Mini Shell
lua_ssl_verify_depth 2;
lua_ssl_trusted_certificate /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem;
ssl_certificate_by_lua_file lua/ssl.lua;
set $cpanel_protection 1;
set $proxy_part '';
if ($append_port) {
set $proxy_part :$destination_port;
}
set $trust_ezoic 0;
rewrite_by_lua_file lua/accesscheck.lua;
set $backend_dest $server_addr;
if ($backend_dest ~ "^[a-fA-F0-9:]+$") {
set $backend_dest [$backend_dest];
}
location = /selfcheck {
allow 127.0.0.1;
allow ::1;
deny all;
access_log off;
add_header "Content-Type" "text/plain";
return 200 "healthy:${msec}\n";
}
location @to_static {
root html/captcha;
try_files $uri /a9bc224bd710f56d27affffddc764239b58c3faa0/shield.png;
}
location @by_default {
proxy_http_version 1.1;
proxy_set_header Host $host$proxy_part;
proxy_set_header Connection $connection_upgrade;
proxy_set_header Upgrade $http_upgrade;
# Wafd is responsible for setting this header after it became hidden
proxy_hide_header Upgrade;
proxy_bind $bind_target;
proxy_pass $scheme://$backend_dest:$destination_port;
}
location / {
access_by_lua_file lua/reqrouter.lua;
}
location @to_backend {
access_by_lua_block {
local xff = ngx.var.http_x_forwarded_for
if not xff or ngx.var.remote_proxy == "0" then
ngx.req.set_header("X-Forwarded-For", ngx.var.wsuserip)
else
ngx.req.set_header("X-Forwarded-For", xff .. ", " .. ngx.var.remote_addr)
end
}
header_filter_by_lua_block {
local upgrade_hdr = ngx.var.http_upgrade
if upgrade_hdr == "websocket" then
ngx.header["Upgrade"] = upgrade_hdr
else
ngx.header["Upgrade"] = nil
end
}
proxy_set_header Host $host$proxy_part;
proxy_set_header X-Real-IP $wsuserip;
proxy_set_header X-Remote-IP $remote_addr;
proxy_set_header Upgrade $http_upgrade;
expires off;
proxy_http_version 1.1;
proxy_set_header Connection $connection_upgrade;
include /etc/imunify360-webshield/webshield-backend.conf.d/*.conf;
proxy_bind $bind_target;
proxy_pass $scheme://catchall;
}
location @to_captcha {
include /etc/imunify360-webshield/invisible-captcha.conf;
root html/captcha;
default_type text/html;
add_header Last-Modified $date_gmt;
add_header Cache-Control 'private, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0';
add_header cf-edge-cache no-cache;
add_header Expires 'Thu, 01 Jan 1970 00:00:01 GMT';
if_modified_since off;
expires off;
etag off;
keepalive_timeout 0;
include /etc/imunify360-webshield/webshield-captcha.conf.d/*.conf;
content_by_lua_file lua/captcha.lua;
}
location @to_splashscreen {
root html/splashscreen;
default_type text/html;
add_header Last-Modified $date_gmt;
add_header Cache-Control 'private, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0';
add_header cf-edge-cache no-cache;
if_modified_since off;
expires off;
etag off;
keepalive_timeout 0;
include /etc/imunify360-webshield/webshield-splashscreen.conf.d/*.conf;
content_by_lua_file lua/splashscreen.lua;
}
location @to_wsidchk {
content_by_lua_file lua/wsidchk.lua;
}
Zerion Mini Shell 1.0