mirror of
https://github.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker.git
synced 2025-09-03 02:59:57 +00:00
03d91fea48
This example includes a modified /utilities/https_vhosts.php file which will do the includes for you on any vhosts you create using Enginetron. Please use this example ONLY as a guide.
150 lines
4.5 KiB
Text
Executable file
150 lines
4.5 KiB
Text
Executable file
# /**
|
|
# * @version 1.8.3
|
|
# * @package Engintron for cPanel/WHM
|
|
# * @author Fotis Evangelou
|
|
# * @url https://engintron.com
|
|
# * @copyright Copyright (c) 2010 - 2017 Nuevvo Webware P.C. All rights reserved.
|
|
# * @license GNU/GPL license: https://www.gnu.org/copyleft/gpl.html
|
|
# */
|
|
|
|
server {
|
|
|
|
listen 80 default_server;
|
|
#listen [::]:80 ipv6only=on;
|
|
|
|
server_name localhost;
|
|
|
|
# deny all; # DO NOT REMOVE OR CHANGE THIS LINE - Used when Engintron is disabled to block Nginx from becoming an open proxy
|
|
|
|
# Initialize important variables
|
|
set $CACHE_BYPASS_FOR_DYNAMIC 0;
|
|
set $CACHE_BYPASS_FOR_STATIC 0;
|
|
set $PROXY_DOMAIN_OR_IP $host;
|
|
set $PROXY_TO_PORT 8080;
|
|
set $SITE_URI "$host$request_uri";
|
|
|
|
# Generic query string to request a page bypassing Nginx's caching entirely for both dynamic & static content
|
|
if ($query_string ~* "nocache") {
|
|
set $CACHE_BYPASS_FOR_DYNAMIC 1;
|
|
set $CACHE_BYPASS_FOR_STATIC 1;
|
|
}
|
|
|
|
# Proxy requests to "localhost"
|
|
if ($host ~* "localhost") {
|
|
set $PROXY_DOMAIN_OR_IP "127.0.0.1";
|
|
}
|
|
|
|
# Proxy cPanel specific subdomains
|
|
if ($host ~* "^webmail\.") {
|
|
set $PROXY_DOMAIN_OR_IP "127.0.0.1";
|
|
set $PROXY_TO_PORT 2095;
|
|
}
|
|
if ($host ~* "^cpanel\.") {
|
|
set $PROXY_DOMAIN_OR_IP "127.0.0.1";
|
|
set $PROXY_TO_PORT 2082;
|
|
}
|
|
if ($host ~* "^whm\.") {
|
|
set $PROXY_DOMAIN_OR_IP "127.0.0.1";
|
|
set $PROXY_TO_PORT 2086;
|
|
}
|
|
if ($host ~* "^webdisk\.") {
|
|
set $PROXY_DOMAIN_OR_IP "127.0.0.1";
|
|
set $PROXY_TO_PORT 2077;
|
|
}
|
|
if ($host ~* "^(cpcalendars|cpcontacts)\.") {
|
|
set $PROXY_DOMAIN_OR_IP "127.0.0.1";
|
|
set $PROXY_TO_PORT 2079;
|
|
}
|
|
|
|
# Set custom rules like domain/IP exclusions or redirects here
|
|
include custom_rules;
|
|
# Includes for Nginx Bad Bot Blocker
|
|
include /etc/nginx/bots.d/blockbots.conf;
|
|
include /etc/nginx/bots.d/ddos.conf;
|
|
|
|
location / {
|
|
try_files $uri $uri/ @backend;
|
|
}
|
|
|
|
location @backend {
|
|
include proxy_params_common;
|
|
# === MICRO CACHING ===
|
|
# Comment the following line to disable 1 second micro-caching for dynamic HTML content
|
|
include proxy_params_dynamic;
|
|
}
|
|
|
|
# Enable browser cache for static content files (TTL is 1 hour)
|
|
location ~* \.(?:json|xml|rss|atom)$ {
|
|
include proxy_params_common;
|
|
include proxy_params_static;
|
|
expires 1h;
|
|
}
|
|
|
|
# Enable browser cache for CSS / JS (TTL is 30 days)
|
|
location ~* \.(?:css|js)$ {
|
|
include proxy_params_common;
|
|
include proxy_params_static;
|
|
expires 30d;
|
|
}
|
|
|
|
# Enable browser cache for images (TTL is 60 days)
|
|
location ~* \.(?:ico|jpg|jpeg|gif|png|webp)$ {
|
|
include proxy_params_common;
|
|
include proxy_params_static;
|
|
expires 60d;
|
|
}
|
|
|
|
# Enable browser cache for archives, documents & media files (TTL is 60 days)
|
|
location ~* \.(?:3gp|7z|avi|bmp|bz2|csv|divx|doc|docx|eot|exe|flac|flv|gz|less|mid|midi|mka|mkv|mov|mp3|mp4|mpeg|mpg|odp|ods|odt|ogg|ogm|ogv|opus|pdf|ppt|pptx|rar|rtf|swf|tar|tbz|tgz|tiff|txz|wav|webm|wma|wmv|xls|xlsx|xz|zip)$ {
|
|
set $CACHE_BYPASS_FOR_STATIC 1;
|
|
include proxy_params_common;
|
|
include proxy_params_static;
|
|
expires 60d;
|
|
}
|
|
|
|
# Enable browser cache for fonts & fix @font-face cross-domain restriction (TTL is 60 days)
|
|
location ~* \.(eot|ttf|otf|woff|woff2|svg|svgz)$ {
|
|
include proxy_params_common;
|
|
include proxy_params_static;
|
|
expires 60d;
|
|
add_header Access-Control-Allow-Origin *;
|
|
}
|
|
|
|
# Prevent logging of favicon and robot request errors
|
|
location = /favicon.ico {
|
|
include proxy_params_common;
|
|
include proxy_params_static;
|
|
expires 60d;
|
|
log_not_found off;
|
|
}
|
|
|
|
location = /robots.txt {
|
|
include proxy_params_common;
|
|
include proxy_params_static;
|
|
expires 1d;
|
|
log_not_found off;
|
|
}
|
|
|
|
location = /nginx_status {
|
|
stub_status;
|
|
access_log off;
|
|
log_not_found off;
|
|
# Uncomment the following 2 lines to make the Nginx status page private.
|
|
# If you do this and you have Munin installed, graphs for Nginx will stop working.
|
|
#allow 127.0.0.1;
|
|
#deny all;
|
|
}
|
|
|
|
location = /whm-server-status {
|
|
proxy_pass http://127.0.0.1:8080;
|
|
# Comment the following 2 lines to make the Apache status page public
|
|
allow 127.0.0.1;
|
|
deny all;
|
|
}
|
|
|
|
# Deny access to files like .htaccess or .htpasswd
|
|
location ~ /\.ht {
|
|
deny all;
|
|
}
|
|
|
|
}
|