Permalink
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
195 lines (182 sloc) 10.1 KB
fastcgi_intercept_errors on;
recursive_error_pages off;
location ~ ^/(img|thumbs)/.*$ {
expires 1y;
add_header Pragma public;
add_header Cache-Control "public";
types {
image/gif gif;
image/jpeg jpeg jpg;
image/png png;
}
default_type application/octet-stream;
location ~ \.php$ {
deny all;
}
}
location / {
try_files $uri $uri/ /url_handler.php;
}
# Pass PHP scripts to php-fastcgi listening on port 9000
location ~ \.php$ {
# Zero-day exploit defense.
# http://forum.nginx.org/read.php?2,88845,page=3
# Won't work properly (404 error) if the file is not stored on
# this server, which is entirely possible with php-fpm/php-fcgi.
# Comment the 'try_files' line out if you set up php-fpm/php-fcgi
# on another machine. And then cross your fingers that you won't get hacked.
try_files $uri =404;
include fastcgi_params;
# Keep these parameters for compatibility with old PHP scripts using them.
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
# Some default config
fastcgi_connect_timeout 20;
fastcgi_send_timeout 180;
fastcgi_read_timeout 180;
fastcgi_buffer_size 128k;
fastcgi_buffers 4 256k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;
fastcgi_intercept_errors on;
fastcgi_ignore_client_abort off;
fastcgi_pass 127.0.0.1:9000;
}
# PHP search for file Exploit:
# The PHP regex location block fires instead of the try_files block. Therefore we need
# to add "try_files $uri =404;" to make sure that "/uploads/virusimage.jpg/hello.php"
# never executes the hidden php code inside virusimage.jpg because it can't find hello.php!
# The exploit also can be stopped by adding "cgi.fix_pathinfo = 0" in your php.ini file.
rewrite ^/triptest$ /triptest.php last;
rewrite ^/push$ /push.php last;
rewrite ^/minecraft/scripts/get/(.+)$ /minecraft/scripts/get.php?file=$1;
rewrite ^/tag.js$ /tag.php last;
rewrite ^/permissions$ /permissions.php last;
rewrite ^/chat /chat.php last;
rewrite ^/link/?$ /shorturl/create.php last;
rewrite ^/link/([A-Za-z0-9]*)$ /shorturl/redirect.php?id=$1 last;
rewrite ^/[i!]/?([A-Za-z0-9]+)$ /shorturl/redirect.php?id=$1&internal=1 last;
rewrite ^/android/?$ /android/link_device.php last;
rewrite ^/android/link?$ /android/link_device.php?link=1 last;
rewrite ^/update-extension$ /chrome-extension/update.php last;
rewrite ^/notifications$ /notifications.php last;
rewrite ^/extension-changelog/(.*)$ /chrome-extension/changelog.php?version=$1 last;
rewrite ^/extension-changelog$ /chrome-extension/changelog.php last;
rewrite ^/$ /index.php?p=1 last;
rewrite ^/topics/?([0-9]+)?$ /index.php?topics=1&p=$1 last;
rewrite ^/hot_topics$ /hot_topics.php last;
rewrite ^/topic/([0-9]+)$ /topic.php?id=$1 last;
rewrite ^/topics/?([0-9]+)?$ /index.php?p=$1 last;
rewrite ^/bumps/?([0-9]+)?$ /index.php?bumps=1&p=$1 last;
rewrite ^/replies/?([0-9]+)?$ /replies.php?p=$1 last;
rewrite ^/new_topic/([a-z0-9]*)$ /post.php?token=$1 last;
rewrite ^/new_topic$ /post.php last;
rewrite ^/shuffle$ /shuffle.php last;
rewrite ^/history/?([0-9]+)?$ /history.php?p=$1 last;
rewrite ^/citations$ /history.php?citations=1 last;
rewrite ^/watchlist$ /watchlist.php last;
rewrite ^/folks$ /folks.php last;
rewrite ^/stuff$ /stuff.php last;
rewrite ^/new_reply/([0-9]+)/([a-z0-9]*)$ /post.php?reply=$1&token=$2 last;
rewrite ^/new_reply/([0-9]+)$ /post.php?reply=$1 last;
rewrite ^/new_reply/([0-9]+)/quote_topic/([a-z0-9]*)$ /post.php?reply=$1"e_topic=1&token=$2 last;
rewrite ^/new_reply/([0-9]+)/quote_topic$ /post.php?reply=$1"e_topic=1 last;
rewrite ^/new_reply/([0-9]+)/quote_reply/([0-9]+)/([a-z0-9]*)$ /post.php?reply=$1"e_reply=$2&token=$3 last;
rewrite ^/new_reply/([0-9]+)/quote_reply/([0-9]+)$ /post.php?reply=$1"e_reply=$2 last;
rewrite ^/new_reply/([0-9]+)/cite_reply/([0-9]+)/([a-z0-9]*)$ /post.php?reply=$1&cite=$2&token=$3 last;
rewrite ^/new_reply/([0-9]+)/cite_reply/([0-9]+)$ /post.php?reply=$1&cite=$2 last;
rewrite ^/edit_topic/([0-9]+)/([a-z0-9]*)$ /post.php?&edit=$1&token=$2 last;
rewrite ^/edit_topic/([0-9]+)$ /post.php?&edit=$1 last;
rewrite ^/edit_reply/([0-9]+)/([0-9]+)/([a-z0-9]*)$ /post.php?reply=$1&edit=$2&token=$3 last;
rewrite ^/edit_reply/([0-9]+)/([0-9]+)$ /post.php?reply=$1&edit=$2 last;
rewrite ^/watch_topic$ /action.php?action=watch_topic last;
rewrite ^/watch_topic/([0-9]+)$ /action.php?action=watch_topic&id=$1 last;
rewrite ^/trivia_for_topic/([0-9]+)$ /topic_trivia.php?id=$1 last;
rewrite ^/report_reply/([0-9]+)/([0-9]+)$ /report.php?topic=$1&reply=$2;
rewrite ^/report_topic/([0-9]+)$ /report.php?topic=$1;
rewrite ^/reports$ /reports.php;
rewrite ^/reports/handle/([0-9]+)/([0-9]+)$ /reports.php?topic=$1&reply=$2;
rewrite ^/reports/handle/([0-9]+)$ /reports.php?topic=$1;
rewrite ^/report/handle/([0-9]+)$ /reports.php?handle=$1;
rewrite ^/show_report/([0-9]+)$ /show_report.php?topic=$1;
rewrite ^/show_report/([0-9]+)/([0-9]+)$ /show_report.php?topic=$1&reply=$2;
rewrite ^/enable_reporting/(.+)$ /action.php?action=enable_reporting&id=$1;
rewrite ^/disable_reporting/(.+)$ /action.php?action=disable_reporting&id=$1;
rewrite ^/bulletins$ /bulletins.php last;
rewrite ^/new_bulletin$ /bulletins_new.php last;
rewrite ^/moderate_bulletins$ /bulletins_mod.php last;
rewrite ^/moderate_bulletins/([0-9]*)/(.*)$ /bulletins_mod.php?no=$1&mode=$2 last;
rewrite ^/delete_bulletin/([0-9]+)$ /bulletins.php?delete=$1 last;
rewrite ^/edit_bulletin/([0-9]+)$ /bulletins_new.php?edit=$1 last;
rewrite ^/events$ /events.php last;
rewrite ^/new_event$ /events_new.php last;
rewrite ^/moderate_events$ /events_mod.php last;
rewrite ^/moderate_events/([0-9]*)/(.*)$ /events_mod.php?no=$1&mode=$2 last;
rewrite ^/edit_event/([0-9]+)$ /events_new.php?edit=$1 last;
rewrite ^/delete_event/([0-9]+)$ /events.php?delete=$1 last;
rewrite ^/search$ /search2.php last;
rewrite ^/toggle_search_mode/([01]+)$ /action.php?action=toggle_search_mode&id=$1 last;
rewrite ^/dashboard$ /dashboard.php last;
rewrite ^/nocss$ /dashboard.php?nocss=1 last;
rewrite ^/trash_can$ /trash_can.php last;
rewrite ^/statistics$ /statistics.php last;
rewrite ^/date_and_time$ /date_and_time.php last;
rewrite ^/bans$ /bans.php last;
rewrite ^/defcon$ /defcon.php last;
rewrite ^/defcon/([1-5])$ /defcon.php?mode=$1 last;
rewrite ^/back_up_ID$ /back_up_id.php last;
rewrite ^/generate_ID_card$ /back_up_id.php?action=generate_id_card last;
rewrite ^/restore_ID$ /restore_id.php last;
rewrite ^/restore_ID/([A-Za-z0-9.]+)/([A-Za-z0-9]+)$ /restore_id.php?UID=$1&password=$2 last;
rewrite ^/recover_ID_by_email$ /recover_id_by_email.php last;
rewrite ^/drop_ID$ /drop_id.php last;
rewrite ^/failed_postings$ /failed_postings.php last;
rewrite ^/edit_ignore_list$ /edit_ignore_list.php last;
rewrite ^/notepad$ /notepad.php last;
rewrite ^/The_Oracle$ /oracle.php last;
rewrite ^/login /login.php last;
rewrite ^/profile/([0-9a-fA-F.]+)$ /profile.php?uid=$1 last;
rewrite ^/stalk/uid/([0-9a-fA-F.]+)$ /stalk.php?uid=$1 last;
rewrite ^/IP_address/([0-9:a-fA-F.]+)$ /ip_address.php?ip=$1 last;
rewrite ^/stalk/ip/([0-9:a-fA-F.]+)$ /stalk.php?ip=$1 last;
rewrite ^/ban_poster/([0-9a-zA-Z.]+)$ /action.php?action=ban_uid&id=$1 last;
rewrite ^/perma_ban_poster/([0-9a-zA-Z.]+)$ /action.php?action=ban_uid&id=$1&perma=1 last;
rewrite ^/unban_poster/([0-9a-zA-Z.]+)$ /action.php?action=unban_uid&id=$1 last;
rewrite ^/unban_IP/([0-9:a-fA-F.]+)$ /action.php?action=unban_ip&id=$1 last;
rewrite ^/unban_IP_UIDS/([0-9:a-fA-F.]+)$ /action.php?action=unban_ip&uids=1&id=$1 last;
rewrite ^/delete_IP_IDs/([0-9:a-fA-F.]+)$ /action.php?action=delete_ip_ids&id=$1 last;
rewrite ^/nuke_IP/([0-9:a-fA-F.]+)$ /action.php?action=nuke_ip&id=$1 last;
rewrite ^/nuke_ID/([0-9a-zA-Z.]+)$ /action.php?action=nuke_id&id=$1 last;
rewrite ^/exterminate$ /exterminate.php last;
rewrite ^/undelete_topic/([0-9]+)$ /action.php?action=undelete_topic&id=$1 last;
rewrite ^/delete_topic/([0-9]+)$ /action.php?action=delete_topic&id=$1 last;
rewrite ^/stealth_delete_topic/([0-9]+)$ /action.php?action=stealth_delete_topic&id=$1 last;
rewrite ^/undelete_reply/([0-9]+)$ /action.php?action=undelete_reply&id=$1 last;
rewrite ^/delete_reply/([0-9]+)$ /action.php?action=delete_reply&id=$1 last;
rewrite ^/stealth_delete_reply/([0-9]+)$ /action.php?action=stealth_delete_reply&id=$1 last;
rewrite ^/stick_topic/([0-9]+)$ /action.php?action=stick_topic&id=$1 last;
rewrite ^/unstick_topic/([0-9]+)$ /action.php?action=unstick_topic&id=$1 last;
rewrite ^/lock_topic/([0-9]+)$ /action.php?action=lock_topic&id=$1 last;
rewrite ^/unlock_topic/([0-9]+)$ /action.php?action=unlock_topic&id=$1 last;
rewrite ^/delete_image/topic/([0-9]+)$ /action.php?action=delete_image&type=topic&id=$1&topic=$1 last;
rewrite ^/delete_image/topic/([0-9]+)/reply/([0-9]+)$ /action.php?action=delete_image&type=reply&topic=$1&id=$2 last;
rewrite ^/set_image/topic/([0-9]+)$ /action.php?action=set_image&type=topic&id=$1&topic=$1 last;
rewrite ^/set_image/topic/([0-9]+)/reply/([0-9]+)$ /action.php?action=set_image&type=reply&topic=$1&id=$2 last;
rewrite ^/modlog$ /modlog.php last;
rewrite ^/watch$ /watch.php last;
rewrite ^/deleted_topics$ /deleted_topics.php last;
rewrite ^/deleted_topics/?([0-9]+)?$ /deleted_topics.php?p=$1 last;
rewrite ^/logout/([a-f0-9]*)$ /login.php?logout=$1 last;
rewrite ^/CMS$ /cms.php last;
rewrite ^/edit_page/([0-9]+)$ /cms_edit.php?edit=$1 last;
rewrite ^/new_page$ /cms_edit.php last;
rewrite ^/delete_page/([0-9]+)$ /action.php?action=delete_page&id=$1 last;
rewrite ^/private_messages$ /pm_inbox.php last;
rewrite ^/private_messages/([0-9]+)$ /pm_inbox.php?p=$1 last;
rewrite ^/private_message/([0-9]+)$ /pm.php?id=$1 last;
rewrite ^/reply_to_message/([0-9]+)$ /pm_compose.php?replyto=$1 last;
rewrite ^/compose_message/([0-9a-zA-Z.]+)$ /pm_compose.php?to=$1 last;
rewrite ^/delete_message/([0-9]+)$ /pm_delete.php?id=$1 last;
rewrite ^/cast_vote/([0-9]+)$ /action.php?action=cast_vote&id=$1 last;
rewrite ^/markup_syntax$ /markup_syntax.php last;