section-io-gists
section-io-gists
/ gist:721981ee1462fad435ee2d303390f491
Created
April 24, 2016 21:36
ModSecurity Rule Engine Initialization Change from DetectionOnly to On
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # -- Rule engine initialization ---------------------------------------------- | |
| # Enable ModSecurity, attaching it to every transaction. Use detection | |
| # only to start with, because that minimises the chances of post-installation | |
| # disruption. | |
| # | |
| #SecRuleEngine DetectionOnly | |
| SecRuleEngine On |
section-io-gists
/ section.config.json
Created
April 14, 2016 05:57
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "proxychain": [ | |
| { | |
| "name": "varnish", | |
| "image": "varnish:4.0.3" | |
| } | |
| ], | |
| "environments": { | |
| "Production": { | |
| "origin": { |
section-io-gists
/ ISEPureVarnish
Last active
September 23, 2015 04:42
section.io ISE template (for Magento)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This is a basic VCL configuration file for varnish. See the vcl(7) | |
| # man page for details on VCL syntax and semantics. | |
| # | |
| # Default backend definition. Set this to point to your content | |
| # server. | |
| # | |
| backend default { | |
| .host = "next-hop"; | |
| .port = "80"; | |
| .first_byte_timeout = 300s; |
section-io-gists
/ cacheEverything.vcl
Created
September 11, 2015 03:51
Cache both static and dynamic content (Great for sites with no personalisation)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #section.io VCL sample. Copy paste into your section.io account to implement instantly | |
| #vcl_recv - copy this code into the section called sub vcl_recv | |
| #Normalise Accept-Encoding | |
| if (req.http.Accept-Encoding) { | |
| if (req.http.Accept-Encoding ~ "gzip") { | |
| set req.http.Accept-Encoding = "gzip"; | |
| } else if (req.http.Accept-Encoding ~ "deflate") { | |
| set req.http.Accept-Encoding = "deflate"; |
section-io-gists
/ wordpressConfig.vcl
Last active
January 13, 2020 13:50
A full Wordpress Varnish configuration to copy paste into section.io
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Ref: https://www.varnish-software.com/blog/step-step-speed-wordpress-varnish-software | |
| # This is an example VCL file for Varnish. | |
| # | |
| # It does not do anything by default, delegating control to the | |
| # builtin VCL. The builtin VCL is called when there is no explicit | |
| # return statement. | |
| # | |
| # See the VCL chapters in the Users Guide at https://www.varnish-cache.org/docs/ | |
| # and http://varnish-cache.org/trac/wiki/VCLExamples for more examples. |
section-io-gists
/ block_access.vcl
Created
August 14, 2015 02:30
Block access to your site with VCL
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| sub vcl_recv { | |
| if (req.http.User-Agent ~ "(?i)ima-naughty-bot") { | |
| return (synth(403, "Forbidden")); | |
| } | |
| } |
section-io-gists
/ security_headers.vcl
Last active
April 3, 2017 19:40
Send standard HTTPS security headers with VCL
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| sub vcl_deliver { | |
| set resp.http.X-Frame-Options = "SAMEORIGIN"; | |
| set resp.http.X-XSS-Protection = "1; mode=block"; | |
| set resp.http.X-Content-Type-Options = "nosniff"; | |
| set resp.http.Strict-Transport-Security= "max-age=31536000; includeSubDomains"; | |
| set resp.http.Content-Security-Policy-Report-Only = "default-src 'self' ; script-src 'self' r-login.wordpress.com s0.wp.com s1.wp.com s2.wp.com stats.wp.com 0.gravatar.com platform.twitter.com; style-src 'self' s2.wp.com 0.gravatar.com fonts.googleapis.com; img-src 'self' pixel.wp.com 2.gravatar.com ; font-src 'self' data: fonts.gstatic.com; upgrade-insecure-requests; report-uri https://example.report-uri-example.io/report/example-endpoint;"; | |
| unset resp.http.Server; | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| sub vcl_recv { | |
| //Use req.proto instead of req.http.X-Forwarded-Proto if your varnish server isn't behind a load balancer | |
| if ( req.http.X-Forwarded-Proto !~ "(?i)https") { | |
| //The 750 number is arbitrary, you just need a unique number to check for in the vcl_synth sub | |
| return (synth(750, "")); | |
| } | |
| } | |
| sub vcl_synth { | |
| if (resp.status == 750) { |
section-io-gists
/ geoIPLookup.vcl
Created
July 9, 2015 23:21
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #section.io VCL sample. Copy paste into your section.io account to implement instantly | |
| #This code example requires you to use a Varnish version that has the GEO IP vmod installed | |
| #Import vmod to do geoip on requests | |
| import geoip; | |
| #vcl_recv - copy this code into the section called sub vcl_recv | |
| set req.http.X-Country-Code = geoip.country_code(regsub(req.http.X-Forwarded-For, ",.*","")); |
section-io-gists
/ performanceConfig.vcl
Last active
January 27, 2016 03:35
section.io VCL - Performance Config
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #section.io VCL sample. Copy paste into your section.io account to implement instantly | |
| #vcl_recv - copy this code into the section called sub vcl_recv | |
| if (req.http.Accept-Encoding) { | |
| if (req.http.Accept-Encoding ~ "gzip") { | |
| set req.http.Accept-Encoding = "gzip"; | |
| } else if (req.http.Accept-Encoding ~ "deflate") { | |
| set req.http.Accept-Encoding = "deflate"; | |
| } else { | |
| unset req.http.Accept-Encoding; |