111 lines
3.3 KiB
Plaintext
111 lines
3.3 KiB
Plaintext
lua_ssl_verify_depth 2;
|
|
lua_ssl_trusted_certificate /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem;
|
|
|
|
ssl_certificate_by_lua_file lua/ssl.lua;
|
|
|
|
set $proxy_part '';
|
|
if ($append_port) {
|
|
set $proxy_part :$proxy_port;
|
|
}
|
|
|
|
set $trust_ezoic 0;
|
|
|
|
rewrite_by_lua_file lua/accesscheck.lua;
|
|
|
|
location = /selfcheck {
|
|
allow 127.0.0.1;
|
|
allow ::1;
|
|
deny all;
|
|
content_by_lua_block {
|
|
ngx.status = ngx.HTTP_OK
|
|
ngx.header.content_type = "text/html; charset=utf-8"
|
|
local message = os.time(os.date("!*t"))
|
|
ngx.say(message)
|
|
return ngx.exit(ngx.HTTP_OK)
|
|
}
|
|
}
|
|
|
|
location = /captchacheck {
|
|
proxy_set_header Host $host$proxy_part;
|
|
proxy_set_header X-Real-IP $wsuserip;
|
|
proxy_bind $bind_target;
|
|
proxy_hide_header Upgrade;
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Connection "";
|
|
|
|
if ($static_whitelisted) {
|
|
expires off;
|
|
proxy_pass $scheme://catchall;
|
|
}
|
|
|
|
access_by_lua_file lua/captchacheck.lua;
|
|
}
|
|
|
|
location = /ungraylistcheck {
|
|
content_by_lua_file lua/ungraylistcheck.lua;
|
|
}
|
|
|
|
location @to_static {
|
|
root html/captcha;
|
|
try_files $uri /a9bc224bd710f56d27affffddc764239b58c3faa0/shield.png;
|
|
}
|
|
|
|
location / {
|
|
access_by_lua_file lua/reqrouter.lua;
|
|
}
|
|
|
|
location @to_backend {
|
|
access_by_lua_block {
|
|
local xff = ngx.var.http_x_forwarded_for
|
|
if not xff or ngx.var.remote_proxy == "0" then
|
|
ngx.req.set_header("X-Forwarded-For", ngx.var.wsuserip)
|
|
else
|
|
ngx.req.set_header("X-Forwarded-For", xff .. ", " .. ngx.var.remote_addr)
|
|
end
|
|
}
|
|
proxy_set_header Host $host$proxy_part;
|
|
proxy_set_header X-Real-IP $wsuserip;
|
|
proxy_set_header X-Remote-IP $remote_addr;
|
|
proxy_hide_header Upgrade;
|
|
expires off;
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Connection "";
|
|
include /etc/imunify360-webshield/webshield-backend.conf.d/*.conf;
|
|
proxy_bind $bind_target;
|
|
proxy_pass $scheme://catchall;
|
|
}
|
|
|
|
location @to_captcha {
|
|
include /etc/imunify360-webshield/invisible-captcha.conf;
|
|
root html/captcha;
|
|
default_type text/html;
|
|
add_header Last-Modified $date_gmt;
|
|
add_header Cache-Control 'private, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0';
|
|
add_header cf-edge-cache no-cache;
|
|
add_header Expires 'Thu, 01 Jan 1970 00:00:01 GMT';
|
|
if_modified_since off;
|
|
expires off;
|
|
etag off;
|
|
keepalive_timeout 0;
|
|
include /etc/imunify360-webshield/webshield-captcha.conf.d/*.conf;
|
|
content_by_lua_file lua/captcha.lua;
|
|
}
|
|
|
|
location @to_splashscreen {
|
|
root html/splashscreen;
|
|
default_type text/html;
|
|
add_header Last-Modified $date_gmt;
|
|
add_header Cache-Control 'private, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0';
|
|
add_header cf-edge-cache no-cache;
|
|
if_modified_since off;
|
|
expires off;
|
|
etag off;
|
|
keepalive_timeout 0;
|
|
include /etc/imunify360-webshield/webshield-splashscreen.conf.d/*.conf;
|
|
content_by_lua_file lua/splashscreen.lua;
|
|
}
|
|
|
|
location = /z0f76a1d14fd21a8fb5fd0d03e0fdc3d3cedae52f {
|
|
content_by_lua_file lua/wsidchk.lua;
|
|
}
|