armamini · June 16, 2024 09:06
diff --git a/nx.conf b/nx.conf
 http {
    limit_conn_zone $binary_remote_addr zone=conn_limit_per_ip:10m;
    # Define a zone to track requests from each IP
    limit_req_zone $binary_remote_addr zone=req_limit_per_ip:10m rate=10r/s;
    server {
        listen 80;
        server_name example.com;
        # Rate limit requests
        limit_req zone=req_limit_per_ip burst=20;
        # Limit maximum number of connections from a single IP
        limit_conn conn_limit_per_ip 20;
        # Deny requests with large request bodies to mitigate against some types of attacks
        client_body_buffer_size 1k;
        client_header_buffer_size 1k;
        client_max_body_size 1k;
        large_client_header_buffers 2 1k;
        # Enable Gzip compression to save bandwidth
        gzip on;
        gzip_comp_level 5;
        gzip_min_length 256;
        gzip_proxied any;
        gzip_vary on;
        # Add security headers to enhance security
        add_header X-Content-Type-Options "nosniff";
        add_header X-XSS-Protection "1; mode=block";
        add_header X-Frame-Options "SAMEORIGIN";
        add_header Referrer-Policy "same-origin";
        add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
        # Block common vulnerable User-Agents
        if ($http_user_agent ~* (wget|curl) ) {
            return 403;
        }
        # Block access to hidden files
        location ~ /\. {
            deny all;
        }
        # Block access to certain file types
        location ~* \.(engine|inc|info|install|make|module|profile|test|po|sh|.*sql|theme|tpl(\.php)?|xtmpl)$|^(\..*|Entries.*|Repository|Root|Tag|Template)$|^#.*#$|\.php_ {
            deny all;
            return 403;
        }
        # Whitelist your IP for administrative access
        location /admin {
            allow your_admin_ip;
            deny all;
        }
        # Deny access to certain directories
        location ~ /(system|vendor) {
            deny all;
            return 403;
        }
        # Proxy pass requests to your application server
        location / {
            proxy_pass http://your_backend_server;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
        }
    }
 }
	http {
	limit_conn_zone $binary_remote_addr zone=conn_limit_per_ip:10m;
	# Define a zone to track requests from each IP
	limit_req_zone $binary_remote_addr zone=req_limit_per_ip:10m rate=10r/s;
	server {
	listen 80;
	server_name example.com;
	# Rate limit requests
	limit_req zone=req_limit_per_ip burst=20;
	# Limit maximum number of connections from a single IP
	limit_conn conn_limit_per_ip 20;
	# Deny requests with large request bodies to mitigate against some types of attacks
	client_body_buffer_size 1k;
	client_header_buffer_size 1k;
	client_max_body_size 1k;
	large_client_header_buffers 2 1k;
	# Enable Gzip compression to save bandwidth
	gzip on;
	gzip_comp_level 5;
	gzip_min_length 256;
	gzip_proxied any;
	gzip_vary on;
	# Add security headers to enhance security
	add_header X-Content-Type-Options "nosniff";
	add_header X-XSS-Protection "1; mode=block";
	add_header X-Frame-Options "SAMEORIGIN";
	add_header Referrer-Policy "same-origin";
	add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
	# Block common vulnerable User-Agents
	if ($http_user_agent ~* (wget\|curl) ) {
	return 403;
	}
	# Block access to hidden files
	location ~ /\. {
	deny all;
	}
	# Block access to certain file types
	location ~* \.(engine\|inc\|info\|install\|make\|module\|profile\|test\|po\|sh\|.sql\|theme\|tpl(\.php)?\|xtmpl)$\|^(\..\|Entries.\|Repository\|Root\|Tag\|Template)$\|^#.#$\|\.php_ {
	deny all;
	return 403;
	}
	# Whitelist your IP for administrative access
	location /admin {
	allow your_admin_ip;
	deny all;
	}
	# Deny access to certain directories
	location ~ /(system\|vendor) {
	deny all;
	return 403;
	}
	# Proxy pass requests to your application server
	location / {
	proxy_pass http://your_backend_server;
	proxy_set_header Host $host;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header X-Forwarded-Proto $scheme;
	}
	}
	}
No results found