-
Notifications
You must be signed in to change notification settings - Fork 1
/
nginx.conf
63 lines (50 loc) · 2.24 KB
/
nginx.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
# See http://nginx.org/en/docs/hash.html
map_hash_bucket_size 256;
# Bots to ban via user agent
map $http_user_agent $limit_bots {
default 0;
~*(AhrefsBot|YandexBot) 1;
}
# Set up redirects for known static URL-s
map $request_uri $is_scanner {
default "";
include /etc/nginx/redirects.map;
}
map $http_x_forwarded_proto $current_scheme {
default $scheme;
https https;
}
server {
listen 8080;
server_name localhost;
# Ban certain bots from crawling the site
if ($limit_bots = 1) {
return 403;
}
include common-server.conf;
# Send scanner bots/kiddies on a merry chase
# We'll use an intermediate redirect, so we'll know later from logs
# if the bot/scanner/kiddie actually follows redirects
if ($is_scanner != "") {
return 301 $current_scheme://$host/roll-them?why=$request_uri;
}
# Enjoy
location /roll-them {
return 301 https://www.youtube.com/watch?v=oHg5SJYRHA0;
}
location / {
root /usr/share/nginx/html;
index index.html;
# "Pretty" URL-s: don't require the .html file extension
try_files $uri.html $uri $uri/index.html =404;
}
add_header Content-Security-Policy "default-src 'none'; base-uri 'self'; form-action 'none'; connect-src https://ssl.google-analytics.com; manifest-src 'self'; script-src 'self' https://gist.github.com https://ssl.google-analytics.com https://www.google-analytics.com; block-all-mixed-content; upgrade-insecure-requests; img-src 'self' data: https://ssl.google-analytics.com; style-src 'self' 'unsafe-inline' https://use.fontawesome.com; font-src 'self' https://use.fontawesome.com; frame-ancestors 'none'; frame-src 'self' https://www.youtube.com https://platform.twitter.com; object-src 'none'; report-uri https://sqroot.report-uri.com/r/d/csp/enforce;";
add_header Feature-Policy "accelerometer 'none'; battery 'none'; camera 'none'; microphone 'none'; payment 'none';";
add_header X-Want-To-Work-With "Cyber Security & HTTP API-s";
add_header X-Recruitment "https://linkedin.com/in/anroots";
add_header X-Powered-By "Jekyll";
# Only some select HTTP methods are allowed
if ($request_method !~ ^(GET|HEAD|OPTIONS)$ ) {
return 405;
}
}