Guest User

Untitled

a guest
Nov 28th, 2018
34
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. load_module /usr/local/libexec/nginx/ngx_stream_module.so;
  2. load_module /usr/local/libexec/nginx/ngx_http_naxsi_module.so;
  3. load_module /usr/local/libexec/nginx/ngx_mail_module.so;
  4. load_module /usr/local/libexec/nginx/ngx_http_brotli_filter_module.so;
  5. load_module /usr/local/libexec/nginx/ngx_http_brotli_static_module.so;
  6.  
  7. user www staff;
  8. worker_processes  1;
  9.  
  10. error_log  /var/log/nginx/error.log;
  11.  
  12. events {
  13.     worker_connections  1024;
  14. }
  15.  
  16. http {
  17. include       mime.types;
  18.  
  19.  
  20. MainRule id:1000 "rx:select|union|update|delete|insert|table|from|ascii|hex|unhex|drop" "msg:sql keywords" "mz:ARGS|$HEADERS_VAR_X:Cookie" "s:$policyade66794614d4d80bd76272367ac9034:8";
  21.  
  22. MainRule id:1002 "str:0x" "msg:0x, possible hex encoding" "mz:ARGS|$HEADERS_VAR:Cookie" "s:$policyade66794614d4d80bd76272367ac9034:8";
  23.  
  24. MainRule id:1003 "str:/*" "msg:mysql comment (/*)" "mz:ARGS|$HEADERS_VAR:Cookie" "s:$policyade66794614d4d80bd76272367ac9034:8";
  25.  
  26. MainRule id:1004 "str:*/" "msg:mysql comment (*/)" "mz:ARGS|$HEADERS_VAR:Cookie" "s:$policyade66794614d4d80bd76272367ac9034:8";
  27.  
  28. MainRule id:1006 "str:&&" "msg:mysql keyword (&&)" "mz:ARGS|$HEADERS_VAR:Cookie" "s:$policyade66794614d4d80bd76272367ac9034:8";
  29.  
  30. MainRule id:1007 "str:--" "msg:mysql comment (--)" "mz:ARGS|$HEADERS_VAR:Cookie" "s:$policyade66794614d4d80bd76272367ac9034:8";
  31.  
  32. MainRule id:1008 "str:;" "msg:semicolon" "mz:ARGS" "s:$policyade66794614d4d80bd76272367ac9034:8";
  33.  
  34. MainRule id:1009 "str:=" "msg:equal sign in var, probable sql/xss" "mz:ARGS" "s:$policyade66794614d4d80bd76272367ac9034:8";
  35.  
  36. MainRule id:1010 "str:(" "msg:open parenthesis, probable sql/xss" "mz:ARGS|$HEADERS_VAR:Cookie" "s:$policyade66794614d4d80bd76272367ac9034:8";
  37.  
  38. MainRule id:1011 "str:)" "msg:close parenthesis, probable sql/xss" "mz:ARGS|$HEADERS_VAR:Cookie" "s:$policyade66794614d4d80bd76272367ac9034:8";
  39.  
  40. MainRule id:1013 "str:'" "msg:simple quote" "mz:ARGS|$HEADERS_VAR:Cookie" "s:$policyade66794614d4d80bd76272367ac9034:8";
  41.  
  42. MainRule id:1015 "str:," "msg:comma" "mz:ARGS|$HEADERS_VAR:Cookie" "s:$policyade66794614d4d80bd76272367ac9034:8";
  43.  
  44. MainRule id:1016 "str:#" "msg:mysql comment (#)" "mz:ARGS|$HEADERS_VAR:Cookie" "s:$policyade66794614d4d80bd76272367ac9034:8";
  45.  
  46. MainRule id:1017 "str:@@" "msg:double arobase (@@)" "mz:ARGS|$HEADERS_VAR:Cookie" "s:$policyade66794614d4d80bd76272367ac9034:8";
  47. MainRule id:1100 "str:http://" "msg:http:// scheme" "mz:ARGS|$HEADERS_VAR:Cookie" "s:$policy1c0480d874834fdfab63313107d8d987:8";
  48. MainRule id:1101 "str:https://" "msg:https:// scheme" "mz:ARGS|$HEADERS_VAR:Cookie" "s:$policy1c0480d874834fdfab63313107d8d987:8";
  49.  
  50. MainRule id:1102 "str:ftp://" "msg:ftp:// scheme" "mz:ARGS|$HEADERS_VAR:Cookie" "s:$policy1c0480d874834fdfab63313107d8d987:8";
  51.  
  52. MainRule id:1103 "str:php://" "msg:php:// scheme" "mz:ARGS|$HEADERS_VAR:Cookie" "s:$policy1c0480d874834fdfab63313107d8d987:8";
  53.  
  54. MainRule id:1104 "str:sftp://" "msg:sftp:// scheme" "mz:ARGS|$HEADERS_VAR:Cookie" "s:$policy1c0480d874834fdfab63313107d8d987:8";
  55. MainRule id:1105 "str:zlib://" "msg:zlib:// scheme" "mz:ARGS|$HEADERS_VAR:Cookie" "s:$policy1c0480d874834fdfab63313107d8d987:8";
  56. MainRule id:1106 "str:data://" "msg:data:// scheme" "mz:ARGS|$HEADERS_VAR:Cookie" "s:$policy1c0480d874834fdfab63313107d8d987:8";
  57. MainRule id:1107 "str:glob://" "msg:glob:// scheme" "mz:ARGS|$HEADERS_VAR:Cookie" "s:$policy1c0480d874834fdfab63313107d8d987:8";
  58. MainRule id:1108 "str:phar://" "msg:phar:// scheme" "mz:ARGS|$HEADERS_VAR:Cookie" "s:$policy1c0480d874834fdfab63313107d8d987:8";
  59. MainRule id:1109 "str:file://" "msg:file:// scheme" "mz:ARGS|$HEADERS_VAR:Cookie" "s:$policy1c0480d874834fdfab63313107d8d987:8";
  60. MainRule id:1110 "str:gopher://" "msg:gopher:// scheme" "mz:ARGS|$HEADERS_VAR:Cookie" "s:$policy1c0480d874834fdfab63313107d8d987:8";
  61.  
  62. MainRule id:1200 "str:.." "msg:double dot" "mz:ARGS|$HEADERS_VAR:Cookie" "s:$policy2cc55acff3794c3291aec2bee3351296:8";
  63.  
  64. MainRule id:1202 "str:/etc/passwd" "msg:obvious probe" "mz:ARGS|$HEADERS_VAR:Cookie" "s:$policy2cc55acff3794c3291aec2bee3351296:8";
  65.  
  66. MainRule id:1203 "str:c:\\" "msg:obvious windows path" "mz:ARGS|$HEADERS_VAR:Cookie" "s:$policy2cc55acff3794c3291aec2bee3351296:8";
  67.  
  68. MainRule id:1204 "str:cmd.exe" "msg:obvious probe" "mz:ARGS|$HEADERS_VAR:Cookie" "s:$policy2cc55acff3794c3291aec2bee3351296:8";
  69.  
  70. MainRule id:1205 "str:\\" "msg:backslash" "mz:ARGS|$HEADERS_VAR:Cookie" "s:$policy2cc55acff3794c3291aec2bee3351296:8";
  71.  
  72. MainRule id:1206 "str:/" "msg:slash in args" "mz:ARGS|$HEADERS_VAR:Cookie" "s:$policy2cc55acff3794c3291aec2bee3351296:8";
  73.  
  74. MainRule id:1302 "str:<" "msg:html open tag" "mz:ARGS|$HEADERS_VAR:Cookie" "s:$policy127e988975984655b82d3eefe7f881c6:8";
  75.  
  76. MainRule id:1303 "str:>" "msg:html close tag" "mz:ARGS|$HEADERS_VAR:Cookie" "s:$policy127e988975984655b82d3eefe7f881c6:8";
  77.  
  78. MainRule id:1310 "str:[" "msg:open square backet ([), possible js" "mz:ARGS|$HEADERS_VAR:Cookie" "s:$policy127e988975984655b82d3eefe7f881c6:8";
  79.  
  80. MainRule id:1311 "str:]" "msg:close square bracket (]), possible js" "mz:ARGS|$HEADERS_VAR:Cookie" "s:$policy127e988975984655b82d3eefe7f881c6:8";
  81.  
  82. MainRule id:1312 "str:~" "msg:tilde (~) character" "mz:ARGS|$HEADERS_VAR:Cookie" "s:$policy127e988975984655b82d3eefe7f881c6:8";
  83.  
  84. MainRule id:1400 "str:&#" "msg:utf7/8 encoding" "mz:ARGS|$HEADERS_VAR:Cookie" "s:$policye9d3021b531b49c4a428c16606345e86:8";
  85.  
  86. MainRule id:1401 "str:%U" "msg:M$ encoding" "mz:ARGS|$HEADERS_VAR:Cookie" "s:$policye9d3021b531b49c4a428c16606345e86:8";
  87.  
  88. MainRule id:1500 "rx:\.ph|\.asp|\.ht" "msg:asp/php file upload" "mz:FILE_EXT" "s:$policy07991d37641a4506b9e90622d9205729:8";
  89.  
  90.  
  91. log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
  92.                   '$status $body_bytes_sent "$http_referer" '
  93.                   '"$http_user_agent" "$http_x_forwarded_for"';
  94. log_format  anonymized  ':: - $remote_user [$time_local] "$request" '
  95.                   '$status $body_bytes_sent "$http_referer" '
  96.                   '"$http_user_agent" "$http_x_forwarded_for"';
  97.  
  98. #tcp_nopush     on;
  99.  
  100. # 200M should be big enough for file servers etc.
  101. client_max_body_size 200M;
  102. brotli_static on;
  103. brotli on;
  104. gzip_static on;
  105. gzip on;
  106. server_tokens off;
  107. sendfile Off;
  108. default_type  application/octet-stream;
  109. keepalive_timeout 60;
  110.  
  111. map $http_upgrade $connection_upgrade {
  112.     default upgrade;
  113.     ''      close;
  114. }
  115.  
  116. # TODO add when core is ready for allowing nginx to serve the web interface
  117. # include nginx_web.conf;
  118.  
  119.  
  120.  
  121.  
  122. # UPSTREAM SERVERS
  123. upstream upstream58a939473afe4f73bd7efef96629e130 {
  124. server 10.15.0.1:80 weight=1 max_conns=500 max_fails=10 fail_timeout=10;
  125.  
  126. }
  127. upstream upstreamb9cdcf636a9246c7b259cbecb7cd6b0e {
  128. server 10.15.0.2:80 weight=1 max_conns=500 max_fails=10 fail_timeout=10;
  129.  
  130. }
  131.  
  132. server {
  133.     listen  80;
  134.     listen  [::]:80;
  135.     server_name  www.xxx.com;
  136.     charset utf-8;
  137.     access_log  /var/log/nginx/www.xxx.com.access.log main;
  138.     error_log  /var/log/nginx/www.xxx.com.error.log;
  139.     #include tls.conf;
  140.     error_page 404 /opnsense_error_404.html;
  141.     error_page 500 501 502 503 504 /opnsense_server_error.html;
  142.     # location to ban the host permanently
  143.     set $naxsi_extensive_log 0;
  144.     location @permanentban {
  145.         access_log /var/log/nginx/permanentban.access.log main;
  146.         internal;
  147.         add_header Content-Type text/plain;
  148.         add_header Charset utf-8;
  149.         return 403 "You got banned permanently from this server.";
  150.     }
  151.     error_page 418 = @permanentban;
  152.     location /opnsense_server_error.html {
  153.         internal;
  154.         root /usr/local/etc/nginx/views;
  155.     }
  156.     location /opnsense_error_404.html {
  157.         internal;
  158.         root /usr/local/etc/nginx/views;
  159.     }
  160.     location /waf_denied.html {
  161.         root /usr/local/etc/nginx/views;
  162.         access_log /var/log/nginx/waf_denied.access.log main;
  163.     }
  164.     location ^~ /.well-known/acme-challenge/ {
  165.         default_type "text/plain";
  166.         root /var/etc/acme-client/challenges;
  167.     }
  168.     # block based on User Agents - stuff I have found over the years in my server log
  169.     if ($http_user_agent ~* Python-urllib|Nmap|python-requests|libwww-perl|MJ12bot|Jorgee|fasthttp|libwww|Telesphoreo|A6-Indexer|ltx71|okhttp|ZmEu|sqlmap|LMAO/2.0|ltx71|zgrab|Ronin/2.0|Hakai/2.0) {
  170.       return 418;
  171.     }
  172.         if ($http_user_agent ~ "Indy\sLibrary|Morfeus Fucking Scanner|MSIE [0-6]\.\d+")
  173.     {
  174.       return 418;
  175.     }
  176.     if ($http_user_agent ~ ^Mozilla/[\d\.]+$)
  177.     {
  178.       return 418;
  179.     }
  180.  
  181.     location = /opnsense-report-csp-violation {
  182.       include       fastcgi_params;
  183.       fastcgi_param QUERY_STRING $query_string;
  184.       fastcgi_param SCRIPT_FILENAME /usr/local/opnsense/scripts/nginx/csp_report.php;
  185.       fastcgi_param TLS-Cipher $ssl_cipher;
  186.       fastcgi_param TLS-Protocol $ssl_protocol;
  187.       fastcgi_param TLS-SNI-Host $ssl_server_name;
  188.       fastcgi_param SERVER-UUID "d5602450-f3b9-4163-a5e2-f0d09e2f3678";
  189.       fastcgi_intercept_errors on;
  190.       fastcgi_pass  unix:/var/run/php-webgui.socket;
  191.     }
  192.     location /opnsense-auth-request {
  193.       internal;
  194.       fastcgi_pass  unix:/var/run/php-webgui.socket;
  195.       fastcgi_index index.php;
  196.       fastcgi_param TLS-Cipher $ssl_cipher;
  197.       fastcgi_param TLS-Protocol $ssl_protocol;
  198.       fastcgi_param TLS-SNI-Host $ssl_server_name;
  199.       fastcgi_param Original-URI $request_uri;
  200.       fastcgi_param Original-HOST $host;
  201.       fastcgi_param SERVER-UUID "d5602450-f3b9-4163-a5e2-f0d09e2f3678";
  202.       fastcgi_param SCRIPT_FILENAME  /usr/local/opnsense/scripts/nginx/ngx_auth.php;
  203.       fastcgi_intercept_errors on;
  204.       include        fastcgi_params;
  205.     }
  206.  
  207.  
  208. location  /gerencial {
  209.     SecRulesEnabled;
  210.     LibInjectionXss;
  211.     CheckRule "$LIBINJECTION_XSS >= 8" BLOCK;
  212.     BasicRule wl:19;
  213.  
  214.     CheckRule "$policyade66794614d4d80bd76272367ac9034 >= 8" BLOCK;
  215.  
  216.     CheckRule "$policy1c0480d874834fdfab63313107d8d987 >= 8" BLOCK;
  217.  
  218.     CheckRule "$policy2cc55acff3794c3291aec2bee3351296 >= 8" BLOCK;
  219.  
  220.     CheckRule "$policy127e988975984655b82d3eefe7f881c6 >= 8" BLOCK;
  221.  
  222.     CheckRule "$policye9d3021b531b49c4a428c16606345e86 >= 8" BLOCK;
  223.  
  224.     CheckRule "$policy07991d37641a4506b9e90622d9205729 >= 8" BLOCK;
  225.     LibInjectionSql;
  226.     CheckRule "$LIBINJECTION_SQL >= 8" BLOCK;
  227.     DeniedUrl "/waf_denied.html";
  228.     autoindex off;
  229.     http2_push_preload off;
  230.     proxy_set_header Host $host;
  231.     proxy_set_header X-TLS-Cipher $ssl_cipher;
  232.     proxy_set_header X-TLS-Protocol $ssl_protocol;
  233.     proxy_set_header X-TLS-SNI-Host $ssl_server_name;
  234.     # proxy headers for backend server
  235.     proxy_set_header X-Real-IP $remote_addr;
  236.     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  237.     proxy_set_header X-Forwarded-Proto $scheme;
  238.     proxy_pass http://upstreamb9cdcf636a9246c7b259cbecb7cd6b0e;
  239.  
  240. }
  241.  
  242. location  /elms {
  243.     SecRulesEnabled;
  244.     LibInjectionXss;
  245.     CheckRule "$LIBINJECTION_XSS >= 8" BLOCK;
  246.     BasicRule wl:19;
  247.  
  248.     CheckRule "$policyade66794614d4d80bd76272367ac9034 >= 8" BLOCK;
  249.  
  250.     CheckRule "$policy1c0480d874834fdfab63313107d8d987 >= 8" BLOCK;
  251.  
  252.     CheckRule "$policy2cc55acff3794c3291aec2bee3351296 >= 8" BLOCK;
  253.  
  254.     CheckRule "$policy127e988975984655b82d3eefe7f881c6 >= 8" BLOCK;
  255.  
  256.     CheckRule "$policye9d3021b531b49c4a428c16606345e86 >= 8" BLOCK;
  257.  
  258.     CheckRule "$policy07991d37641a4506b9e90622d9205729 >= 8" BLOCK;
  259.     LibInjectionSql;
  260.     CheckRule "$LIBINJECTION_SQL >= 8" BLOCK;
  261.     DeniedUrl "/waf_denied.html";
  262.     autoindex off;
  263.     http2_push_preload off;
  264.     proxy_set_header Host $host;
  265.     proxy_set_header X-TLS-Cipher $ssl_cipher;
  266.     proxy_set_header X-TLS-Protocol $ssl_protocol;
  267.     proxy_set_header X-TLS-SNI-Host $ssl_server_name;
  268.     # proxy headers for backend server
  269.     proxy_set_header X-Real-IP $remote_addr;
  270.     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  271.     proxy_set_header X-Forwarded-Proto $scheme;
  272.     proxy_pass http://upstreamb9cdcf636a9246c7b259cbecb7cd6b0e;
  273.  
  274. }
  275.  
  276. location  / {
  277.     SecRulesEnabled;
  278.     LibInjectionXss;
  279.     CheckRule "$LIBINJECTION_XSS >= 8" BLOCK;
  280.     BasicRule wl:19;
  281.  
  282.     CheckRule "$policyade66794614d4d80bd76272367ac9034 >= 8" BLOCK;
  283.  
  284.     CheckRule "$policy1c0480d874834fdfab63313107d8d987 >= 8" BLOCK;
  285.  
  286.     CheckRule "$policy2cc55acff3794c3291aec2bee3351296 >= 8" BLOCK;
  287.  
  288.     CheckRule "$policy127e988975984655b82d3eefe7f881c6 >= 8" BLOCK;
  289.  
  290.     CheckRule "$policye9d3021b531b49c4a428c16606345e86 >= 8" BLOCK;
  291.  
  292.     CheckRule "$policy07991d37641a4506b9e90622d9205729 >= 8" BLOCK;
  293.     LibInjectionSql;
  294.     CheckRule "$LIBINJECTION_SQL >= 8" BLOCK;
  295.     DeniedUrl "/waf_denied.html";
  296.     autoindex off;
  297.     http2_push_preload off;
  298.     proxy_set_header Host $host;
  299.     proxy_set_header X-TLS-Cipher $ssl_cipher;
  300.     proxy_set_header X-TLS-Protocol $ssl_protocol;
  301.     proxy_set_header X-TLS-SNI-Host $ssl_server_name;
  302.     # proxy headers for backend server
  303.     proxy_set_header X-Real-IP $remote_addr;
  304.     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  305.     proxy_set_header X-Forwarded-Proto $scheme;
  306.     proxy_pass http://upstream58a939473afe4f73bd7efef96629e130;
  307.  
  308. }
  309. }
  310.  
  311. server {
  312.     listen  80;
  313.     listen  [::]:80;
  314.     server_name  plus.xxx.com;
  315.     charset utf-8;
  316.     access_log  /var/log/nginx/plus.xxx.com.access.log main;
  317.     error_log  /var/log/nginx/plus.xxx.com.error.log;
  318.     #include tls.conf;
  319.     error_page 404 /opnsense_error_404.html;
  320.     error_page 500 501 502 503 504 /opnsense_server_error.html;
  321.     # location to ban the host permanently
  322.     set $naxsi_extensive_log 0;
  323.     location @permanentban {
  324.         access_log /var/log/nginx/permanentban.access.log main;
  325.         internal;
  326.         add_header Content-Type text/plain;
  327.         add_header Charset utf-8;
  328.         return 403 "You got banned permanently from this server.";
  329.     }
  330.     error_page 418 = @permanentban;
  331.     location /opnsense_server_error.html {
  332.         internal;
  333.         root /usr/local/etc/nginx/views;
  334.     }
  335.     location /opnsense_error_404.html {
  336.         internal;
  337.         root /usr/local/etc/nginx/views;
  338.     }
  339.     location /waf_denied.html {
  340.         root /usr/local/etc/nginx/views;
  341.         access_log /var/log/nginx/waf_denied.access.log main;
  342.     }
  343.     location ^~ /.well-known/acme-challenge/ {
  344.         default_type "text/plain";
  345.         root /var/etc/acme-client/challenges;
  346.     }
  347.     # block based on User Agents - stuff I have found over the years in my server log
  348.     if ($http_user_agent ~* Python-urllib|Nmap|python-requests|libwww-perl|MJ12bot|Jorgee|fasthttp|libwww|Telesphoreo|A6-Indexer|ltx71|okhttp|ZmEu|sqlmap|LMAO/2.0|ltx71|zgrab|Ronin/2.0|Hakai/2.0) {
  349.       return 418;
  350.     }
  351.         if ($http_user_agent ~ "Indy\sLibrary|Morfeus Fucking Scanner|MSIE [0-6]\.\d+")
  352.     {
  353.       return 418;
  354.     }
  355.     if ($http_user_agent ~ ^Mozilla/[\d\.]+$)
  356.     {
  357.       return 418;
  358.     }
  359.  
  360.     location = /opnsense-report-csp-violation {
  361.       include       fastcgi_params;
  362.       fastcgi_param QUERY_STRING $query_string;
  363.       fastcgi_param SCRIPT_FILENAME /usr/local/opnsense/scripts/nginx/csp_report.php;
  364.       fastcgi_param TLS-Cipher $ssl_cipher;
  365.       fastcgi_param TLS-Protocol $ssl_protocol;
  366.       fastcgi_param TLS-SNI-Host $ssl_server_name;
  367.       fastcgi_param SERVER-UUID "8df10317-96d5-489e-9593-44cde20a2e12";
  368.       fastcgi_intercept_errors on;
  369.       fastcgi_pass  unix:/var/run/php-webgui.socket;
  370.     }
  371.     location /opnsense-auth-request {
  372.       internal;
  373.       fastcgi_pass  unix:/var/run/php-webgui.socket;
  374.       fastcgi_index index.php;
  375.       fastcgi_param TLS-Cipher $ssl_cipher;
  376.       fastcgi_param TLS-Protocol $ssl_protocol;
  377.       fastcgi_param TLS-SNI-Host $ssl_server_name;
  378.       fastcgi_param Original-URI $request_uri;
  379.       fastcgi_param Original-HOST $host;
  380.       fastcgi_param SERVER-UUID "8df10317-96d5-489e-9593-44cde20a2e12";
  381.       fastcgi_param SCRIPT_FILENAME  /usr/local/opnsense/scripts/nginx/ngx_auth.php;
  382.       fastcgi_intercept_errors on;
  383.       include        fastcgi_params;
  384.     }
  385.  
  386.  
  387. location  / {
  388.     SecRulesEnabled;
  389.     LibInjectionXss;
  390.     CheckRule "$LIBINJECTION_XSS >= 8" BLOCK;
  391.     BasicRule wl:19;
  392.  
  393.     CheckRule "$policyade66794614d4d80bd76272367ac9034 >= 8" BLOCK;
  394.  
  395.     CheckRule "$policy1c0480d874834fdfab63313107d8d987 >= 8" BLOCK;
  396.  
  397.     CheckRule "$policy2cc55acff3794c3291aec2bee3351296 >= 8" BLOCK;
  398.  
  399.     CheckRule "$policy127e988975984655b82d3eefe7f881c6 >= 8" BLOCK;
  400.  
  401.     CheckRule "$policye9d3021b531b49c4a428c16606345e86 >= 8" BLOCK;
  402.  
  403.     CheckRule "$policy07991d37641a4506b9e90622d9205729 >= 8" BLOCK;
  404.     LibInjectionSql;
  405.     CheckRule "$LIBINJECTION_SQL >= 8" BLOCK;
  406.     DeniedUrl "/waf_denied.html";
  407.     autoindex off;
  408.     http2_push_preload off;
  409.     proxy_set_header Host $host;
  410.     proxy_set_header X-TLS-Cipher $ssl_cipher;
  411.     proxy_set_header X-TLS-Protocol $ssl_protocol;
  412.     proxy_set_header X-TLS-SNI-Host $ssl_server_name;
  413.     # proxy headers for backend server
  414.     proxy_set_header X-Real-IP $remote_addr;
  415.     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  416.     proxy_set_header X-Forwarded-Proto $scheme;
  417.     proxy_pass http://upstream58a939473afe4f73bd7efef96629e130;
  418.  
  419. }
  420. }
  421.  
  422. }
  423. # mail {
  424. # }
RAW Paste Data