include <%= @confdir %>/nginx_blocked_referrer.conf;
}
-map $missing_referer$missing_ua$http_referer $blocked_email {
+map $missing_referer$missing_ua$email_id $blocked_email {
default 0;
include <%= @confdir %>/nginx_blocked_email.conf;
}
server {
# IPv4
- listen 443 ssl deferred backlog=16384 reuseport fastopen=2048 http2 default_server;
+ listen 443 ssl deferred backlog=16384 reuseport http2 default_server;
# IPv6
- listen [::]:443 ssl deferred backlog=16384 reuseport fastopen=2048 http2 default_server;
+ listen [::]:443 ssl deferred backlog=16384 reuseport http2 default_server;
server_name localhost;
ssl_certificate /etc/ssl/certs/<%= node[:fqdn] %>.pem;
}
location / {
+ try_files $uri $uri/ @php;
+ }
+
+ location @php {
if ($blocked_user_agent ~ ^2$)
{ return 403; }
if ($blocked_referrer)
if ($blocked_email)
{ return 403; }
- try_files $uri $uri/ @php;
- }
-
- location @php {
limit_req zone=www burst=10;
limit_req zone=tarpit burst=2;
limit_req_status 429;
}
location ~* \.php$ {
+ if ($blocked_user_agent ~ ^2$)
+ { return 403; }
+ if ($blocked_referrer)
+ { return 403; }
+ if ($blocked_email)
+ { return 403; }
+
limit_req zone=www burst=10;
limit_req zone=tarpit burst=2;
limit_req_status 429;
projects / chef.git / blobdiff