diff --git a/.dev-tools/beta-test-blocker-false-positives.sh b/.dev-tools/beta-test-blocker-false-positives.sh new file mode 100644 index 000000000..e73354a07 --- /dev/null +++ b/.dev-tools/beta-test-blocker-false-positives.sh @@ -0,0 +1,167 @@ +#!/bin/bash +# Curl Testing Script for Nginx Ultimate Bad Bot Blocker +# Created by: Mitchell Krog (mitchellkrog@gmail.com) +# Copyright: Mitchell Krog - https://github.com/mitchellkrogza +# Repo Url: https://github.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker + +############################################################################## +# _ __ _ # +# / |/ /__ _(_)__ __ __ # +# / / _ `/ / _ \\ \ / # +# /_/|_/\_, /_/_//_/_\_\ # +# __/___/ __ ___ __ ___ __ __ # +# / _ )___ ____/ / / _ )___ / /_ / _ )/ /__ ____/ /_____ ____ # +# / _ / _ `/ _ / / _ / _ \/ __/ / _ / / _ \/ __/ '_/ -_) __/ # +# /____/\_,_/\_,_/ /____/\___/\__/ /____/_/\___/\__/_/\_\\__/_/ # +# # +############################################################################## + +# ------------------------------------------------------------------------------ +# MIT License +# ------------------------------------------------------------------------------ +# Copyright (c) 2017 Mitchell Krog - mitchellkrog@gmail.com +# https://github.com/mitchellkrogza +# ------------------------------------------------------------------------------ +# Permission is hereby granted, free of charge, to any person obtaining a copy +# of this software and associated documentation files (the "Software"), to deal +# in the Software without restriction, including without limitation the rights +# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +# copies of the Software, and to permit persons to whom the Software is +# furnished to do so, subject to the following conditions: +# ------------------------------------------------------------------------------ +# The above copyright notice and this permission notice shall be included in all +# copies or substantial portions of the Software. +# ------------------------------------------------------------------------------ +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +# SOFTWARE. +# ------------------------------------------------------------------------------ + +# ------------------------------------------- +# For Testing REGEX and False Positives Cases +# ------------------------------------------- + +# ------------------------ +# Set Terminal Font Colors +# ------------------------ + +bold=$(tput bold) +red=$(tput setaf 1) +green=$(tput setaf 2) +yellow=$(tput setaf 3) +blue=$(tput setaf 4) +magenta=$(tput setaf 5) +cyan=$(tput setaf 6) +white=$(tput setaf 7) +defaultcolor=$(tput setaf default) + +# ----------------------------- +# USER-AGENT ARRAY - MUST MATCH +# ----------------------------- + +UAmustmatch[0]="Titanium" +UAmustmatch[1]="Nutch" + +# --------------------------------- +# USER-AGENT ARRAY - MUST NOT MATCH +# --------------------------------- + +UAmustnotmatch[0]="Titan" +UAmustnotmatch[1]="Nutchers" +UAmustnotmatch[2]="SNutch" + +# --------- +# FUNCTIONS +# --------- + +reloadNginX () { +printf "\n" +echo "${bold}${green}---------------" +echo "${bold}${green}Reloading Nginx" +echo "${bold}${green}---------------" +sudo nginx -t && sudo nginx -s reload +} + +waitforReload () { +echo "${bold}${yellow}-----------------------------------------------------------------------" +echo "${bold}${yellow}Sleeping for 10 seconds to allow Nginx to Properly Reload inside Travis" +echo "${bold}${yellow}-----------------------------------------------------------------------" +printf "\n" +sleep 10s +} + +# ----------------------- +# UA FALSE POSITIVE TESTS +# ----------------------- + +UAtest_mustmatch () { +for mustmatch in "${UAmustmatch[@]}" +do + if + curl -A "${mustmatch}" http://localhost:9000 2>&1 | grep -i '(52)'; then + echo "${bold}${green}PASSED - ${red}${mustmatch} was ${bold}${red}BLOCKED" + else + echo "${bold}${red}FAILED - ${red}${mustmatch} was ${bold}${red}NOT BLOCKED" + #exit 1 + fi +done +} + +UAtest_mustnotmatch () { +for mustnotmatch in "${UAmustnotmatch[@]}" +do + if + curl -A "${mustnotmatch}" http://localhost:9000 2>&1 | grep -i '(52)'; then + echo "${bold}${red}FAILED (FALSE POSITIVE DETECTED) - ${bold}${red}${mustnotmatch}" + #exit 1 + else + echo "${bold}${green}PASSED (FALSE POSITIVE NOT DETECTED) - ${bold}${red}${mustnotmatch}" + fi +done +} + +echo "${bold}${cyan}False Positive Testing Completed" +echo "${bold}${green}All Tests Passed" + +# ------------------------- +# Trigger Functions / Tests +# ------------------------- + +UAtest_mustmatch +UAtest_mustnotmatch + +# ---------------------- +# Exit With Error Number +# ---------------------- + +exit ${?} + +# ------------------------------------------------------------------------------ +# MIT License +# ------------------------------------------------------------------------------ +# Copyright (c) 2017 Mitchell Krog - mitchellkrog@gmail.com +# https://github.com/mitchellkrogza +# ------------------------------------------------------------------------------ +# Permission is hereby granted, free of charge, to any person obtaining a copy +# of this software and associated documentation files (the "Software"), to deal +# in the Software without restriction, including without limitation the rights +# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +# copies of the Software, and to permit persons to whom the Software is +# furnished to do so, subject to the following conditions: +# ------------------------------------------------------------------------------ +# The above copyright notice and this permission notice shall be included in all +# copies or substantial portions of the Software. +# ------------------------------------------------------------------------------ +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +# SOFTWARE. +# ------------------------------------------------------------------------------ + diff --git a/.dev-tools/nginx.conf_versions/nginx-1.17.conf b/.dev-tools/nginx.conf_versions/nginx-1.17.conf new file mode 100644 index 000000000..20c14a40b --- /dev/null +++ b/.dev-tools/nginx.conf_versions/nginx-1.17.conf @@ -0,0 +1,33 @@ + +user nginx; +worker_processes 1; + +error_log /var/log/nginx/error.log warn; +pid /var/run/nginx.pid; + + +events { + worker_connections 1024; +} + + +http { + include /etc/nginx/mime.types; + default_type application/octet-stream; + + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + access_log /var/log/nginx/access.log main; + + sendfile on; + #tcp_nopush on; + + keepalive_timeout 65; + + #gzip on; + + include /etc/nginx/conf.d/*.conf; + +} diff --git a/.dev-tools/nginx.conf_versions/nginx.conf.dpkg-dist-centos-7 b/.dev-tools/nginx.conf_versions/nginx.conf.dpkg-dist-centos-7 new file mode 100644 index 000000000..54dbc626c --- /dev/null +++ b/.dev-tools/nginx.conf_versions/nginx.conf.dpkg-dist-centos-7 @@ -0,0 +1,89 @@ +# For more information on configuration, see: +# * Official English Documentation: http://nginx.org/en/docs/ +# * Official Russian Documentation: http://nginx.org/ru/docs/ + +user nginx; +worker_processes auto; +error_log /var/log/nginx/error.log; +pid /run/nginx.pid; + +# Load dynamic modules. See /usr/share/nginx/README.dynamic. +include /usr/share/nginx/modules/*.conf; + +events { + worker_connections 1024; +} + +http { + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + access_log /var/log/nginx/access.log main; + + sendfile on; + tcp_nopush on; + tcp_nodelay on; + keepalive_timeout 65; + types_hash_max_size 2048; + + include /etc/nginx/mime.types; + default_type application/octet-stream; + + # Load modular configuration files from the /etc/nginx/conf.d directory. + # See http://nginx.org/en/docs/ngx_core_module.html#include + # for more information. + include /etc/nginx/conf.d/*.conf; + + server { + listen 80 default_server; + listen [::]:80 default_server; + server_name _; + root /usr/share/nginx/html; + + # Load configuration files for the default server block. + include /etc/nginx/default.d/*.conf; + + location / { + } + + error_page 404 /404.html; + location = /40x.html { + } + + error_page 500 502 503 504 /50x.html; + location = /50x.html { + } + } + +# Settings for a TLS enabled server. +# +# server { +# listen 443 ssl http2 default_server; +# listen [::]:443 ssl http2 default_server; +# server_name _; +# root /usr/share/nginx/html; +# +# ssl_certificate "/etc/pki/nginx/server.crt"; +# ssl_certificate_key "/etc/pki/nginx/private/server.key"; +# ssl_session_cache shared:SSL:1m; +# ssl_session_timeout 10m; +# ssl_ciphers HIGH:!aNULL:!MD5; +# ssl_prefer_server_ciphers on; +# +# # Load configuration files for the default server block. +# include /etc/nginx/default.d/*.conf; +# +# location / { +# } +# +# error_page 404 /404.html; +# location = /40x.html { +# } +# +# error_page 500 502 503 504 /50x.html; +# location = /50x.html { +# } +# } + +} diff --git a/.dev-tools/nginx.conf_versions/nginx.conf.dpkg-dist-opensuse-leap b/.dev-tools/nginx.conf_versions/nginx.conf.dpkg-dist-opensuse-leap new file mode 100644 index 000000000..d46e0db51 --- /dev/null +++ b/.dev-tools/nginx.conf_versions/nginx.conf.dpkg-dist-opensuse-leap @@ -0,0 +1,136 @@ +#user nginx; +worker_processes 1; + +# load_module lib64/nginx/modules/ngx_http_fancyindex_module.so; +# load_module lib64/nginx/modules/ngx_http_geoip_module.so; +# load_module lib64/nginx/modules/ngx_http_headers_more_filter_module.so; +# load_module lib64/nginx/modules/ngx_http_image_filter_module.so; +# load_module lib64/nginx/modules/ngx_http_perl_module.so; +# load_module lib64/nginx/modules/ngx_http_xslt_filter_module.so; +# load_module lib64/nginx/modules/ngx_mail_module.so; +# load_module lib64/nginx/modules/ngx_rtmp_module.so; +# load_module lib64/nginx/modules/ngx_stream_geoip_module.so; +# load_module lib64/nginx/modules/ngx_stream_module.so; + +#error_log /var/log/nginx/error.log; +#error_log /var/log/nginx/error.log notice; +#error_log /var/log/nginx/error.log info; + +#pid /run/nginx.pid; + + +events { + worker_connections 1024; + use epoll; +} + + +http { + include mime.types; + default_type application/octet-stream; + + #log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + # '$status $body_bytes_sent "$http_referer" ' + # '"$http_user_agent" "$http_x_forwarded_for"'; + + #access_log /var/log/nginx/access.log main; + + sendfile on; + #tcp_nopush on; + + #keepalive_timeout 0; + keepalive_timeout 65; + + #gzip on; + + include conf.d/*.conf; + + server { + listen 80; + server_name localhost; + + #charset koi8-r; + + #access_log /var/log/nginx/host.access.log main; + + location / { + root /srv/www/htdocs/; + index index.html index.htm; + } + + #error_page 404 /404.html; + + # redirect server error pages to the static page /50x.html + # + error_page 500 502 503 504 /50x.html; + location = /50x.html { + root /srv/www/htdocs/; + } + + # proxy the PHP scripts to Apache listening on 127.0.0.1:80 + # + #location ~ \.php$ { + # proxy_pass http://127.0.0.1; + #} + + # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 + # + #location ~ \.php$ { + # root /srv/www/htdocs/; + # fastcgi_pass 127.0.0.1:9000; + # fastcgi_index index.php; + # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; + # include fastcgi_params; + #} + + # deny access to .htaccess files, if Apache's document root + # concurs with nginx's one + # + #location ~ /\.ht { + # deny all; + #} + } + + + # another virtual host using mix of IP-, name-, and port-based configuration + # + #server { + # listen 8000; + # listen somename:8080; + # server_name somename alias another.alias; + + # location / { + # root /srv/www/htdocs/; + # index index.html index.htm; + # } + #} + + + # HTTPS server + # + #server { + # listen 443 ssl; + # server_name localhost; + + # ssl_certificate cert.pem; + # ssl_certificate_key cert.key; + + # Allow TLS version 1.2 only, which is a recommended default these days + # by international information security standards. + # ssl_protocols TLSv1.2; + + # ssl_session_cache shared:SSL:1m; + # ssl_session_timeout 5m; + + # ssl_ciphers HIGH:!aNULL:!MD5; + # ssl_prefer_server_ciphers on; + + # location / { + # root /srv/www/htdocs/; + # index index.html index.htm; + # } + #} + + include vhosts.d/*.conf; + +} \ No newline at end of file diff --git a/.dev-tools/nginx.conf_versions/nginx.conf.dpkg-dist-ubuntu-bionic-beaver b/.dev-tools/nginx.conf_versions/nginx.conf.dpkg-dist-ubuntu-bionic-beaver new file mode 100644 index 000000000..132f680d1 --- /dev/null +++ b/.dev-tools/nginx.conf_versions/nginx.conf.dpkg-dist-ubuntu-bionic-beaver @@ -0,0 +1,85 @@ +user www-data; +worker_processes auto; +pid /run/nginx.pid; +include /etc/nginx/modules-enabled/*.conf; + +events { + worker_connections 768; + # multi_accept on; +} + +http { + + ## + # Basic Settings + ## + + sendfile on; + tcp_nopush on; + tcp_nodelay on; + keepalive_timeout 65; + types_hash_max_size 2048; + # server_tokens off; + + # server_names_hash_bucket_size 64; + # server_name_in_redirect off; + + include /etc/nginx/mime.types; + default_type application/octet-stream; + + ## + # SSL Settings + ## + + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE + ssl_prefer_server_ciphers on; + + ## + # Logging Settings + ## + + access_log /var/log/nginx/access.log; + error_log /var/log/nginx/error.log; + + ## + # Gzip Settings + ## + + gzip on; + + # gzip_vary on; + # gzip_proxied any; + # gzip_comp_level 6; + # gzip_buffers 16 8k; + # gzip_http_version 1.1; + # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript; + + ## + # Virtual Host Configs + ## + + include /etc/nginx/conf.d/*.conf; + include /etc/nginx/sites-enabled/*; +} + + +#mail { +# # See sample authentication script at: +# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript +# +# # auth_http localhost/auth.php; +# # pop3_capabilities "TOP" "USER"; +# # imap_capabilities "IMAP4rev1" "UIDPLUS"; +# +# server { +# listen localhost:110; +# protocol pop3; +# proxy on; +# } +# +# server { +# listen localhost:143; +# protocol imap; +# proxy on; +# } +#} diff --git a/.dev-tools/nginx.conf_versions/nginx.conf.dpkg-dist-ubuntu-xenial b/.dev-tools/nginx.conf_versions/nginx.conf.dpkg-dist-ubuntu-xenial new file mode 100644 index 000000000..132f680d1 --- /dev/null +++ b/.dev-tools/nginx.conf_versions/nginx.conf.dpkg-dist-ubuntu-xenial @@ -0,0 +1,85 @@ +user www-data; +worker_processes auto; +pid /run/nginx.pid; +include /etc/nginx/modules-enabled/*.conf; + +events { + worker_connections 768; + # multi_accept on; +} + +http { + + ## + # Basic Settings + ## + + sendfile on; + tcp_nopush on; + tcp_nodelay on; + keepalive_timeout 65; + types_hash_max_size 2048; + # server_tokens off; + + # server_names_hash_bucket_size 64; + # server_name_in_redirect off; + + include /etc/nginx/mime.types; + default_type application/octet-stream; + + ## + # SSL Settings + ## + + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE + ssl_prefer_server_ciphers on; + + ## + # Logging Settings + ## + + access_log /var/log/nginx/access.log; + error_log /var/log/nginx/error.log; + + ## + # Gzip Settings + ## + + gzip on; + + # gzip_vary on; + # gzip_proxied any; + # gzip_comp_level 6; + # gzip_buffers 16 8k; + # gzip_http_version 1.1; + # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript; + + ## + # Virtual Host Configs + ## + + include /etc/nginx/conf.d/*.conf; + include /etc/nginx/sites-enabled/*; +} + + +#mail { +# # See sample authentication script at: +# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript +# +# # auth_http localhost/auth.php; +# # pop3_capabilities "TOP" "USER"; +# # imap_capabilities "IMAP4rev1" "UIDPLUS"; +# +# server { +# listen localhost:110; +# protocol pop3; +# proxy on; +# } +# +# server { +# listen localhost:143; +# protocol imap; +# proxy on; +# } +#}