{"id":18822852,"url":"https://github.com/a2nt/nginx-security","last_synced_at":"2025-04-14T01:22:17.963Z","repository":{"id":148322248,"uuid":"75526566","full_name":"a2nt/nginx-security","owner":"a2nt","description":"Extended NGINX security + SilverStripe configuration","archived":false,"fork":false,"pushed_at":"2016-12-13T16:26:53.000Z","size":44,"stargazers_count":13,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-03-27T15:21:25.319Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/a2nt.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2016-12-04T08:42:11.000Z","updated_at":"2022-06-13T17:59:38.000Z","dependencies_parsed_at":"2023-07-31T11:02:28.403Z","dependency_job_id":null,"html_url":"https://github.com/a2nt/nginx-security","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/a2nt%2Fnginx-security","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/a2nt%2Fnginx-security/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/a2nt%2Fnginx-security/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/a2nt%2Fnginx-security/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/a2nt","download_url":"https://codeload.github.com/a2nt/nginx-security/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248805443,"owners_count":21164332,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-08T00:51:52.959Z","updated_at":"2025-04-14T01:22:17.947Z","avatar_url":"https://github.com/a2nt.png","language":"Shell","funding_links":["https://www.paypal.me/tonytwma"],"categories":[],"sub_categories":[],"readme":"# Improved NGINX security + SilverStripe support\n/path/to/repository/frameworks/security.conf\n+ Blocks Bad referers\n+ Blocks Bad IPs\n+ Blocks Direct access to *.php, *.asp, *.php3, *.php4, *.php5, *.phtml, *.inc and etc files\n+ Blocks Bad countries (optionally GeoIP support required)\n+ Logs sniffers into /var/logs/nginx/sniffer.log\n+ Logs very suspicious sniffers into /var/logs/nginx/ban-sniffer.log\n+ Logs blocks into /var/logs/nginx/*.log\n\n\n\nScript Auto-Updates:\n+ NGINX GeoIP DB\n+ Piwik Referer black list DB\n+ Stevie-Ray referer black list DB\n+ IBlockList.com black list DB\n\nAutomatically generates NGINX configuration files at ./conf.d/*\n\n## Installation\n+ Launch ./install.sh from repository path to clone required git repositories\n+ Setup PATHTOREPOSITORY variable at ./blacklist-update.sh\n+ Launch ./blacklist-update.sh to generate NGINX configs and update the staff (add it to crontab to upgrade block lists automatically)\n\n+ Modify your nginx.conf to include black lists by adding:\n```\nhttp {\n    ...\n    include /path/to/repository/conf.d/*.conf;\n    ...\n}\n```\n\n+ Modify your nginx server (domain) configuration file to include security settings:\n```\nserver {\n    server_name your.domain.com;\n    ...\n    ...\n    include /path/to/repository/frameworks/security.conf;\n    ...\n}\n```\n\n## GeoIP DB configuration\nConfiguration is commented out, but in case your NGINX supports GeoIP you can enable it by editing:\n+ /path/to/repository/conf.d/block-country.conf\n+ /path/to/repository/frameworks/security.conf\n\n## Sniffer automatical Banning\n#### Be careful it may ban search engine bots.\n+ Take a look to TO-DO at ban-sniffers.sh script to do reverse IP checks.\n+ Wiping /var/logs/nginx/ban-sniffer.log + ./blacklist-update.sh will reset bans.\n+ Use ./update-robots.sh to add search engine disallows to robots.txt or add it manually\n+ Optionaly u can add honey pot into your website template:\n```\n\u003cstyle\u003e#wp-login{dislay:none}\u003c/style\u003e\n\u003ca href=\"/wp-login.php\" class=\"#wp-login\" rel=\"nofollow\"\u003eCMS Log in\u003c/a\u003e\n```\n\nAs I said it logs very suspicious sniffers into /var/logs/nginx/ban-sniffer.log\n\nIf u will run /path/to/repository/ban-sniffers.sh it will parse /var/logs/nginx/ban-sniffer.log and ban sniffers by IP.\n\nVery suspicious sniffers it's snifferes trying to access following URLs:\n```\n/wp-login.php\n/xmlrpc.php\n/wp-main.php\n/setup-config.php\n/setup.php\n/settings.php\n/admin.php\n/login.php\n/administrator\n/login.asp\n/personel.asp\n/includes.php\n/configurationbak.php\n/sqlibak.php\n/infos.php\n/malasy.php\n/testproxy.php\n/phpmyadmin\n```\n\n## Extra SilverStripe Framework configuration example:\n\nSetups SilverStripe production configuration and static files directly serve with cache headers\n\n+ Setup your php server path at /path/to/repository/frameworks/fastcgi.conf\n+ Setup paths at /path/to/repository/frameworks/silverstripe.conf\n\n+ Include silverstripe.conf:\n```\nserver {\n    server_name your.domain.com;\n    root /path/to/your/website;\n    include /path/to/repository/frameworks/silverstripe.conf;\n}\n```\n\n[My personal website](https://tony.twma.pro)\n\n[Buy me a Beer](https://www.paypal.me/tonytwma)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fa2nt%2Fnginx-security","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fa2nt%2Fnginx-security","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fa2nt%2Fnginx-security/lists"}