forked from MyloCarson/ziki
-
Notifications
You must be signed in to change notification settings - Fork 0
/
nginx.config
60 lines (51 loc) · 992 Bytes
/
nginx.config
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
# nginx configuration
location ~ ^/(\.git|src)/(.*) {
return 403;
}
location /src {
return 403;
}
location /vendor {
return 403;
}
location /resources {
return 403;
}
location ~ \.html$ {
return 403;
}
location ~ (^|/)\.(?!well-known) {
return 403;
}
location ~ ^/(LICENSE\.txt|composer\.lock|composer\.json|\.htaccess)$ {
return 403;
}
location = /index\.php {
}
location / {
if ($query_string ~ "base64_encode[^(]*\([^)]*\)"){
return 403;
}
if ($query_string ~* "(<|%3C)([^s]*s)+cript.*(>|%3E)"){
return 403;
}
if ($query_string ~ "GLOBALS(=|\[|\%[0-9A-Z]{0,2})"){
return 403;
}
if ($query_string ~ "_REQUEST(=|\[|\%[0-9A-Z]{0,2})"){
return 403;
}
rewrite (.+)/$ /%1 redirect;
if (!-d $request_filename){
set $rule_0 1$rule_0;
}
if (!-f $request_filename){
set $rule_0 2$rule_0;
}
if ($rule_0 = "21"){
rewrite ^/(.+)$ /index.php last;
}
if (!-e $request_filename){
rewrite ^(.*)$ /index.php break;
}
}