Hello,
First thank you for such a great set of tools. I’m using iThemes Security plugin and I notice it wants to write rules and settings to /var/www/[site name]/htdocs/nginx.conf - the plugin is nginx aware.
As a newcomer to ee engine and nginx; am I correct in that this location per an ee install is NOT picked up or referenced in the site’s virtual config?
Note, this is a ee engine --wpfc install. The sites-enabled file has no directive for /var/www/[site name]/htdocs/nginx.conf
Thank you!
Hi Harshad Yeola,
Here’s the contents. Note, I understand the W3TC section is probably not per the recommended set-up or pre-installed W3TC, but as I’m using Genesis Framework I have W3TC Pro to also enable transient / fragment cache and am using memcached for that.
# BEGIN Ban Users
# Begin HackRepair.com Blacklist
if ($http_user_agent ~* "^[Ww]eb[Bb]andit"){ return 403; }
if ($http_user_agent ~* "^binlar"){ return 403; }
if ($http_user_agent ~* "^BlackWidow"){ return 403; }
if ($http_user_agent ~ "^Bolt"){ return 403; }
if ($http_user_agent ~* "^casper"){ return 403; }
if ($http_user_agent ~* "^ChinaClaw"){ return 403; }
if ($http_user_agent ~* "^cmsworldmap"){ return 403; }
if ($http_user_agent ~* "^comodo"){ return 403; }
if ($http_user_agent ~* "^Custo"){ return 403; }
if ($http_user_agent ~ "^Default"){ return 403; }
if ($http_user_agent ~* "^diavol"){ return 403; }
if ($http_user_agent ~* "^DIIbot"){ return 403; }
if ($http_user_agent ~* "^DISCo"){ return 403; }
if ($http_user_agent ~* "^dotbot"){ return 403; }
if ($http_user_agent ~* "^eCatch"){ return 403; }
if ($http_user_agent ~* "^EirGrabber"){ return 403; }
if ($http_user_agent ~* "^EmailCollector"){ return 403; }
if ($http_user_agent ~* "^EmailSiphon"){ return 403; }
if ($http_user_agent ~* "^EmailWolf"){ return 403; }
if ($http_user_agent ~* "^ExtractorPro"){ return 403; }
if ($http_user_agent ~* "^EyeNetIE"){ return 403; }
if ($http_user_agent ~* "^feedfinder"){ return 403; }
if ($http_user_agent ~* "^FlashGet"){ return 403; }
if ($http_user_agent ~* "^flicky"){ return 403; }
if ($http_user_agent ~* "^GetRight"){ return 403; }
if ($http_user_agent ~* "^GetWeb!"){ return 403; }
if ($http_user_agent ~* "^Go-Ahead-Got-It"){ return 403; }
if ($http_user_agent ~* "^Go!Zilla"){ return 403; }
if ($http_user_agent ~* "^GrabNet"){ return 403; }
if ($http_user_agent ~* "^Grafula"){ return 403; }
if ($http_user_agent ~* "^HMView"){ return 403; }
if ($http_user_agent ~* "^ia_archiver"){ return 403; }
if ($http_user_agent ~* "^InterGET"){ return 403; }
if ($http_user_agent ~* "^InternetSeer.com"){ return 403; }
if ($http_user_agent ~* "^jakarta"){ return 403; }
if ($http_user_agent ~* "^Java"){ return 403; }
if ($http_user_agent ~* "^JetCar"){ return 403; }
if ($http_user_agent ~* "^kmccrew"){ return 403; }
if ($http_user_agent ~* "^larbin"){ return 403; }
if ($http_user_agent ~* "^LeechFTP"){ return 403; }
if ($http_user_agent ~* "^Maxthon$"){ return 403; }
if ($http_user_agent ~* "^microsoft.url"){ return 403; }
if ($http_user_agent ~* "^Mozilla.*Indy"){ return 403; }
if ($http_user_agent ~* "^Mozilla.*NEWT"){ return 403; }
if ($http_user_agent ~* "^MSFrontPage"){ return 403; }
if ($http_user_agent ~* "^Navroad"){ return 403; }
if ($http_user_agent ~* "^NearSite"){ return 403; }
if ($http_user_agent ~* "^NetAnts"){ return 403; }
if ($http_user_agent ~* "^NetSpider"){ return 403; }
if ($http_user_agent ~* "^NetZIP"){ return 403; }
if ($http_user_agent ~* "^nutch"){ return 403; }
if ($http_user_agent ~* "^Octopus"){ return 403; }
if ($http_user_agent ~* "^PageGrabber"){ return 403; }
if ($http_user_agent ~* "^pavuk"){ return 403; }
if ($http_user_agent ~* "^pcBrowser"){ return 403; }
if ($http_user_agent ~* "^PeoplePal"){ return 403; }
if ($http_user_agent ~* "^planetwork"){ return 403; }
if ($http_user_agent ~* "^psbot"){ return 403; }
if ($http_user_agent ~* "^purebot"){ return 403; }
if ($http_user_agent ~* "^pycurl"){ return 403; }
if ($http_user_agent ~* "^RealDownload"){ return 403; }
if ($http_user_agent ~* "^ReGet"){ return 403; }
if ($http_user_agent ~* "^Rippers"){ return 403; }
if ($http_user_agent ~* "^SeaMonkey$"){ return 403; }
if ($http_user_agent ~* "^sitecheck.internetseer.com"){ return 403; }
if ($http_user_agent ~* "^SiteSnagger"){ return 403; }
if ($http_user_agent ~* "^skygrid"){ return 403; }
if ($http_user_agent ~* "^SmartDownload"){ return 403; }
if ($http_user_agent ~* "^sucker"){ return 403; }
if ($http_user_agent ~* "^SuperBot"){ return 403; }
if ($http_user_agent ~* "^SuperHTTP"){ return 403; }
if ($http_user_agent ~* "^Surfbot"){ return 403; }
if ($http_user_agent ~* "^tAkeOut"){ return 403; }
if ($http_user_agent ~* "^Teleport"){ return 403; }
if ($http_user_agent ~* "^Toata"){ return 403; }
if ($http_user_agent ~* "^turnit"){ return 403; }
if ($http_user_agent ~* "^vikspider"){ return 403; }
if ($http_user_agent ~* "^VoidEYE"){ return 403; }
if ($http_user_agent ~* "^WebAuto"){ return 403; }
if ($http_user_agent ~* "^WebCopier"){ return 403; }
if ($http_user_agent ~* "^WebFetch"){ return 403; }
if ($http_user_agent ~* "^WebLeacher"){ return 403; }
if ($http_user_agent ~* "^WebReaper"){ return 403; }
if ($http_user_agent ~* "^WebSauger"){ return 403; }
if ($http_user_agent ~* "^WPScan"){ return 403; }
if ($http_user_agent ~* "^WebStripper"){ return 403; }
if ($http_user_agent ~* "^WebWhacker"){ return 403; }
if ($http_user_agent ~* "^WebZIP"){ return 403; }
if ($http_user_agent ~* "^Wget"){ return 403; }
if ($http_user_agent ~* "^Widow"){ return 403; }
if ($http_user_agent ~* "^WWW-Mechanize"){ return 403; }
if ($http_user_agent ~* "^WWWOFFLE"){ return 403; }
if ($http_user_agent ~* "^Zeus"){ return 403; }
if ($http_user_agent ~* "^zmeu"){ return 403; }
if ($http_user_agent ~* "CazoodleBot"){ return 403; }
if ($http_user_agent ~* "discobot"){ return 403; }
if ($http_user_agent ~* "ecxi"){ return 403; }
if ($http_user_agent ~* "GT::WWW"){ return 403; }
if ($http_user_agent ~* "heritrix"){ return 403; }
if ($http_user_agent ~* "HTTP::Lite"){ return 403; }
if ($http_user_agent ~* "HTTrack"){ return 403; }
if ($http_user_agent ~* "ia_archiver"){ return 403; }
if ($http_user_agent ~* "id-search"){ return 403; }
if ($http_user_agent ~* "id-search.org"){ return 403; }
if ($http_user_agent ~* "IDBot"){ return 403; }
if ($http_user_agent ~* "IRLbot"){ return 403; }
if ($http_user_agent ~* "LinksManager.com_bot"){ return 403; }
if ($http_user_agent ~* "linkwalker"){ return 403; }
if ($http_user_agent ~* "lwp-trivial"){ return 403; }
if ($http_user_agent ~* "MFC_Tear_Sample"){ return 403; }
if ($http_user_agent ~* "panscient.com"){ return 403; }
if ($http_user_agent ~* "PECL::HTTP"){ return 403; }
if ($http_user_agent ~* "PHPCrawl"){ return 403; }
if ($http_user_agent ~* "PleaseCrawl"){ return 403; }
if ($http_user_agent ~* "SBIder"){ return 403; }
if ($http_user_agent ~* "Snoopy"){ return 403; }
if ($http_user_agent ~* "Steeler"){ return 403; }
if ($http_user_agent ~* "URI::Fetch"){ return 403; }
if ($http_user_agent ~* "urllib"){ return 403; }
if ($http_user_agent ~* "User-Agent"){ return 403; }
if ($http_user_agent ~* "webalta"){ return 403; }
if ($http_user_agent ~* "WebCollage"){ return 403; }
if ($http_user_agent ~* "zermelo"){ return 403; }
if ($http_user_agent ~* "ZyBorg"){ return 403; }
# END Ban Users
# BEGIN Tweaks
# Rules to block access to WordPress specific files and wp-includes
location ~ /\.ht { deny all; }
location ~ wp-config.php { deny all; }
location ~ readme.html { deny all; }
location ~ readme.txt { deny all; }
location ~ /install.php { deny all; }
location ^wp-includes/(.*).php { deny all; }
location ^/wp-admin/includes(.*)$ { deny all; }
# Rules to disable XML-RPC
location ~ xmlrpc.php { deny all; }
# Rules to prevent php execution in uploads
location ^(.*)/uploads/(.*).php(.?){ deny all; }
# Rules to block unneeded HTTP methods
if ($request_method ~* "^(TRACE|DELETE|TRACK)"){ return 403; }
# Rules to help reduce spam
location /wp-comments-post.php {
valid_referers jetpack.wordpress.com/jetpack-comment/ *.coralseait.com;
set $rule_0 0;
if ($request_method ~ "POST"){ set $rule_0 1$rule_0; }
if ($invalid_referer) { set $rule_0 2$rule_0; }
if ($http_user_agent ~ "^$"){ set $rule_0 3$rule_0; }
if ($rule_0 = "3210") { return 403; }
}
# END Tweaks
location ~ /wp-content/cache/minify..js$ {
types {}
default_type application/x-javascript;
expires modified 31536000s;
add_header X-Powered-By “W3 Total Cache/0.9.4”;
add_header Vary “Accept-Encoding”;
add_header Pragma “public”;
add_header Cache-Control “max-age=31536000, public”;
}
location ~ /wp-content/cache/minify..css$ {
types {}
default_type text/css;
expires modified 31536000s;
add_header X-Powered-By “W3 Total Cache/0.9.4”;
add_header Vary “Accept-Encoding”;
add_header Pragma “public”;
add_header Cache-Control “max-age=31536000, public”;
}
location ~ /wp-content/cache/minify.*js.gzip$ {
gzip off;
types {}
default_type application/x-javascript;
expires modified 31536000s;
add_header X-Powered-By “W3 Total Cache/0.9.4”;
add_header Vary “Accept-Encoding”;
add_header Pragma “public”;
add_header Cache-Control “max-age=31536000, public”;
add_header Content-Encoding gzip;
}
location ~ /wp-content/cache/minify.*css.gzip$ {
gzip off;
types {}
default_type text/css;
expires modified 31536000s;
add_header X-Powered-By “W3 Total Cache/0.9.4”;
add_header Vary “Accept-Encoding”;
add_header Pragma “public”;
add_header Cache-Control “max-age=31536000, public”;
add_header Content-Encoding gzip;
}
gzip on;
gzip_types text/css text/x-component application/x-javascript application/javascript text/javascript text/x-js text/richtext image/svg+xml text/plain text/xsd text/xsl text/xml image/x-icon;
location ~ .(css|htc|less|js|js2|js3|js4)$ {
expires 31536000s;
add_header Pragma “public”;
add_header Cache-Control “max-age=31536000, public”;
add_header X-Powered-By “W3 Total Cache/0.9.4”;
location ~ .(asf|asx|wax|wmv|wmx|avi|bmp|class|divx|doc|docx|eot|exe|gif|gz|gzip|ico|jpg|jpeg|jpe|json|mdb|mid|midi|mov|qt|mp3|m4a|mp4|m4v|mpeg|mpg|mpe|mpp|otf|odb|odc|odf|odg|odp|ods|odt|ogg|pdf|png|pot|pps|ppt|pptx|ra|ram|svg|s$
expires 31536000s;
add_header Pragma “public”;
add_header Cache-Control “max-age=31536000, public”;
add_header Link “<$scheme://$host$uri>; rel=“canonical””;
add_header X-Powered-By “W3 Total Cache/0.9.4”;
}
location ~ .(ttf|ttc|otf|eot|woff|font.css)$ {
add_header Access-Control-Allow-Origin “*”;
}
rewrite ^/wp-content/cache/minify./w3tc_rewrite_test$ /wp-content/plugins/w3-total-cache/pub/minify.php?w3tc_rewrite_test=1 last;
set $w3tc_enc “”;
if ($http_accept_encoding ~ gzip) {
set $w3tc_enc .gzip;
}
if (-f $request_filename$w3tc_enc) {
rewrite (.) $1$w3tc_enc break;
}
rewrite ^/wp-content/cache/minify/(.+/[X]+.css)$ /wp-content/plugins/w3-total-cache/pub/minify.php?test_file=$1 last;
rewrite ^/wp-content/cache/minify/(.+.(css|js))$ /wp-content/plugins/w3-total-cache/pub/minify.php?file=$1 last;
if (-f $request_filename) {
break;
}
if (-d $request_filename) {
break;
}
if ($request_uri ~ “(robots.txt|sitemap(index)?.xml(.gz)?|[a-z0-9-]±sitemap([0-9]+)?.xml(.gz)?|geo_sitemap.xml(.gz))”) {
break;
}
if ($request_uri ~* .(css|htc|less|js|js2|js3|js4|html|htm|rtf|rtx|svg|svgz|txt|xsd|xsl|xml|asf|asx|wax|wmv|wmx|avi|bmp|class|divx|doc|docx|eot|exe|gif|gz|gzip|ico|jpg|jpeg|jpe|json|mdb|mid|midi|mov|qt|mp3|m4a|mp4|m4v|mpeg|mpg|mp$
return 404;
}
@David Edwards
perform these steps
ee site edit [site name]
and append
include /var/www/[site name]/htdocs/nginx.conf;
this will reload nginx and your security rules get added.
Thank you very much Harshad!
Is that the preferred ‘ee engine’ way of supporting the plugins that use this going forward (for the road map)? I have to image many of us will be using various additional plugins, so I want to follow the intended best practice or planned best practice in the road map.
Cheers!
@David
Yes, it is the preferred way of adding rules to nginx site. you can add rules to nginx conf of particular website but make sure that rules are correct.
Hello @davidedwards,
I hope your query is resolved. I am closing this support ticket for now.
Feel free to create a new support ticket if you have any queries further. 