Created
October 16, 2015 14:06
-
-
Save rroethof/58d5c46c128c26f4603c to your computer and use it in GitHub Desktop.
Revisions
-
rroethof created this gist
Oct 16, 2015 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,35 @@ Stop Hotlinking: don’t let other websites steal your content (images, media files, etc), that will cause additional load to your webserver and also more bandwidth consumption. ''' location ~ .(gif|png|jpe?g)$ { valid_referers none blocked mywebsite.com *.mywebsite.com; if ($invalid_referer) { return 403; } } ''' Deny execution of scripts inside certain directories. This can be used to protect your websites from being hacked denying execution of scripts inside certain directories (such as tmp, cache, logs, etc), often the ones that need writing permissions. One easy way to secure is the following: # deny scripts inside writable directories ''' location ~* /(images|cache|media|logs|tmp)/.*.(php|pl|py|jsp|asp|sh|cgi)$ { return 403; error_page 403 /403_error.html; } ''' Block attackers based on GeoIP countries Specify where the GeoIP database is located on your system, you can place this directive inside your http {} configuration block: '''geoip_country /etc/nginx/GeoIP.dat;''' Next, let’s tell Nginx which countries are gonna be blocked: ''' if ($geoip_country_code ~ (CN|KR|UK) ) { return 403; } '''