsec.conf; proxy_pass $backend_proto://$backend_dest:$backend_port; } } # Domain base proxy settings server { server_name ~(.*\.)?image80\.com; include default/default-locations.conf; location ~* administrator\/.* { # Appling location based local changes include /opt/bitninja-waf/etc/local_configs/af2fc83dd5b098a6_*.conf; modsecurity On; modsecurity_rules_file /opt/bitninja-waf/etc/af2fc83dd5b098a6/modsec.conf; proxy_pass $backend_proto://$backend_dest:$backend_port; } location ~* .* { # Appling location based local changes include /opt/bitninja-waf/etc/local_configs/6666cd76f9695646_*.conf; modsecurity On; modsecurity_rules_file /opt/bitninja-waf/etc/6666cd76f9695646/modsec.conf; proxy_pass $backend_proto://$backend_dest:$backend_port; } } server { server_name ~.*ahfcomputing\.com\.au; include default/default-locations.conf; location ~* wp-admin\/.* { # Appling location based local changes include /opt/bitninja-waf/etc/local_configs/41532b7812bad44d_*.conf; modsecurity On; modsecurity_rules_file /opt/bitninja-waf/etc/41532b7812bad44d/modsec.conf; proxy_pass $backend_proto://$backend_dest:$backend_port; } location ~* .* { # Appling location based local changes include /opt/bitninja-waf/etc/local_configs/6666cd76f9695646_*.conf; modsecurity On; modsecurity_rules_file /opt/bitninja-waf/etc/6666cd76f9695646/modsec.conf; proxy_pass $backend_proto://$backend_dest:$backend_port; } } server { server_name ~.*socialbullmedia\.com\.au; include default/default-locations.conf; location ~* wp-admin\/.* { # Appling location based local changes include /opt/bitninja-waf/etc/local_configs/21a42a2e9e6ad3be_*.conf; modsecurity On; modsecurity_rules_file /opt/bitninja-waf/etc/21a42a2e9e6ad3be/modsec.conf; proxy_pass $backend_proto://$backend_dest:$backend_port; } location ~* .* { # Appling location based local changes include /opt/bitninja-waf/etc/local_configs/6666cd76f9695646_*.conf; modsecurity On; modsecurity_rules_file /opt/bitninja-waf/etc/6666cd76f9695646/modsec.conf; proxy_pass $backend_proto://$backend_dest:$backend_port; } } }