Mini Shell

Direktori : /etc/imunify360-webshield/
Upload File :
Current File : //etc/imunify360-webshield/webshield.conf

user  imunify360-webshield;

error_log  /var/log/imunify360-webshield/error.log warn;
pid        /var/run/imunify360-webshield.pid;
worker_rlimit_nofile 65536;

events {
    worker_connections  65536;
    multi_accept on;
}

include  /etc/imunify360-webshield/webshield-main.conf.d/*.conf;


http {
    variables_hash_max_size 2048;
    map_hash_max_size 4096;
    map_hash_bucket_size 128;

    # Make sure all clients' headers are passed
    ignore_invalid_headers off;

    # Allow upload of files of unlimited size
    client_max_body_size 0;

    include       /etc/imunify360-webshield/mime.types;
    default_type  application/octet-stream;

    # XFF:"ip" is to match nginx captcha access.log separately from
    # other access logs
    log_format  main  '$wsuserip - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent $host "$http_referer" '
                      '"$http_user_agent" WL:"$domain_whitelisted" "$http_x_requested_with" '
                      'XFF:"$http_x_forwarded_for" CAPTCHA:"$totalcaptcha" PEER:$remote_addr';

    access_log  /var/log/imunify360-webshield/access.log  main;

    sendfile        on;
    #tcp_nopush     on;
    #gzip  on;

    proxy_read_timeout 180s;
    proxy_send_timeout 180s;
    proxy_buffering off;
    proxy_buffers 8 128k;
    proxy_buffer_size 128k;
    client_body_buffer_size 128k;

    large_client_header_buffers 4 16k;

    include webshield-http.conf.d/*.conf;

    include /etc/imunify360-webshield/wscheck.conf;
    include /etc/imunify360-webshield/captcha.conf;
    include /etc/imunify360-webshield/splashscreen.conf;
    include /etc/imunify360-webshield/splashscreen-antibot.conf;

    geo $remote_proxy {
        default 0;
        include /etc/imunify360-webshield/agent-proxies.conf;
        include /etc/imunify360-webshield/common-proxies.conf;
    }

    map $host $domain_whitelisted {
        default 0;
        include     /etc/imunify360-webshield/whitelisted-domains.conf;
    }

    map $http_upgrade $connection_upgrade {
        websocket upgrade;
    }

    map $server_addr $bind_target {
        default 127.0.0.1;
        "~^[a-fA-F0-9:\[\]]+$" ::1;
    }

    geo $wsuserip $remote_country_code {
        default none;
        include /etc/imunify360-webshield/country_ips.conf;
    }

    map $remote_country_code $remote_blocked_by_country {
        default 0;
        include /etc/imunify360-webshield/blocked_country_codes.conf;
    }

    geo $wsuserip $custom_whitelisted {
        default 0;
        include /etc/imunify360-webshield/custom-whitelisted.conf;
    }

    geo $wsuserip $custom_blacklisted {
        default 0;
        include /etc/imunify360-webshield/custom-blacklisted.conf;
    }

    lua_shared_dict domains_ips 1m;
    lua_shared_dict splashscreen_sessions 1m;
    lua_shared_dict notfound_ssl_domains 1m;
    init_by_lua_file lua/init.lua;

    access_checker unix:/var/run/imunify360/libiplists-daemon.sock;

    map $server_port $destination_port {
        default 80;
        52223 443;
        52224 80;
        52227 2087;
        52228 2086;
        52229 2083;
        52230 2082;
        52231 2096;
        52232 2095;
        52233 8443;
        52234 8880;
        52235 2222;
    }

    map $destination_port $append_port {
        default 1;
        80  0;
        443 0;
    }

    upstream catchall {
        server 127.0.0.1;
        balancer_by_lua_block {
            local balancer = require "ngx.balancer"
            local host = ngx.var.server_addr
            if host ~= nil and host:match(":") then
                host = "[" .. host .. "]"
            end
            local port = ngx.var.destination_port
            local ok, err = balancer.set_current_peer(host, port)
                if not ok then
                    ngx.log(ngx.ERR, "failed to set the current peer: ", err)
                    return ngx.exit(ngx.ERROR)
                end
        }
        keepalive 32;
    }

    map $access_check_captcha $totalcaptcha {
        default $wscaptcha;
        "" $wscaptcha;
        2 2;
        1 1;
        0 0;
    }

    server_tokens off;
    more_set_headers "Server: imunify360-webshield/1.21";

    server {
        server_name _;
        ssl_protocols TLSv1.2 TLSv1.3;
        proxy_ssl_protocols TLSv1.2 TLSv1.3;

        include     /etc/imunify360-webshield/ports.conf;
        include     /etc/imunify360-webshield/ssl_ports.conf;
        include     /etc/imunify360-webshield/ssl.conf;
        include     /etc/imunify360-webshield/webshield-server.conf.d/*.conf;
        include     /etc/imunify360-webshield/virtserver.conf;
    }
}

Zerion Mini Shell 1.0