mwinter
/
unboundedpress
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

adding bot blocker

Browse Source
legacy_v1
mwinter 3 years ago
parent 85992e5b9a
commit b27374d46f
14 changed files with 19041 additions and 0 deletions
Show Stats Download Patch File Download Diff File

2
mysql_gitea/etc/config-file.cnf
Unescape Escape View File

@ -0,0 +1,2 @@
[mysqld]
innodb_file_per_table=1

18
mysql_gitea/init/init_dbs.sql.template
Unescape Escape View File

@ -0,0 +1,18 @@
# create databases
set global innodb_file_format=Barracuda;
set global innodb_large_prefix=on;
CREATE DATABASE IF NOT EXISTS `gitea`;
CREATE DATABASE IF NOT EXISTS `nextcloud`;
# create root user and grant rights
CREATE USER 'username'@'%' IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES ON *.* TO 'username'@'%' WITH GRANT OPTION;
FLUSH PRIVILEGES;
# set character set
use nextcloud;
ALTER DATABASE nextcloud CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci;
# after, be sure to run:
# occ config:system:set mysql.utf8mb4 --type boolean --value="true"
# occ maintenance:repair

92
nginx/bots.d/bad-referrer-words.conf
Unescape Escape View File

@ -0,0 +1,92 @@
# EDIT THIS FILE AS YOU LIKE TO ADD OR REMOVE ANY BAD WORDS YOU WANT TO SCAN FOR ###
# VERSION INFORMATION #
#----------------------
# Version: V4.2019.11
# Updated: 2019-07-05
#----------------------
# VERSION INFORMATION #
##############################################################################
# _ __ _ #
# / |/ /__ _(_)__ __ __ #
# / / _ `/ / _ \\ \ / #
# /_/|_/\_, /_/_//_/_\_\ #
# __/___/ __ ___ __ ___ __ __ #
# / _ )___ ____/ / / _ )___ / /_ / _ )/ /__ ____/ /_____ ____ #
# / _ / _ `/ _ / / _ / _ \/ __/ / _ / / _ \/ __/ '_/ -_) __/ #
# /____/\_,_/\_,_/ /____/\___/\__/ /____/_/\___/\__/_/\_\\__/_/ #
# #
##############################################################################
# This is merely an example and gets auto included as since Version 2.2017.07 introduced on 2017-04-20
# This file must exist on your system or Nginx will fail a reload due to a missing file
# For all intensive purpose you can delete everything inside this file and leave it
# completely blank if you do not want your Nginx Blocker to include scanning for bad words within urls or referrer string
# Only add one entry per line
# -------------------------------
# !!! WARNING WARNING WARNING !!!
# -------------------------------
# ---------------------------------------
# PLEASE BE VERY CAREFUL HOW YOU USE THIS
# ---------------------------------------
# Here is an example of how one supposed bad word can cause your whole site to go down.
# An issue was logged where the users own domain name was specialisteparquet.com
# Because this list contained the word "cialis" it was detected within his domain name causing
# his entire site to go down and not server any assets.
# That one entry would even cause any site containing a word like "specialist" anywhere in any
# of their sites pages to cause them to be blocked and whitelisting your own domain name in the
# whitelist-domains.conf file will not even bypass this, SO BE CAREFUL PLEASE
# Think very carefully before you add any word here
# -----------------------------------------------------------------------------------------
# PLEASE MAKE SURE that you use word regex boundaries to avoid false positive detection !!!
# -----------------------------------------------------------------------------------------
# BY DEFAULT ALL THE EXAMPLES BELOW ARE COMMENTED OUT AND HENCE NOT ENABLED
# As you can see in the examples below the word "adultgalls" is entered with a preceding (?:\b) and an ending (?:\b)
# this makes it now "(?:\b)adultgalls(?:\b)". It is crucial to use the word boundaries regex formatting.
# ---------
# EXAMPLES:
# ---------
# "~*(?:\b)adultgalls(?:\b)" 1;
# "~*(?:\b)amateurxpass(?:\b)" 1;
# "~*(?:\b)bigblackbooty(?:\b)" 1;
# "~*(?:\b)blacktits(?:\b)" 1;
# "~*(?:\b)cookie\-law\-enforcement(?:\b)" 1;
# "~*(?:\b)free\-share\-buttons(?:\b)" 1;
# "~*(?:\b)free\-social\-buttons(?:\b)" 1;
# "~*(?:\b)fuck\-paid\-share\-buttons(?:\b)" 1;
# "~*(?:\b)ilovevitaly(?:\b)" 1;
# "~*(?:\b)law\-enforcement\-bot(?:\b)" 1;
# "~*(?:\b)law\-enforcement\-check(?:\b)" 1;
# "~*(?:\b)share\-buttons\-for\-free(?:\b)" 1;
# "~*(?:\b)webfuck(?:\b)" 1;
# "~*(?:\b)xxxrus(?:\b)" 1;
# "~*(?:\b)zeroredirect(?:\b)" 1;
# "~*(?:\b|)x22(?:\b)" 1; (in this string if your own domain name was sex22.com it would be blocked)
# Here is a list of unsanitary words used in referrer strings - used in various injection attacks
# THE RULES BELOW ARE ENABLED BY DEFAULT
# You can disable this default list by switching the values to 0
"~*(?:\b|)mb_ereg_replace(?:\b|)" 1;
# -----------
# PLEASE NOTE
# -----------
# If you whitelist your own domain in whitelist-domains.conf and your own domain is passed in the referrer string with an attack string it will NOT be blocked.
# --------
# EXAMPLE:
# --------
# This string "http://yourwebsite.com/?s=/index/%5Cthink%5Capp/invokefunction&function=call_user_func_array&vars[0]=file_put_contents&vars[1][]=gqopu.php&vars[1][]=<?php mb_ereg_replace('.*',@$_REQUEST[_], '', 'e');?>$"
# contains the above 'mb_ereg_replace" attack string
# If your domain is whitelisted in whitelist-domains.conf this string will NOT be detected

100
nginx/bots.d/blacklist-ips.conf
Unescape Escape View File

@ -0,0 +1,100 @@
# EDIT THIS FILE AS YOU LIKE TO ADD OR REMOVE ANY BAD IP ADDRESSES OR IP RANGES YOU WANT TO BLOCK ###
# VERSION INFORMATION #
#----------------------
# Version: V4.2019.09
# Updated: 2019-06-28
#----------------------
# VERSION INFORMATION #
##############################################################################
# _ __ _ #
# / |/ /__ _(_)__ __ __ #
# / / _ `/ / _ \\ \ / #
# /_/|_/\_, /_/_//_/_\_\ #
# __/___/ __ ___ __ ___ __ __ #
# / _ )___ ____/ / / _ )___ / /_ / _ )/ /__ ____/ /_____ ____ #
# / _ / _ `/ _ / / _ / _ \/ __/ / _ / / _ \/ __/ '_/ -_) __/ #
# /____/\_,_/\_,_/ /____/\___/\__/ /____/_/\___/\__/_/\_\\__/_/ #
# #
##############################################################################
# This is merely an example and gets auto included as since Version 2.2017.07 introduced on 2017-04-20
# This file must exist on your system or Nginx will fail a reload due to a missing file
# For all intensive purpose you can delete everything inside this file and leave it
# completely blank if you do not want your Nginx Blocker to do any blocking of bad IP's
# Add IP's you want to blacklist below this line, one per line as per example
# Nginx [warn] notices may be reported when you try reload Nginx if you happen to include an
# IP here that may already be included by the blocker with it's daily updates
# NOTE: It is only an Nginx Warning message and will not cause Nginx to fail a reload.
# 111.111.111.111 1;
# -------------------------------------------
# Cyveillance / Qwest Communications / PSINET
# -------------------------------------------
# I am extensively researching this subject - appears to be US government involved
# and also appears to be used by all sorts of law enforcement agencies. For one they
# do not obey robots.txt and continually disguise their User-Agent strings. Time will
# tell if this is all correct or not.
# For now see - https://en.wikipedia.org/wiki/Cyveillance
# IMPORTANT UPDATE ON Cyveillance / Qwest Communications !!!
# **********************************************************
# I have done a lot of research on Cyveillance now and through monitoring my logs I know
# for sure what companies are using them and what they are actually looking for.
# My research has led me to understand that Cyveillance services are used by hundreds
# of companies to help them dicsover theft of copyrighted materials like images, movies
# music and other materials. I personally believe a lot of block lists who originally recommended
# blocking Cyveillance have done so to protect their torrent or p2p sites from being scanned.
# I personally have now unblocked them as image theft is a big problem of mine but if you
# do want to block Cyveillance you can simply modify the entries in the block below from "0" to "1"
# Getty Images is one such company who appears to use Cyveillance to help monitor for copyright theft.
# If you really do want to block them change all the 0's below to 1.
# Use this section at YOUR OWN RISK, you may block some legitimate networks but after many hours of
# Research this is now the completely updated list of all IP ranges IPV4 and IPV6 owned Qwest Communications
# PSINET and Cyveillance
# IMPORTANT NOTE: If you really want to keeps bot and things out of certain parts of your web site
# Rather implement a comlex Google Re-Captcha to reach sections of your sites and for people to be able
# to access download links. Google Re-Captcha with images is too complex for any bot.
38.0.0.0/8 0;
206.2.138.0/23 0;
208.71.164.0/22 0;
4.17.135.32/27 0;
63.144.0.0/13 0;
65.112.0.0/12 0;
65.192.0.0/11 0;
# ---------------
# Berkely Scanner
# ---------------
# The Berkeley University has a scanner testing all over the web sending a complex
# payload an expecting a reply from servers who are infected or who just respond to such
# a payload. The payload looks similar to this
# "$\xC9\xE1\xDC\x9B+\x8F\x1C\xE71\x99\xA8\xDB6\x1E#\xBB\x19#Hx\xA7\xFD\x0F9-"
# and is sometime VERY long. You may have noticed this in your logs.
# I support research projects and all my servers respond with an error to this type of
# string so I do not block them but if you want to block just uncomment the following line
# or email them asking them not to scan your server. They do respond.
# Visit http://169.229.3.91/ for more info
# If you really do want to block them change all the 0 below to 1.
169.229.3.88/29 0;
# ------------
# MY BLACKLIST
# ------------
# 111.111.111.111 1;
# NOTE: If you blacklist your own IP by mistake whitelist-ips.conf will completely over-ride this.
# whitelist-ips.conf will always WIN and over-ride anything here and in the blocker

79
nginx/bots.d/blacklist-user-agents.conf
Unescape Escape View File

@ -0,0 +1,79 @@
# EDIT THIS FILE AS YOU LIKE TO BLACKLIST OR WHITELIST ANY BAD USER-AGENT STRINGS YOU WANT TO SCAN FOR
# ****************************************************************************************************
# THIS IS BOTH YOUR WHITELIST AND BLACKLIST FOR USER-AGENTS
# VERSION INFORMATION #
#----------------------
# Version: V4.2019.08
# Updated: 2019-07-05
#----------------------
# VERSION INFORMATION #
##############################################################################
# _ __ _ #
# / |/ /__ _(_)__ __ __ #
# / / _ `/ / _ \\ \ / #
# /_/|_/\_, /_/_//_/_\_\ #
# __/___/ __ ___ __ ___ __ __ #
# / _ )___ ____/ / / _ )___ / /_ / _ )/ /__ ____/ /_____ ____ #
# / _ / _ `/ _ / / _ / _ \/ __/ / _ / / _ \/ __/ '_/ -_) __/ #
# /____/\_,_/\_,_/ /____/\___/\__/ /____/_/\___/\__/_/\_\\__/_/ #
# #
##############################################################################
# Add One Entry Per Line - List all the extra bad User-Agents you want to permanently block or whitelist.
# This is for User-Agents that are not included in the main list of the bot blocker
# This file must exist on your system or Nginx will fail a reload due to a missing file
# This allows you finer control of keeping certain bots blocked and automatic updates will
# Never be able to remove this custom list of yours
# Please note this include file loads first before any of the already whitelisted User-Agents
# in the bad bot blocker. By loading first in line it over-rides anything below it so for instance
# if you want to block Baidu, Google or Bing for any reason you add them to this file which loads
# first and takes precedence over anything below it. This now allows even finer control over the
# bad bot blocker. Enjoy !!!
# Even though this file is called blacklist-user-agents, as mentioned it can also be used to whitelist user agents
# By adding them below and setting the 3; to 0; this will permanently whitelist the User-Agent.
# Make sure any words that contain special characters are escaped and include word boundaries as per the Regex examples below.
# Example the User-Agent name "someverybaduseragentname1" is entered as "(?:\b)someverybaduseragentname1(?:\b)"
# Example the User-Agent name "some-very-bad-useragentname2" is entered as "(?:\b)some\-very\-bad\-useragentname1(?:\b)"
# the "(?:\b)" and "(?:\b)" are word boundaries which prevents partial matching and false positives.
# BY DEFAULT ALL THE EXAMPLES BELOW ARE COMMENTED OUT AND HENCE NOT ENABLED
# ---------------------
# WHITELISTING EXAMPLES
# ---------------------
# "~*(?:\b)someverygooduseragentname1(?:\b)" 0;
# "~*(?:\b)someverygooduseragentname2(?:\b)" 0;
# "~*(?:\b)some\-very\-good\-useragentname2(?:\b)" 0;
# ---------------------
# BLACKLISTING EXAMPLES
# ---------------------
# "~*(?:\b)someverybaduseragentname1(?:\b)" 3;
# "~*(?:\b)someverybaduseragentname2(?:\b)" 3;
# "~*(?:\b)some\-very\-bad\-useragentname2(?:\b)" 3;
# Here are some default things I block on my own server, these appear in various types of injection attacks
# You can disable them if you have problems or don't agree by switching thir value to 0 or moving them into the whitelist section first and then making their value 0
# ------------
# MY WHITELIST
# ------------
# ------------
# MY BLACKLIST
# ------------
"~*(?:\b)x22(?:\b)" 3;
"~*(?:\b){|}(?:\b)" 3;
"~*(?:\b)mb_ereg_replace(?:\b)" 3;
"~*(?:\b)file_put_contents(?:\b)" 3;

85
nginx/bots.d/blockbots.conf
Unescape Escape View File

@ -0,0 +1,85 @@
# Author/Copyright: Mitchell Krog <mitchellkrog@gmail.com> - https://github.com/mitchellkrogza/
# VERSION INFORMATION #
#----------------------
# Version: V4.2019.04
# Updated: 2019-06-28
#----------------------
# VERSION INFORMATION #
##############################################################################
# _ __ _ #
# / |/ /__ _(_)__ __ __ #
# / / _ `/ / _ \\ \ / #
# /_/|_/\_, /_/_//_/_\_\ #
# __/___/ __ ___ __ ___ __ __ #
# / _ )___ ____/ / / _ )___ / /_ / _ )/ /__ ____/ /_____ ____ #
# / _ / _ `/ _ / / _ / _ \/ __/ / _ / / _ \/ __/ '_/ -_) __/ #
# /____/\_,_/\_,_/ /____/\___/\__/ /____/_/\___/\__/_/\_\\__/_/ #
# #
##############################################################################
# Include this in a vhost file within a server {} block using and include statement like below
# Place it near the top of your server {} block before any location / statements and it will block everywhere on your site.
# server {
# #Config stuff here
# include /etc/nginx/bots.d/blockbots.conf
# include /etc/nginx/bots.d/ddos.conf
# #Other config stuff here
# }
#######################################################################
# -----------------------------------
# OVER-RIDE BLOCKER / SUPER WHITELIST
# -----------------------------------
# In this block you can allow any IP address specified here to over-ride any bad bot or IP blocking of the blocker.
# This is useful for testing or allowing only specific IP's (ie. Internal ranges) to never be blocked.
# More IP's can be added example > "(127.0.0.1)|(192.168.0.1)|(192.168.1.1)"
# If you even blacklisted 127.0.0.1 or your own IP by giving it a value of 1 in any of the includes, this will over-ride that block.
# UNCOMMENT THE NEXT 4 LINES TO ACTIVATE THE SUPER WHITELIST
#if ($remote_addr ~ "(127.0.0.1)|(192.168.0.1)" ) {
#set $bad_bot '0'; #Uncommenting this line will disable bad_bots functionality for specified IP(s)
#set $validate_client '0'; #Uncommenting this line will disable validate_client ip blocking functionality for specified IP(s)
#}
# --------------
# BLOCK BAD BOTS
# --------------
# Section bot_1 Unused
#limit_conn bot1_connlimit 100;
#limit_req zone=bot1_reqlimitip burst=50;
limit_conn bot2_connlimit 10;
limit_req zone=bot2_reqlimitip burst=10;
if ($bad_bot = '3') {
return 444; # << Response Code Issued May Be Modified to Whatever you Choose ie. 404 but 444 wastes less of Nginxs time
}
# ---------------------
# BLOCK BAD REFER WORDS
# ---------------------
if ($bad_words) {
return 444; # << Response Code Issued May Be Modified to Whatever you Choose ie. 404 but 444 wastes less of Nginxs time
}
# ------------------
# BLOCK BAD REFERERS
# ------------------
if ($bad_referer) {
return 444; # << Response Code Issued May Be Modified to Whatever you Choose ie. 404 but 444 wastes less of Nginxs time
}
# -----------------------------
# BLOCK IP ADDRESSES and RANGES
# -----------------------------
if ($validate_client) {
return 444; # << Response Code Issued May Be Modified to Whatever you Choose ie. 404 but 444 wastes less of Nginxs time
}

62
nginx/bots.d/custom-bad-referrers.conf
Unescape Escape View File

@ -0,0 +1,62 @@
# EDIT THIS FILE AS YOU LIKE TO ADD ANY ADDITIONAL BAD REFERRER DOMAINS YOU WANT TO SCAN FOR ###
# THIS IS BOTH YOUR WHITELIST AND BLACKLIST FOR REFERRERS and DOMAINS
# VERSION INFORMATION #
#----------------------
# Version: V4.2019.09
# Updated: 2019-07-05
#----------------------
# VERSION INFORMATION #
##############################################################################
# _ __ _ #
# / |/ /__ _(_)__ __ __ #
# / / _ `/ / _ \\ \ / #
# /_/|_/\_, /_/_//_/_\_\ #
# __/___/ __ ___ __ ___ __ __ #
# / _ )___ ____/ / / _ )___ / /_ / _ )/ /__ ____/ /_____ ____ #
# / _ / _ `/ _ / / _ / _ \/ __/ / _ / / _ \/ __/ '_/ -_) __/ #
# /____/\_,_/\_,_/ /____/\___/\__/ /____/_/\___/\__/_/\_\\__/_/ #
# #
##############################################################################
# This is merely an example and gets auto included as since Version 2.2017.07 introduced on 2017-04-20
# This file must exist on your system or Nginx will fail a reload due to a missing file
# Only add one entry per line
# Make sure any domains have dots and special characters escaped as per the Regex examples below.
# For example some-veryvery-randomwebsitename-thatdoesnotexist4.com should be entered as
# some\-veryvery\-randomwebsitename\-thatdoesnotexist4\.com
# *****************************************************************************************
# PLEASE MAKE SURE that you use word regex boundaries to avoid false positive detection !!!
# *****************************************************************************************
# As you can see in the examples below the domain "someveryveryrandomwebsitenamethatdoesnotexist1\.com"
# is entered with a preceding (?:\b) and an ending (?:\b)
# this makes it now "(?:\b)someveryveryrandomwebsitenamethatdoesnotexist1\.com(?:\b)".
# It is crucial to use the word boundaries regex formatting.
# ---------
# EXAMPLES:
# ---------
# BY DEFAULT ALL THE EXAMPLES BELOW ARE COMMENTED OUT AND HENCE NOT ENABLED
# "~*(?:\b)someveryveryrandomwebsitenamethatdoesnotexist1\.com(?:\b)" 1;
# "~*(?:\b)someveryveryrandomwebsitenamethatdoesnotexist2\.com(?:\b)" 1;
# "~*(?:\b)someveryveryrandomwebsitenamethatdoesnotexist3\.com(?:\b)" 1;
# "~*(?:\b)some\-veryvery\-randomweb\-sitenamethatdoesnotexist4\.com(?:\b)" 1;
# ------------
# MY WHITELIST
# ------------
# "~*(?:\b)mywebsite\.com(?:\b)" 0;
# ------------
# MY BLACKLIST
# ------------
# "~*(?:\b)someotherwebsite\.com(?:\b)" 1;

36
nginx/bots.d/ddos.conf
Unescape Escape View File

@ -0,0 +1,36 @@
#######################################################################
### VERSION INFORMATION #
###################################################
### Version: V4.2019.02
### Updated: 2019-06-24
###################################################
### VERSION INFORMATION ##
##############################################################################
# _ __ _ #
# / |/ /__ _(_)__ __ __ #
# / / _ `/ / _ \\ \ / #
# /_/|_/\_, /_/_//_/_\_\ #
# __/___/ __ ___ __ ___ __ __ #
# / _ )___ ____/ / / _ )___ / /_ / _ )/ /__ ____/ /_____ ____ #
# / _ / _ `/ _ / / _ / _ \/ __/ / _ / / _ \/ __/ '_/ -_) __/ #
# /____/\_,_/\_,_/ /____/\___/\__/ /____/_/\___/\__/_/\_\\__/_/ #
# #
##############################################################################
# Author: Mitchell Krog <mitchellkrog@gmail.com> - https://github.com/mitchellkrogza/
# Include this in a vhost file within a server {} block using and include statement like below
# server {
# #Config stuff here
# include /etc/nginx/bots.d/blockbots.conf
# include /etc/nginx/bots.d/ddos.conf
# #Other config stuff here
# }
#######################################################################
limit_conn addr 200;
limit_req zone=flood burst=200 nodelay;

57
nginx/bots.d/whitelist-domains.conf
Unescape Escape View File

@ -0,0 +1,57 @@
# EDIT THIS FILE AS YOU LIKE TO WHITELIST YOUR OWN DOMAIN NAMES AND SPARE THEM FROM ANY REFERRER CHECKING ###
# VERSION INFORMATION #
#----------------------
# Version: V4.2019.08
# Updated: 2019-07-05
#----------------------
# VERSION INFORMATION #
##############################################################################
# _ __ _ #
# / |/ /__ _(_)__ __ __ #
# / / _ `/ / _ \\ \ / #
# /_/|_/\_, /_/_//_/_\_\ #
# __/___/ __ ___ __ ___ __ __ #
# / _ )___ ____/ / / _ )___ / /_ / _ )/ /__ ____/ /_____ ____ #
# / _ / _ `/ _ / / _ / _ \/ __/ / _ / / _ \/ __/ '_/ -_) __/ #
# /____/\_,_/\_,_/ /____/\___/\__/ /____/_/\___/\__/_/\_\\__/_/ #
# #
##############################################################################
# Add One Entry Per Line - List all your own domains of the sites you host on the server
# This file must exist on your system or Nginx will fail a reload due to a missing file
# Automatic updates will never be able to remove this custom list of yours
# Add One Entry Per Line
# Make sure any domains have dots and special characters escaped as per the Regex examples below.
# For example myfirstowndomainname.com should be entered as myfirstowndomainname\.com
# and my-second-owndomainname.com should be entered as my\-second\-owndomainname\.com
# *****************************************************************************************
# PLEASE MAKE SURE that you use word regex boundaries to avoid false positive detection !!!
# *****************************************************************************************
# As you can see in the examples below the domain "myfirstowndomainname\.com" is entered with a preceding (?:\b) and an ending (?:\b)
# this makes it now "(?:\b)myfirstowndomainname\.com(?:\b)". It is important to use the word boundaries regex formatting.
# BY DEFAULT ALL THE EXAMPLES BELOW ARE COMMENTED OUT AND HENCE NOT ENABLED
# ---------
# EXAMPLES:
# ---------
# "~*(?:\b)myfirstowndomainname\.com(?:\b)" 0;
# "~*(?:\b)my\-second\-owndomainname\.com(?:\b)" 0;
# ------------
# MY WHITELIST
# ------------
# NOTE: This file can also blacklist by giving something a value of 1
# but rather please do your blacklisting in the custom-bad-referrers.conf include file.
# NOTE: If you whitelist your own domain here, any words in bad-referrer-words.conf will not be effective if the attacker passes your own domain name in the referrer string.
# SEE NOTES: in bad-referrer-words.conf

47
nginx/bots.d/whitelist-ips.conf
Unescape Escape View File

@ -0,0 +1,47 @@
# EDIT THIS FILE AS YOU LIKE TO WHITELIST ALL YOUR IP ADDRESSES AND IP RANGES ###
# VERSION INFORMATION #
#----------------------
# Version: V4.2019.05
# Updated: 2019-06-28
#----------------------
# VERSION INFORMATION #
##############################################################################
# _ __ _ #
# / |/ /__ _(_)__ __ __ #
# / / _ `/ / _ \\ \ / #
# /_/|_/\_, /_/_//_/_\_\ #
# __/___/ __ ___ __ ___ __ __ #
# / _ )___ ____/ / / _ )___ / /_ / _ )/ /__ ____/ /_____ ____ #
# / _ / _ `/ _ / / _ / _ \/ __/ / _ / / _ \/ __/ '_/ -_) __/ #
# /____/\_,_/\_,_/ /____/\___/\__/ /____/_/\___/\__/_/\_\\__/_/ #
# #
##############################################################################
# Add One Entry Per Line - List all your IP's and IP Ranges you want to whitelist
# This file must exist on your system or Nginx will fail a reload due to a missing file
# Automatic updates will never be able to remove this custom list of yours
# Add One Entry Per Line as per the example
# Only add actual IP addresses and ranges here
# BY DEFAULT ALL THE EXAMPLES BELOW ARE COMMENTED OUT AND HENCE NOT ENABLED
# REFRAIN FROM USING 127.0.0.1 AS IT MAY CAUSE UNDESIRABLE RESULTS ON SOME SYSTEMS
# ---------
# EXAMPLES:
# ---------
# 111.111.111.111 0;
# ------------
# MY WHITELIST
# ------------
# ------
# NOTES:
# ------
# - This file rules over any other other parts of the IP blocking.
# - If you blacklisted your own IP in blacklist-ips.conf whitelisting it here will over-ride the blacklisting.
# - Whitelisting IP's and RANGES here ONLY affects the IP blocking functions.
# - This file will NOT allow your own IP to bypass bad User-Agent or Referrer String checks.
# - To bypass everything for a certain IP see notes in blockbots.conf on SUPER WHITELIST

31
nginx/conf.d/botblocker-nginx-settings.conf
Unescape Escape View File

@ -0,0 +1,31 @@
##############################################################################
# _ __ _ #
# / |/ /__ _(_)__ __ __ #
# / / _ `/ / _ \\ \ / #
# /_/|_/\_, /_/_//_/_\_\ #
# __/___/ __ ___ __ ___ __ __ #
# / _ )___ ____/ / / _ )___ / /_ / _ )/ /__ ____/ /_____ ____ #
# / _ / _ `/ _ / / _ / _ \/ __/ / _ / / _ \/ __/ '_/ -_) __/ #
# /____/\_,_/\_,_/ /____/\___/\__/ /____/_/\___/\__/_/\_\\__/_/ #
# #
##############################################################################
# Version 1.1
# ! new directives also to be added to include_filelist.txt ! #
#server_names_hash_bucket_size 256;
#server_names_hash_max_size 4096;
variables_hash_max_size 4096;
variables_hash_bucket_size 4096;
limit_req_zone $binary_remote_addr zone=flood:50m rate=90r/s;
limit_conn_zone $binary_remote_addr zone=addr:50m;
# ****************************************************************************
# NOTE: IF you are using a system like Nginx-Proxy from @JWilder
# ****************************************************************************
# Repo URL: https://github.com/jwilder/nginx-proxy
# You will need to comment out the first line here as follows.
# #server_names_hash_bucket_size 128;
# You will also need to modify the nginx.tmpl file to add the default include
# include /etc/nginx/conf.d/*
# ****************************************************************************

18427
nginx/conf.d/globalblacklist.conf
View File

File diff suppressed because it is too large Load Diff

4
nginx/vhost.d/default
Unescape Escape View File

@ -1,6 +1,10 @@
include /etc/nginx/bots.d/ddos.conf;
include /etc/nginx/bots.d/blockbots.conf;
## Start of configuration add by letsencrypt container ## Start of configuration add by letsencrypt container
location ^~ /.well-known/acme-challenge/ { location ^~ /.well-known/acme-challenge/ {
auth_basic off; auth_basic off;
auth_request off;
allow all; allow all;
root /usr/share/nginx/html; root /usr/share/nginx/html;
try_files $uri =404; try_files $uri =404;

1
nginx/vhost.d/gitea.unboundedpress.org
Unescape Escape View File

@ -1,6 +1,7 @@
## Start of configuration add by letsencrypt container ## Start of configuration add by letsencrypt container
location ^~ /.well-known/acme-challenge/ { location ^~ /.well-known/acme-challenge/ {
auth_basic off; auth_basic off;
auth_request off;
allow all; allow all;
root /usr/share/nginx/html; root /usr/share/nginx/html;
try_files $uri =404; try_files $uri =404;

Write Preview
Loading…
Cancel
Save