Skip to content

Instantly share code, notes, and snippets.

@mmilosheski

mmilosheski/cache-improvments-nginx.conf

Created October 12, 2019 08:57
Show Gist options
  • Save mmilosheski/64f431a2dded713f48eb46daa3b831f5 to your computer and use it in GitHub Desktop.
Save mmilosheski/64f431a2dded713f48eb46daa3b831f5 to your computer and use it in GitHub Desktop.
Download ZIP
Originally written by: https://bjornen.dev/wordpress-security-cache-protection-and-re-directs/ for apache, here is the nginx equivalent
Raw
cache-improvments-nginx.conf
# nginx configuration
location ~ ^/tag/?$ {
rewrite ^(.*)$ https://example.com/ redirect;
}
location ~ ^/page/?$ {
rewrite ^(.*)$ https://example.com/ redirect;
}
location ~ ^/search/?$ {
rewrite ^(.*)$ https://example.com/ redirect;
}
location ~ ^/category/?$ {
rewrite ^(.*)$ https://example.com/ redirect;
}
location ~ /wp/?$ {
rewrite ^(.*)$ https://example.com/ redirect;
}
location ~ ^/favicon\.(?!ico) {
rewrite ^(.*)$ https://example.com/favicon.ico redirect;
}
location ~ (?<!(^/))favicon\. {
rewrite ^(.*)$ https://example.com/favicon.ico redirect;
}
location ~ /apple-touch-icon(.*)?.png {
rewrite ^(.*)$ https://example.com/apple.png redirect;
}
location ~ (?<!(^/))(humans|robots)\.txt {
rewrite ^(.*)$ https://example.com/$2.txt redirect;
}
location ~ (?<!(^(/wp/)))(xmlrpc)\.php {
rewrite ^(.*)$ https://example.com/wp/xmlrpc.php redirect;
}
location ~ (?<!(^(/wp/)))(wp-login)\.php {
rewrite ^(.*)$ https://example.com/wp/wp-login.php redirect;
}
location / {
if ($request_method ~* "^(HEAD|TRACE|DELETE|TRACK|DEBUG)"){
return 403;
}
if ($request_method ~* "GET"){
return 403;
}
if ($query_string ~* "[a-zA-Z0-9_]=(\.\.//?)+"){
return 403;
}
if ($query_string ~* "[a-zA-Z0-9_]=/([a-z0-9_.]//?)+"){
return 403;
}
if ($query_string ~* "(eval\()"){
return 403;
}
if ($query_string ~* "(javascript:)(.*)(;)"){
return 403;
}
if ($query_string ~* "(base64_encode)(.*)(\()"){
return 403;
}
if ($query_string ~* "(GLOBALS|REQUEST)(=|\"){
return 403;
}
if ($query_string ~* "(<|%3C)(.*)script(.*)(>|%3)"){
return 403;
}
if ($query_string ~* "(\\|\.\.\.|\.\./|~|`|<|>|\|)"){
return 403;
}
if ($query_string ~* "mosConfig_[a-zA-Z_]{1,22}(=|%3D)"){
return 403;
}
if ($query_string ~* "(boot\.ini|etc/passwd|self/environ)"){
return 403;
}
if ($query_string ~* "(\'|\")(.*)(drop|exec|insert|md5|select|union)"){
return 403;
}
if ($http_user_agent ~* "(libwww-perl|wget|python|nikto|curl|scan|java|winhttp|clshttp|loader)"){
return 403;
}
if ($http_user_agent ~* "(<|>|'|%0A|%0D|%27|%3C|%3E|%00)"){
return 403;
}
if ($http_user_agent ~* "(;|<|>|'|"|\)|\(|%0A|%0D|%22|%27|%28|%3C|%3E|%00).*(libwww-perl|wget|python|nikto|curl|scan|java|winhttp|HTTrack|clshttp|archiver|loader|email|harvest|extract|grab|miner)"){
return 403;
}
if ($query_string ~ "[a-zA-Z0-9_]=http://"){
return 403;
}
if ($query_string ~ "[a-zA-Z0-9_]=http%3A%2F%2F"){
return 403;
}
if ($query_string ~ "[a-zA-Z0-9_]=(\.\.//?)+"){
return 403;
}
if ($query_string ~* "[a-zA-Z0-9_]=/([a-z0-9_.]//?)+"){
return 403;
}
if ($query_string ~* "\=PHP[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}"){
return 403;
}
if ($query_string ~ "(\.\./|\.\.)"){
return 403;
}
if ($query_string ~* "ftp\:"){
return 403;
}
if ($query_string ~* "http\:"){
return 403;
}
if ($query_string ~* "https\:"){
return 403;
}
if ($query_string ~* "\=\|w\|"){
return 403;
}
if ($query_string ~* "^(.*)/self/(.*)$"){
return 403;
}
if ($query_string ~* "^(.*)cPath=http://(.*)$"){
return 403;
}
if ($query_string ~* "(\<|%3C).*script.*(\>|%3E)"){
return 403;
}
if ($query_string ~* "(<|%3C)([^s]*s)+cript.*(>|%3E)"){
return 403;
}
if ($query_string ~* "(\<|%3C).*iframe.*(\>|%3E)"){
return 403;
}
if ($query_string ~* "(<|%3C)([^i]*i)+frame.*(>|%3E)"){
return 403;
}
if ($query_string ~* "base64_encode.*\(.*\)"){
return 403;
}
if ($query_string ~* "base64_(en|de)code[^(]*\([^)]*\)"){
return 403;
}
if ($query_string ~ "GLOBALS(=|\[|\%[0-9A-Z]{0,2})"){
return 403;
}
if ($query_string ~ "_REQUEST(=|\[|\%[0-9A-Z]{0,2})"){
return 403;
}
if ($query_string ~* "^.*(\[|\]|\(|\)|<|>).*"){
return 403;
}
if ($query_string ~ "(NULL|OUTFILE|LOAD_FILE)"){
return 403;
}
if ($query_string ~* "(\./|\../|\.../)+(motd|etc|bin)"){
return 403;
}
if ($query_string ~* "(localhost|loopback|127\.0\.0\.1)"){
return 403;
}
if ($query_string ~* "(<|>|'|%0A|%0D|%27|%3C|%3E|%00)"){
return 403;
}
if ($query_string ~* "concat[^\(]*\("){
return 403;
}
if ($query_string ~* "union([^s]*s)+elect"){
return 403;
}
if ($query_string ~* "union([^a]*a)+ll([^s]*s)+elect"){
return 403;
}
if ($query_string ~* "(;|<|>|'|"|\)|%0A|%0D|%22|%27|%3C|%3E|%00).*(/\*|union|select|insert|drop|delete|update|cast|create|char|convert|alter|declare|order|script|set|md5|benchmark|encode)"){
return 403;
}
if ($query_string ~* "^(%2d|\-)[^=]+$"){
return 403;
}
if ($query_string ~* "proc\/self\/environ"){
return 403;
}
if ($query_string ~* "(sp_executesql)"){
return 403;
}
rewrite ^(.*)$ https://$http_host$request_uri redirect;
}
location /wp-config.php {
deny all;
}
location /xmlrpc.php {
deny all;
}
location ~ ^.*\.([Hh][Tt][Aa]) {
deny all;
}
location /php.ini {
deny all;
}
location /php5.ini {
deny all;
}
location /install.php {
deny all;
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment