bogdan/zira-etc
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

saving uncommitted changes in /etc prior to dnf run

Browse Source
This commit is contained in:
Bogdan Stoica
2023-02-09 14:51:39 +02:00
parent f150a7c81b
commit 4911d0453d
112 changed files with 4799 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
imunify360-webshield/agent-proxies.conf Normal file
View File

@@ -0,0 +1,3 @@
# This file initially empty and
# supposed to have ip addresses
# generated by im360 agent

3
imunify360-webshield/blocked_country_codes.conf Normal file
View File

@@ -0,0 +1,3 @@
# Place two-letter country codes here to block these countries at the
# webshield level. For instance, to block China, add
# CN 1;

4
imunify360-webshield/captcha.conf Normal file
View File

@@ -0,0 +1,4 @@
map $cookie_locale$http_accept_language $captcha_lang {
default en;
include captcha/lang.conf;
}

23
imunify360-webshield/captcha/lang.conf Normal file
View File

@@ -0,0 +1,23 @@
"~^ar" ar;
"~^da" da;
"~^de" de;
"~^el" el;
"~^en" en;
"~^es" es;
"~^fa" fa;
"~^fr" fr;
"~^he" he;
"~^hu" hu;
"~^id" id;
"~^it" it;
"~^ms" ms;
"~^nl" nl;
"~^no" no;
"~^pl" pl;
"~^pt" pt;
"~^ro" ro;
"~^ru" ru;
"~^sv" sv;
"~^tr" tr;
"~^uk" uk;
"~^zh" zh;

3
imunify360-webshield/common-proxies.conf Normal file
View File

@@ -0,0 +1,3 @@
# This file initially empty and
# supposed to have ip addresses
# generated by compose-whitelist

2
imunify360-webshield/country_ips.conf Normal file
View File

@@ -0,0 +1,2 @@
# THIS FILE IS GENERATED AUTOMATICALLY
# BY IMUNIFY360-WEBSHIELD. DO NOT MODIFY IT

0
imunify360-webshield/custom-blacklisted.conf Normal file
View File

0
imunify360-webshield/custom-whitelisted.conf Normal file
View File

26
imunify360-webshield/fastcgi.conf Normal file
View File

@@ -0,0 +1,26 @@
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param REQUEST_SCHEME $scheme;
fastcgi_param HTTPS $https if_not_empty;
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param REDIRECT_STATUS 200;

25
imunify360-webshield/fastcgi_params Normal file
View File

@@ -0,0 +1,25 @@
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param REQUEST_SCHEME $scheme;
fastcgi_param HTTPS $https if_not_empty;
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param REDIRECT_STATUS 200;

16
imunify360-webshield/invisible-captcha.conf Normal file
View File

@@ -0,0 +1,16 @@
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
#
# !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
# DO NOT EDIT. AUTOMATICALLY GENERATED.
# !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
#
# Direct modifications to this cfile WILL be lost upon subsequent
# regeneration of this configuration file.
#
# To have your modifications retained, you should use
# /etc/sysconfig/imunify360/imunify360.config.d
# via UI, CLI or manually.
#
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
set $invisible_captcha off;

16
imunify360-webshield/invisible-captcha.conf.tpl Normal file
View File

@@ -0,0 +1,16 @@
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
#
# !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
# DO NOT EDIT. AUTOMATICALLY GENERATED.
# !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
#
# Direct modifications to this file WILL be lost upon subsequent
# regeneration of this configuration file.
#
# To have your modifications retained, you should use CLI command
# imunify360-agent features <install|remove> <feature>
# or activate/deactivate appropriate feature in UI.
#
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
set $invisible_captcha {invisible_captcha_on_off};

109
imunify360-webshield/koi-utf Normal file
View File

@@ -0,0 +1,109 @@
# This map is not a full koi8-r <> utf8 map: it does not contain
# box-drawing and some other characters. Besides this map contains
# several koi8-u and Byelorussian letters which are not in koi8-r.
# If you need a full and standard map, use contrib/unicode2nginx/koi-utf
# map instead.
charset_map koi8-r utf-8 {
80 E282AC ; # euro
95 E280A2 ; # bullet
9A C2A0 ; # &nbsp;
9E C2B7 ; # &middot;
A3 D191 ; # small yo
A4 D194 ; # small Ukrainian ye
A6 D196 ; # small Ukrainian i
A7 D197 ; # small Ukrainian yi
AD D291 ; # small Ukrainian soft g
AE D19E ; # small Byelorussian short u
B0 C2B0 ; # &deg;
B3 D081 ; # capital YO
B4 D084 ; # capital Ukrainian YE
B6 D086 ; # capital Ukrainian I
B7 D087 ; # capital Ukrainian YI
B9 E28496 ; # numero sign
BD D290 ; # capital Ukrainian soft G
BE D18E ; # capital Byelorussian short U
BF C2A9 ; # (C)
C0 D18E ; # small yu
C1 D0B0 ; # small a
C2 D0B1 ; # small b
C3 D186 ; # small ts
C4 D0B4 ; # small d
C5 D0B5 ; # small ye
C6 D184 ; # small f
C7 D0B3 ; # small g
C8 D185 ; # small kh
C9 D0B8 ; # small i
CA D0B9 ; # small j
CB D0BA ; # small k
CC D0BB ; # small l
CD D0BC ; # small m
CE D0BD ; # small n
CF D0BE ; # small o
D0 D0BF ; # small p
D1 D18F ; # small ya
D2 D180 ; # small r
D3 D181 ; # small s
D4 D182 ; # small t
D5 D183 ; # small u
D6 D0B6 ; # small zh
D7 D0B2 ; # small v
D8 D18C ; # small soft sign
D9 D18B ; # small y
DA D0B7 ; # small z
DB D188 ; # small sh
DC D18D ; # small e
DD D189 ; # small shch
DE D187 ; # small ch
DF D18A ; # small hard sign
E0 D0AE ; # capital YU
E1 D090 ; # capital A
E2 D091 ; # capital B
E3 D0A6 ; # capital TS
E4 D094 ; # capital D
E5 D095 ; # capital YE
E6 D0A4 ; # capital F
E7 D093 ; # capital G
E8 D0A5 ; # capital KH
E9 D098 ; # capital I
EA D099 ; # capital J
EB D09A ; # capital K
EC D09B ; # capital L
ED D09C ; # capital M
EE D09D ; # capital N
EF D09E ; # capital O
F0 D09F ; # capital P
F1 D0AF ; # capital YA
F2 D0A0 ; # capital R
F3 D0A1 ; # capital S
F4 D0A2 ; # capital T
F5 D0A3 ; # capital U
F6 D096 ; # capital ZH
F7 D092 ; # capital V
F8 D0AC ; # capital soft sign
F9 D0AB ; # capital Y
FA D097 ; # capital Z
FB D0A8 ; # capital SH
FC D0AD ; # capital E
FD D0A9 ; # capital SHCH
FE D0A7 ; # capital CH
FF D0AA ; # capital hard sign
}

103
imunify360-webshield/koi-win Normal file
View File

@@ -0,0 +1,103 @@
charset_map koi8-r windows-1251 {
80 88 ; # euro
95 95 ; # bullet
9A A0 ; # &nbsp;
9E B7 ; # &middot;
A3 B8 ; # small yo
A4 BA ; # small Ukrainian ye
A6 B3 ; # small Ukrainian i
A7 BF ; # small Ukrainian yi
AD B4 ; # small Ukrainian soft g
AE A2 ; # small Byelorussian short u
B0 B0 ; # &deg;
B3 A8 ; # capital YO
B4 AA ; # capital Ukrainian YE
B6 B2 ; # capital Ukrainian I
B7 AF ; # capital Ukrainian YI
B9 B9 ; # numero sign
BD A5 ; # capital Ukrainian soft G
BE A1 ; # capital Byelorussian short U
BF A9 ; # (C)
C0 FE ; # small yu
C1 E0 ; # small a
C2 E1 ; # small b
C3 F6 ; # small ts
C4 E4 ; # small d
C5 E5 ; # small ye
C6 F4 ; # small f
C7 E3 ; # small g
C8 F5 ; # small kh
C9 E8 ; # small i
CA E9 ; # small j
CB EA ; # small k
CC EB ; # small l
CD EC ; # small m
CE ED ; # small n
CF EE ; # small o
D0 EF ; # small p
D1 FF ; # small ya
D2 F0 ; # small r
D3 F1 ; # small s
D4 F2 ; # small t
D5 F3 ; # small u
D6 E6 ; # small zh
D7 E2 ; # small v
D8 FC ; # small soft sign
D9 FB ; # small y
DA E7 ; # small z
DB F8 ; # small sh
DC FD ; # small e
DD F9 ; # small shch
DE F7 ; # small ch
DF FA ; # small hard sign
E0 DE ; # capital YU
E1 C0 ; # capital A
E2 C1 ; # capital B
E3 D6 ; # capital TS
E4 C4 ; # capital D
E5 C5 ; # capital YE
E6 D4 ; # capital F
E7 C3 ; # capital G
E8 D5 ; # capital KH
E9 C8 ; # capital I
EA C9 ; # capital J
EB CA ; # capital K
EC CB ; # capital L
ED CC ; # capital M
EE CD ; # capital N
EF CE ; # capital O
F0 CF ; # capital P
F1 DF ; # capital YA
F2 D0 ; # capital R
F3 D1 ; # capital S
F4 D2 ; # capital T
F5 D3 ; # capital U
F6 C6 ; # capital ZH
F7 C2 ; # capital V
F8 DC ; # capital soft sign
F9 DB ; # capital Y
FA C7 ; # capital Z
FB D8 ; # capital SH
FC DD ; # capital E
FD D9 ; # capital SHCH
FE D7 ; # capital CH
FF DA ; # capital hard sign
}

97
imunify360-webshield/mime.types Normal file
View File

@@ -0,0 +1,97 @@
types {
text/html html htm shtml;
text/css css;
text/xml xml;
image/gif gif;
image/jpeg jpeg jpg;
application/javascript js;
application/atom+xml atom;
application/rss+xml rss;
text/mathml mml;
text/plain txt;
text/vnd.sun.j2me.app-descriptor jad;
text/vnd.wap.wml wml;
text/x-component htc;
image/png png;
image/svg+xml svg svgz;
image/tiff tif tiff;
image/vnd.wap.wbmp wbmp;
image/webp webp;
image/x-icon ico;
image/x-jng jng;
image/x-ms-bmp bmp;
font/woff woff;
font/woff2 woff2;
application/java-archive jar war ear;
application/json json;
application/mac-binhex40 hqx;
application/msword doc;
application/pdf pdf;
application/postscript ps eps ai;
application/rtf rtf;
application/vnd.apple.mpegurl m3u8;
application/vnd.google-earth.kml+xml kml;
application/vnd.google-earth.kmz kmz;
application/vnd.ms-excel xls;
application/vnd.ms-fontobject eot;
application/vnd.ms-powerpoint ppt;
application/vnd.oasis.opendocument.graphics odg;
application/vnd.oasis.opendocument.presentation odp;
application/vnd.oasis.opendocument.spreadsheet ods;
application/vnd.oasis.opendocument.text odt;
application/vnd.openxmlformats-officedocument.presentationml.presentation
pptx;
application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
xlsx;
application/vnd.openxmlformats-officedocument.wordprocessingml.document
docx;
application/vnd.wap.wmlc wmlc;
application/x-7z-compressed 7z;
application/x-cocoa cco;
application/x-java-archive-diff jardiff;
application/x-java-jnlp-file jnlp;
application/x-makeself run;
application/x-perl pl pm;
application/x-pilot prc pdb;
application/x-rar-compressed rar;
application/x-redhat-package-manager rpm;
application/x-sea sea;
application/x-shockwave-flash swf;
application/x-stuffit sit;
application/x-tcl tcl tk;
application/x-x509-ca-cert der pem crt;
application/x-xpinstall xpi;
application/xhtml+xml xhtml;
application/xspf+xml xspf;
application/zip zip;
application/octet-stream bin exe dll;
application/octet-stream deb;
application/octet-stream dmg;
application/octet-stream iso img;
application/octet-stream msi msp msm;
audio/midi mid midi kar;
audio/mpeg mp3;
audio/ogg ogg;
audio/x-m4a m4a;
audio/x-realaudio ra;
video/3gpp 3gpp 3gp;
video/mp2t ts;
video/mp4 mp4;
video/mpeg mpeg mpg;
video/quicktime mov;
video/webm webm;
video/x-flv flv;
video/x-m4v m4v;
video/x-mng mng;
video/x-ms-asf asx asf;
video/x-ms-wmv wmv;
video/x-msvideo avi;
}

4
imunify360-webshield/ports.conf Normal file
View File

@@ -0,0 +1,4 @@
# IPv4
listen *:52224;
# IPv6
listen [::]:52224;

4
imunify360-webshield/presets.cfg Normal file
View File

@@ -0,0 +1,4 @@
# Global webshiled presets to be taken into account
# when config is being generated
# proxy_protocol = no

17
imunify360-webshield/scgi_params Normal file
View File

@@ -0,0 +1,17 @@
scgi_param REQUEST_METHOD $request_method;
scgi_param REQUEST_URI $request_uri;
scgi_param QUERY_STRING $query_string;
scgi_param CONTENT_TYPE $content_type;
scgi_param DOCUMENT_URI $document_uri;
scgi_param DOCUMENT_ROOT $document_root;
scgi_param SCGI 1;
scgi_param SERVER_PROTOCOL $server_protocol;
scgi_param REQUEST_SCHEME $scheme;
scgi_param HTTPS $https if_not_empty;
scgi_param REMOTE_ADDR $remote_addr;
scgi_param REMOTE_PORT $remote_port;
scgi_param SERVER_PORT $server_port;
scgi_param SERVER_NAME $server_name;

1
imunify360-webshield/splashscreen-antibot.conf Normal file
View File

@@ -0,0 +1 @@
splashscreen_antibot off;

4
imunify360-webshield/splashscreen.conf Normal file
View File

@@ -0,0 +1,4 @@
map $http_accept_language $splashscreen_lang {
default en;
include splashscreen/lang.conf;
}

3
imunify360-webshield/splashscreen/lang.conf Normal file
View File

@@ -0,0 +1,3 @@
"~^en" en;
"~^ru" ru;
"~^uk" uk;

10
imunify360-webshield/ssl.conf Normal file
View File

@@ -0,0 +1,10 @@
# When enabled, WebShield will search for the first certificate
# in cache and return it for the requests without SNI.
# When disabled, default self-signed server certficate will be used.
lua_enable_ws_sslcache_search on;
# Default server certificate that will be used for requests without SNI.
# It is self-signed and is generated on installation/upgrade for 365 days
# so please note that it will expire after a year since the installation/upgrade.
ssl_certificate ssl_certs/dummy.pem;
ssl_certificate_key ssl_certs/dummy.pem;

82
imunify360-webshield/ssl_certs/dummy.pem Normal file
View File

@@ -0,0 +1,82 @@
-----BEGIN PRIVATE KEY-----
MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQC0zUnzvkF4U8er
7CaOaKzT3owW2NOLeh6vsn/WmDDysgtixgZ5iPFT+H/NPna4PsbuVVA5CS9AbNxr
nvWtkGfMZJDjny/+6PYoZEYoSK9sUKpHAD2HlSACbOxfmBtDMZqcjzdZ8+Io4/qP
3S8ap1rx7LfVqxR6BY1Rkp0FRmVJBviS0GYRl8u5ZQcRfDeNiRlF0AFZlyGRKqfR
GozrwWMZq5FyrBP+dExYNcfj52WzZMG/GQByDdH6yD6BV1OrG3hl9lCdij7foUo2
3YzbkFHFiESoPjdJyqlxjARcuFZpsGcdLDkrw7seGiLEmyyqeMDWjBVjTvmy2KwJ
A8hGSx4m85vzrJ5k1ST3nCQB/x/n3+wYyMu61mB5r/Z5sedYSQQm6lhm3+w0A8kh
iNhSrJLhCC1qQqHZINauRWXEA7XEFjpPt0kzUsic67u3SdwsgS8GrcY1Eet5h8gJ
zsEKe0MV7QZ2qVfdhwY2SISnodj2FJGobGAxMVNTMgV10eA7teU8Tn+oWKuR4pb6
BFbzp45lYTjIaFGN6uLdlGHBHc2PocOrHl8f+hew2IJRasa9Ae3GQFgmhCZdQVEK
YJMP/pgiuiK6WDg7ZmjpyvWQnXotPzKlu8VtcxnDaBA2JQIbvCTrzikeyILHI3V4
UF+icPaOUjz1CVHnuxbuWaB4efqI0QIDAQABAoICABniAaI5LFozdDQyfFqKtaMn
CtsCc1ZWRypT3WU1KFy2DFc5jhe7+QBSZMlXFdvOcOARqohfvjn026E0gms0bwed
pfhQA6j0ZLjnkfuWXDafXaEIccaFHK38NeKBffWilkWvYvcnqMq9yFLsESA5sRVN
FAwsj6PgQ5jX6k6lAz7vFoq99r6yAmIqClcAd1t1sv6Bho/yyMVlW9zddisR5kP4
gbvu0nXs5DkEifcgWzjRRcM7qwqo29SQ8hHGFJ48MoI2PtguwE13Y45zLQUJpgsn
NNz4+yU/M/6jUsSLRyOeM0TD3fNb89+dUjjfFgfZfZG5QB6VYb2uswIfXn5hppEj
TUS4XsY862pn/J+QQaOQ0ullhuu0EUz1xEHRkodpq8/cTFjhCCWeBQsuO9tJO2HY
lOUF8p5ajAhbrLYKpXATktiM+Gc+4gwfQT1OBX+5QpmhiqaMJA02aJ3GLggmVh0Q
6lwcqGT42Wat82BKKjHm433NeJrEBim2K6AoJWHkv2Y+lkFVl2O5IMH8a8C9APoj
SziV/wNfozNNlsmE+f705KAoCjAIswEkJ2I1pmm0pq3Hx6hhk1viYUaYoyr2Lbm1
QBr5U4xOv5uzT2Bi6ts9euua29MnQ1YA9G/SU+jLMyfEiqTvqpMi2upko2++SvsB
eITfoDrAqPNtHM+wAN25AoIBAQDf1rLCdbytO10FcHKT+5TSS70X9djn4fpZFqrm
HsSQf3G9GdZ7DAeROoeQNWt68uzRdh4JkiSBRRqarqngF14blaIiLM4x1kDDUa/g
xf+DFMur/JGYUfGXgXImxRaC0M7F6IY1qzfNrS5oKJSgSFPykghpcaHDrSVt2R0Z
Hj8vulrDEGFDqtof+DPnmP5VWRaO3K3kDddL2O0o5oKuTTVhE6l/ZlU6v+AyG0Qc
9Tfqk/rzaTp9ytY022baVNZ6O5AdvKmbnFYSXbmsWkvYScKydJDL1mQPrJkDZGYD
X1PgcEJ0Y2sKpVEnzBKZ9mPcG6MEUHwk0j3uOB9ebcDk1DJjAoIBAQDOx5l+7/5x
ilapgDg9+kD6IYaErXcbKWQGINCn+XJ7CUb93qXbpva+Vx95ug4TC8KNvTPOU7/V
Xd80C5aVCOeBvWVjUI9/Go10uVy6RMmmV0Xc8YdZOMqdHJ8Ac58nlwWHSh1yS9h/
RbmVGkDOFv09TSdhOOG05UWa/S/aYxVn2C0uwb0uafPUnbTjxn6a6Bxxnr1v63yX
w9efUqqM3+k1ZwOfPD3fE3CgDsxVmvcCfliTkMelVaX/mnLZFzdaGor/q9uLQtfl
NYYnzMY1W0BbIbOj7f/c8jvLQW4LKMfF/Lm7EF8lSyE/VI61bvbTbh7c+K/l1TkH
b1B68jDEHyQ7AoIBAH8yyF6M/W0LwO6oWdQSMR3YAFqvUFVlKxiZMwCWF2ltorqt
Bh7iVSKIOiUO1kcF6OGW17bkn23+UQH5o3s+jDHstDfrcjkL4b2cm++FVI+ur5bK
bgo69qj73Fx/vy0Tb40zd6Dj7VApy6dQ+DSlJV9A8RrKgfxqVky4BjsR3yJGKfGT
S1JispVcPFKttEnX2GPSr9Zary/g09RcOYLHSUAjJjzJcEF0a/jNWcWC7AWXlhHg
iGaXb2aWDzqe30qSsnDTlyZgjuDc9fglT9hXAhba+rV63V2y3Tj6QqZD86wk3v64
yElCbH3LD/8B7vlTky2Odx2Ng7ftmJXWlLj0hLUCggEBAJ5I7jfcEILraZFQpDzV
Lx4JwcYYXv88vONwBSk/6qFCJcS5xW6RrXlgiaiNgq6TpvcG6Pw84bC7rdtSL4+g
BE8tIspWZbHfKn86UUAI3e9mCQWrIXdr4LVJrnETELamhUXdtxLB+lTak8gOE6Nu
t6VQRR/IAgaOJq0QuKvMgxs9wMB075Ly6gJMQqbFUC7WFMfowoxEz9gAwzKjfghe
ck89rukanSYA5IqxKTsyZ3jSLI2xGxJ1sJ8rpFSH0Ag6H0K9VE6S+V7sjOg0eVlo
o6fe8Xs/+UcxahIZ4NnL+riUz7vhOWP70dR/rso1yd1pA1kVSNh/UqtdS1cBw9Ct
IfcCggEBAM9C185mVzmk69MnD76OjLcGaiy7OdyY0xK5odTaPa1s68bQPwpfL1IR
dbZ/WVMgNhduExvx7RONp+kvwFTxQH+OtFvceHCWc5SqQTp3aNWRoMN12gY9ZaDs
KG+1z8aTXfZyMPIgXIEYfatndjgXr25xcSYdNhGkU5x3NKw24Zzian+49KWw3zQb
bApd1bg48k8mehwUxxBWNMiTF2ie3lZj2IGEd45n19Da0s+maGWFGfj/ifFEVQ5x
C2zhMpkjvtJHtrkj6vk2NoPqyR6tL3N4iZyPmcywGFVCXsI8G2GIFEylAd+ZRATl
IrvSc7HIaJlEC4aimNEOx7DpS4Hta8A=
-----END PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
MIIFDTCCAvWgAwIBAgIUHDCsyauLfsZpqTtczBwPUSsbQgswDQYJKoZIhvcNAQEL
BQAwFjEUMBIGA1UEAwwLemlyYS44OTgucm8wHhcNMjMwMjA5MTI0OTE5WhcNMjQw
MjA5MTI0OTE5WjAWMRQwEgYDVQQDDAt6aXJhLjg5OC5ybzCCAiIwDQYJKoZIhvcN
AQEBBQADggIPADCCAgoCggIBALTNSfO+QXhTx6vsJo5orNPejBbY04t6Hq+yf9aY
MPKyC2LGBnmI8VP4f80+drg+xu5VUDkJL0Bs3Gue9a2QZ8xkkOOfL/7o9ihkRihI
r2xQqkcAPYeVIAJs7F+YG0MxmpyPN1nz4ijj+o/dLxqnWvHst9WrFHoFjVGSnQVG
ZUkG+JLQZhGXy7llBxF8N42JGUXQAVmXIZEqp9EajOvBYxmrkXKsE/50TFg1x+Pn
ZbNkwb8ZAHIN0frIPoFXU6sbeGX2UJ2KPt+hSjbdjNuQUcWIRKg+N0nKqXGMBFy4
VmmwZx0sOSvDux4aIsSbLKp4wNaMFWNO+bLYrAkDyEZLHibzm/OsnmTVJPecJAH/
H+ff7BjIy7rWYHmv9nmx51hJBCbqWGbf7DQDySGI2FKskuEILWpCodkg1q5FZcQD
tcQWOk+3STNSyJzru7dJ3CyBLwatxjUR63mHyAnOwQp7QxXtBnapV92HBjZIhKeh
2PYUkahsYDExU1MyBXXR4Du15TxOf6hYq5HilvoEVvOnjmVhOMhoUY3q4t2UYcEd
zY+hw6seXx/6F7DYglFqxr0B7cZAWCaEJl1BUQpgkw/+mCK6IrpYODtmaOnK9ZCd
ei0/MqW7xW1zGcNoEDYlAhu8JOvOKR7IgscjdXhQX6Jw9o5SPPUJUee7Fu5ZoHh5
+ojRAgMBAAGjUzBRMB0GA1UdDgQWBBRostY0giKZrdn0QZR/W2bUS22jgTAfBgNV
HSMEGDAWgBRostY0giKZrdn0QZR/W2bUS22jgTAPBgNVHRMBAf8EBTADAQH/MA0G
CSqGSIb3DQEBCwUAA4ICAQBYrYi3P9wOx769eHdavaFCzXg/g1qbcNI2GbNj96Qk
+LKm/4/NUCUEngcMg0RsCrBfj00uDVhhBN/QmwOjmj5ZkKAd829WFY5RFUDrsNXP
pjfAMsSSJ7KXq7DyxCZeKx6jhpqq9uOxCS9jee9UNFpVOCpZXlNxIQD+pDXEKKh2
vrMF+xZi9Ao6rng/lMSRaaqqn3KOokn7FK7bPhqNbBrIZMpfEA11ZsS0moH4py3Q
emmKcNZv2d27CAm4X6K7tSmuH6wV/jjcQ6SxNUs6G6YXj1Eg5T9JcFpHDxtttfls
ftPzzVqt8rLm6/kAdQiNgFLq1dTKY30LhlYVGPOEst/1+ckAZxL6KOPSmsVWFPNG
4wuuE2IW/7HhmR9KQFjdVwnxg/p11/S9tw5/Ua0Or8BqwBZtzLWkRvXrcoLRotAW
SBLU1H3SGwdkLnDofzia2YFwH0k+IqSATAdmYt4kYqkmP+OeSw/YGVZPO1jurRVp
4/ncZ8ChUqz9qc5bpeAEiYU42jc2PeGhbQez67Mfo2VOj1rYXh7EfVdSoZdAGSr+
4FUFBv/H09KCenXD0U+ADvLW2G9XPxMlvMni+uUETES/AU/ehDP/qrwO6m6IPwbG
w60iRxQzzLBghKuXBdfz8zlmcHNKc55CXGvQNkUVSsqwPnTQeQlZFb2PHY1GyzOq
WQ==
-----END CERTIFICATE-----

4
imunify360-webshield/ssl_ports.conf Normal file
View File

@@ -0,0 +1,4 @@
# IPv4
listen *:52223 ssl http2;
# IPv6
listen [::]:52223 ssl http2;

2
imunify360-webshield/unified_access_logger.conf Normal file
View File

@@ -0,0 +1,2 @@
log_format ualog '$wsuserip|$webshield_verdict|$time_iso8601';
access_log syslog:server=unix:/var/run/imunify360-webshield-unified_access_logger.socket,tag=ualog ualog;

17
imunify360-webshield/uwsgi_params Normal file
View File

@@ -0,0 +1,17 @@
uwsgi_param QUERY_STRING $query_string;
uwsgi_param REQUEST_METHOD $request_method;
uwsgi_param CONTENT_TYPE $content_type;
uwsgi_param CONTENT_LENGTH $content_length;
uwsgi_param REQUEST_URI $request_uri;
uwsgi_param PATH_INFO $document_uri;
uwsgi_param DOCUMENT_ROOT $document_root;
uwsgi_param SERVER_PROTOCOL $server_protocol;
uwsgi_param REQUEST_SCHEME $scheme;
uwsgi_param HTTPS $https if_not_empty;
uwsgi_param REMOTE_ADDR $remote_addr;
uwsgi_param REMOTE_PORT $remote_port;
uwsgi_param SERVER_PORT $server_port;
uwsgi_param SERVER_NAME $server_name;

110
imunify360-webshield/virtserver.conf Normal file
View File

@@ -0,0 +1,110 @@
lua_ssl_verify_depth 2;
lua_ssl_trusted_certificate /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem;
ssl_certificate_by_lua_file lua/ssl.lua;
set $proxy_part '';
if ($append_port) {
set $proxy_part :$proxy_port;
}
set $trust_ezoic 0;
rewrite_by_lua_file lua/accesscheck.lua;
location = /selfcheck {
allow 127.0.0.1;
allow ::1;
deny all;
content_by_lua_block {
ngx.status = ngx.HTTP_OK
ngx.header.content_type = "text/html; charset=utf-8"
local message = os.time(os.date("!*t"))
ngx.say(message)
return ngx.exit(ngx.HTTP_OK)
}
}
location = /captchacheck {
proxy_set_header Host $host$proxy_part;
proxy_set_header X-Real-IP $wsuserip;
proxy_bind $bind_target;
proxy_hide_header Upgrade;
proxy_http_version 1.1;
proxy_set_header Connection "";
if ($static_whitelisted) {
expires off;
proxy_pass $scheme://catchall;
}
access_by_lua_file lua/captchacheck.lua;
}
location = /ungraylistcheck {
content_by_lua_file lua/ungraylistcheck.lua;
}
location @to_static {
root html/captcha;
try_files $uri /a9bc224bd710f56d27affffddc764239b58c3faa0/shield.png;
}
location / {
access_by_lua_file lua/reqrouter.lua;
}
location @to_backend {
access_by_lua_block {
local xff = ngx.var.http_x_forwarded_for
if not xff or ngx.var.remote_proxy == "0" then
ngx.req.set_header("X-Forwarded-For", ngx.var.wsuserip)
else
ngx.req.set_header("X-Forwarded-For", xff .. ", " .. ngx.var.remote_addr)
end
}
proxy_set_header Host $host$proxy_part;
proxy_set_header X-Real-IP $wsuserip;
proxy_set_header X-Remote-IP $remote_addr;
proxy_hide_header Upgrade;
expires off;
proxy_http_version 1.1;
proxy_set_header Connection "";
include /etc/imunify360-webshield/webshield-backend.conf.d/*.conf;
proxy_bind $bind_target;
proxy_pass $scheme://catchall;
}
location @to_captcha {
include /etc/imunify360-webshield/invisible-captcha.conf;
root html/captcha;
default_type text/html;
add_header Last-Modified $date_gmt;
add_header Cache-Control 'private, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0';
add_header cf-edge-cache no-cache;
add_header Expires 'Thu, 01 Jan 1970 00:00:01 GMT';
if_modified_since off;
expires off;
etag off;
keepalive_timeout 0;
include /etc/imunify360-webshield/webshield-captcha.conf.d/*.conf;
content_by_lua_file lua/captcha.lua;
}
location @to_splashscreen {
root html/splashscreen;
default_type text/html;
add_header Last-Modified $date_gmt;
add_header Cache-Control 'private, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0';
add_header cf-edge-cache no-cache;
if_modified_since off;
expires off;
etag off;
keepalive_timeout 0;
include /etc/imunify360-webshield/webshield-splashscreen.conf.d/*.conf;
content_by_lua_file lua/splashscreen.lua;
}
location = /z0f76a1d14fd21a8fb5fd0d03e0fdc3d3cedae52f {
content_by_lua_file lua/wsidchk.lua;
}

1
imunify360-webshield/webshield-http.conf.d/resolver.conf Normal file
View File

@@ -0,0 +1 @@
resolver 192.168.1.2 ipv6=off;

2
imunify360-webshield/webshield-http.conf.d/static-whitelist.conf Normal file
View File

@@ -0,0 +1,2 @@
geo $static_whitelisted {
}

4
imunify360-webshield/webshield-http.conf.d/wscheckdata.conf Normal file
View File

@@ -0,0 +1,4 @@
wscheck_untrusted_key Bk0yx39MjA2UJFFeCRQi41BMuCwQOAye;
wscheck_trusted_key qVZpo0JQopkDzvGdFaWABhUAeXEg7FfJ;

159
imunify360-webshield/webshield.conf Normal file
View File

@@ -0,0 +1,159 @@
user imunify360-webshield;
worker_processes 1;
error_log /var/log/imunify360-webshield/error.log warn;
pid /var/run/imunify360-webshield.pid;
worker_rlimit_nofile 65536;
events {
worker_connections 65536;
multi_accept on;
}
http {
variables_hash_max_size 2048;
map_hash_max_size 4096;
map_hash_bucket_size 128;
# Make sure all clients' headers are passed
ignore_invalid_headers off;
# Allow upload of files of unlimited size
client_max_body_size 0;
include /etc/imunify360-webshield/mime.types;
default_type application/octet-stream;
# XFF:"ip" is to match nginx captcha access.log separately from
# other access logs
log_format main '$wsuserip - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent $host "$http_referer" '
'"$http_user_agent" WL:"$domain_whitelisted" "$http_x_requested_with" '
'XFF:"$http_x_forwarded_for" CAPTCHA:"$wscaptcha" PEER:$remote_addr';
access_log /var/log/imunify360-webshield/access.log main;
include /etc/imunify360-webshield/unified_access_logger.conf;
sendfile on;
#tcp_nopush on;
keepalive_timeout 0;
#gzip on;
proxy_read_timeout 180s;
proxy_send_timeout 180s;
proxy_buffering off;
proxy_buffers 8 128k;
proxy_buffer_size 128k;
client_body_buffer_size 128k;
http2_max_field_size 8k;
include webshield-http.conf.d/*.conf;
include /etc/imunify360-webshield/wscheck.conf;
include /etc/imunify360-webshield/captcha.conf;
include /etc/imunify360-webshield/splashscreen.conf;
include /etc/imunify360-webshield/splashscreen-antibot.conf;
geo $remote_proxy {
default 0;
include /etc/imunify360-webshield/agent-proxies.conf;
include /etc/imunify360-webshield/common-proxies.conf;
}
map $host $domain_whitelisted {
default 0;
include /etc/imunify360-webshield/whitelisted-domains.conf;
}
map $server_addr $bind_target {
default 127.0.0.1;
"~^[a-fA-F0-9:\[\]]+$" ::1;
}
geo $wsuserip $remote_country_code {
default none;
include /etc/imunify360-webshield/country_ips.conf;
}
map $remote_country_code $remote_blocked_by_country {
default 0;
include /etc/imunify360-webshield/blocked_country_codes.conf;
}
geo $wsuserip $custom_whitelisted {
default 0;
include /etc/imunify360-webshield/custom-whitelisted.conf;
}
geo $wsuserip $custom_blacklisted {
default 0;
include /etc/imunify360-webshield/custom-blacklisted.conf;
}
lua_shared_dict domains_ips 1m;
lua_shared_dict splashscreen_sessions 1m;
lua_shared_dict captchapassed_clients 1m;
lua_shared_dict notfound_ssl_domains 1m;
lua_shared_dict ipset_check_cacher 1m;
init_by_lua_file lua/init.lua;
map $server_port $proxy_port {
default 80;
52223 443;
52224 80;
52227 2087;
52228 2086;
52229 2083;
52230 2082;
52231 2096;
52232 2095;
52233 8443;
52234 8880;
52235 2222;
}
map $proxy_port $append_port {
default 1;
80 0;
443 0;
}
upstream catchall {
server 127.0.0.1;
balancer_by_lua_block {
local balancer = require "ngx.balancer"
local host = ngx.var.server_addr
if host ~= nil and host:match(":") then
host = "[" .. host .. "]"
end
local port = ngx.var.proxy_port
local ok, err = balancer.set_current_peer(host, port)
if not ok then
ngx.log(ngx.ERR, "failed to set the current peer: ", err)
return ngx.exit(ngx.ERROR)
end
}
keepalive 32;
}
server_tokens off;
more_set_headers "Server: imunify360-webshield/1.18";
server {
server_name _;
ssl_protocols TLSv1.2 TLSv1.3;
proxy_ssl_protocols TLSv1.2 TLSv1.3;
include /etc/imunify360-webshield/ports.conf;
include /etc/imunify360-webshield/ssl_ports.conf;
include /etc/imunify360-webshield/ssl.conf;
include /etc/imunify360-webshield/webshield-server.conf.d/*.conf;
include /etc/imunify360-webshield/virtserver.conf;
}
}

6
imunify360-webshield/whitelisted-domains.conf Normal file
View File

@@ -0,0 +1,6 @@
# White list for domains to disable the captcha check
# See http://nginx.org/ru/docs/http/ngx_http_map_module.html for syntax
# Use 1 to enable whitelisting and 0 to disable
# example.org 1; # enable whitelisting
# www.example.org 0; # temporary disable whitelisting

126
imunify360-webshield/win-utf Normal file
View File

@@ -0,0 +1,126 @@
# This map is not a full windows-1251 <> utf8 map: it does not
# contain Serbian and Macedonian letters. If you need a full map,
# use contrib/unicode2nginx/win-utf map instead.
charset_map windows-1251 utf-8 {
82 E2809A ; # single low-9 quotation mark
84 E2809E ; # double low-9 quotation mark
85 E280A6 ; # ellipsis
86 E280A0 ; # dagger
87 E280A1 ; # double dagger
88 E282AC ; # euro
89 E280B0 ; # per mille
91 E28098 ; # left single quotation mark
92 E28099 ; # right single quotation mark
93 E2809C ; # left double quotation mark
94 E2809D ; # right double quotation mark
95 E280A2 ; # bullet
96 E28093 ; # en dash
97 E28094 ; # em dash
99 E284A2 ; # trade mark sign
A0 C2A0 ; # &nbsp;
A1 D18E ; # capital Byelorussian short U
A2 D19E ; # small Byelorussian short u
A4 C2A4 ; # currency sign
A5 D290 ; # capital Ukrainian soft G
A6 C2A6 ; # borken bar
A7 C2A7 ; # section sign
A8 D081 ; # capital YO
A9 C2A9 ; # (C)
AA D084 ; # capital Ukrainian YE
AB C2AB ; # left-pointing double angle quotation mark
AC C2AC ; # not sign
AD C2AD ; # soft hypen
AE C2AE ; # (R)
AF D087 ; # capital Ukrainian YI
B0 C2B0 ; # &deg;
B1 C2B1 ; # plus-minus sign
B2 D086 ; # capital Ukrainian I
B3 D196 ; # small Ukrainian i
B4 D291 ; # small Ukrainian soft g
B5 C2B5 ; # micro sign
B6 C2B6 ; # pilcrow sign
B7 C2B7 ; # &middot;
B8 D191 ; # small yo
B9 E28496 ; # numero sign
BA D194 ; # small Ukrainian ye
BB C2BB ; # right-pointing double angle quotation mark
BF D197 ; # small Ukrainian yi
C0 D090 ; # capital A
C1 D091 ; # capital B
C2 D092 ; # capital V
C3 D093 ; # capital G
C4 D094 ; # capital D
C5 D095 ; # capital YE
C6 D096 ; # capital ZH
C7 D097 ; # capital Z
C8 D098 ; # capital I
C9 D099 ; # capital J
CA D09A ; # capital K
CB D09B ; # capital L
CC D09C ; # capital M
CD D09D ; # capital N
CE D09E ; # capital O
CF D09F ; # capital P
D0 D0A0 ; # capital R
D1 D0A1 ; # capital S
D2 D0A2 ; # capital T
D3 D0A3 ; # capital U
D4 D0A4 ; # capital F
D5 D0A5 ; # capital KH
D6 D0A6 ; # capital TS
D7 D0A7 ; # capital CH
D8 D0A8 ; # capital SH
D9 D0A9 ; # capital SHCH
DA D0AA ; # capital hard sign
DB D0AB ; # capital Y
DC D0AC ; # capital soft sign
DD D0AD ; # capital E
DE D0AE ; # capital YU
DF D0AF ; # capital YA
E0 D0B0 ; # small a
E1 D0B1 ; # small b
E2 D0B2 ; # small v
E3 D0B3 ; # small g
E4 D0B4 ; # small d
E5 D0B5 ; # small ye
E6 D0B6 ; # small zh
E7 D0B7 ; # small z
E8 D0B8 ; # small i
E9 D0B9 ; # small j
EA D0BA ; # small k
EB D0BB ; # small l
EC D0BC ; # small m
ED D0BD ; # small n
EE D0BE ; # small o
EF D0BF ; # small p
F0 D180 ; # small r
F1 D181 ; # small s
F2 D182 ; # small t
F3 D183 ; # small u
F4 D184 ; # small f
F5 D185 ; # small kh
F6 D186 ; # small ts
F7 D187 ; # small ch
F8 D188 ; # small sh
F9 D189 ; # small shch
FA D18A ; # small hard sign
FB D18B ; # small y
FC D18C ; # small soft sign
FD D18D ; # small e
FE D18E ; # small yu
FF D18F ; # small ya
}

14
imunify360-webshield/wscheck.conf Normal file
View File

@@ -0,0 +1,14 @@
# enable captcha check for CloudFlare (on|off, default is off)
cloudflare_captcha off;
# Use splashscreen as captcha for Chinese customers
wscheck_splashscreen_as_captcha off;
# Use these values for User ID hash
wscheck_session_key $remote_addr$http_user_agent;
# Search client address in the following places
wscheck_ipsearch cloudflare|$http_cf_connecting_ip cloudflare|$http_true_client_ip !cloudflare|$http_x_forwarded_for;
# Use this variable to check if client is a proxy
wscheck_proxy_var_name remote_proxy;