the best security conf for nginx
# @author: @ricardo090489
# works in nginx/1.13.4 - OpenSSL 1.0.1t
# don't send the nginx version number in error pages and Server header
server_tokens off;
felipepodesta
/ .gitconfig
Created
January 6, 2022 12:28
— forked from rbf/.gitconfig
Useful configuration file for git including common aliases — **THIS GIST IS UNMAINTAINED AND ITS CONTENTS HAS BEEN MOVED TO THE FOLLOWING REPO** https://github.com/rbf/dotfiles/blob/master/git/.gitconfig
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ################################################################################### | |
| # THIS GIST IS UNMAINTAINED AND ITS CONTENTS HAS BEEN MOVED TO THE FOLLOWING REPO # | |
| # https://github.com/rbf/dotfiles/blob/master/git/.gitconfig # | |
| ################################################################################### | |
| # The MIT License (MIT) | |
| # | |
| # Copyright (c) 2012-2018 https://gist.github.com/rbf | |
| # | |
| # Permission is hereby granted, free of charge, to any person obtaining a copy of |
felipepodesta
/ nginx_security.md
Created
January 3, 2022 16:31
— forked from sitemapxml/nginx_security.md
Nginx Security Headers
felipepodesta
/ detect_cloud_platform.yml
Created
December 22, 2021 14:49
— forked from ColOfAbRiX/detect_cloud_platform.yml
Ansible gist to detect the cloud platform on which a VM is running
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| # | |
| # Detects the cloud provider on which the VM is running and sets accordingly the | |
| # following variables: | |
| # cloud_platform_is_aws=true when on AWS, false otherwise | |
| # cloud_platform_is_gcp=true when on GCP, false otherwise | |
| # cloud_platform_is_azure=true when on Azure, false otherwise | |
| # cloud_platform_name: | |
| # - 'azure' when on Azure | |
| # - 'aws' when on AWS |
felipepodesta
/ gist:7bc5f3aafd97e72ad8e60c4288aac1e7
Created
December 21, 2021 21:00
— forked from ybom/gist:55647540174d2bc983757a634505413f
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| class Rack::Attack | |
| # `Rack::Attack` is configured to use the `Rails.cache` value by default, | |
| # but you can override that by setting the `Rack::Attack.cache.store` value | |
| Rack::Attack.cache.store = ActiveSupport::Cache::MemoryStore.new | |
| # Always allow requests from localhost | |
| # (blocklist & throttles are skipped) | |
| Rack::Attack.safelist('allow from localhost') do |req| | |
| '127.0.0.1' == req.ip || '::1' == req.ip |
felipepodesta
/ config>initializers>rack_attack.rb
Created
December 21, 2021 20:45
— forked from shimadama/config>initializers>rack_attack.rb
悪意のあるQueryStringを含むリクエストをrack_attackで防御
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # frozen_string_literal: true | |
| class Rack::Attack | |
| class Request < ::Rack::Request | |
| def remote_ip | |
| @remote_ip ||= (env['HTTP_CF_CONNECTING_IP'] || env['action_dispatch.remote_ip'] || ip).to_s | |
| end | |
| def allowed_ip? |
felipepodesta
/ app_config.rb
Created
December 21, 2021 20:45
— forked from czj/app_config.rb
Sample Rack::Attack configuration file
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| class AppConfig | |
| class << self | |
| # Lookup via | |
| # https://www.ultratools.com/tools/ipWhoisLookupResult | |
| # https://www.whatismyip.com/ip-whois-lookup/ | |
| BLOCKED_IPS = Set.new( | |
| [ | |
| "6.5.4.3", | |
| "5.4.3.2", | |
| "4.3.2.1", |
felipepodesta
/ TLSSLed_v1.3.sh
Created
December 9, 2021 19:06
— forked from thikade/TLSSLed_v1.3.sh
SSL/TLS Debugging tools & cheatsheet
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| # | |
| #### Source: http://www.taddong.com/tools/TLSSLed_v1.3.sh | |
| # | |
| # | |
| # Tool: | |
| # TLSSLed.sh | |
| # | |
| # Description: | |
| # Script to extract the most relevant security details from a |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Testing connection to remote host | |
| echo | openssl s_client -connect google.com:443 -showcerts | |
| # Testing connection to remote host (with SNI support) | |
| echo | openssl s_client -showcerts -servername google.com -connect google.com:443 | |
| # Testing connection to remote host with specific ssl version | |
| openssl s_client -tls1_2 -connect google.com:443 | |
| # Testing connection to remote host with specific ssl cipher |
felipepodesta
/ git-multi-status.sh
Created
November 29, 2021 03:48
— forked from aroberts/git-multi-status.sh
Script for checking git status of many git repositories
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # usage: $0 source_dir [source_dir] ... | |
| # where source_dir args are directories containing git repositories | |
| red="\033[00;31m" | |
| green="\033[00;32m" | |
| yellow="\033[00;33m" | |
| blue="\033[00;34m" | |
| purple="\033[00;35m" |
felipepodesta
/ nvmCommands.js
Created
November 23, 2021 14:34
— forked from chranderson/nvmCommands.js
Useful NVM commands
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // check version | |
| node -v || node --version | |
| // list installed versions of node (via nvm) | |
| nvm ls | |
| // install specific version of node | |
| nvm install 6.9.2 | |
| // set default version of node |