@@ -17,24 +17,22 @@ server {
1717 server_name example.com;
1818
1919 ## Parameterization using hostname of access and log filenames.
20- access_log /var/log/nginx/example.com_access.log;
21- error_log /var/log/nginx/example.com_error.log;
22-
23- ## Include the blacklist.conf file.
24- include sites-available/blacklist.conf;
25-
26- ## Disable all methods besides HEAD, GET and POST.
27- if ($request_method !~ ^(GET|HEAD|POST)$ ) {
28- return 444 ;
29- }
20+ access_log /var/log/nginx/example.com_access.log;
21+ error_log /var/log/nginx/example.com_error.log;
3022
3123 ## Root and index files.
3224 root /var/www/sites/wp;
3325 index index.php index.html;
3426
35-
36- ## Don't use the server name for redirects.
37- server_name_in_redirect off ;
27+ ## See the blacklist.conf file at the parent dir: /etc/nginx.
28+ ## Deny access based on the User-Agent header.
29+ if ($bad_bot ) {
30+ return 444 ;
31+ }
32+ ## Deny access based on the Referer header.
33+ if ($bad_referer ) {
34+ return 444 ;
35+ }
3836
3937 ## Cache control. Useful for WP super cache.
4038 add_header Cache-Control "store, must-revalidate, post-check=0, pre-check=0" ;
@@ -53,36 +51,12 @@ server {
5351 access_log off ;
5452 }
5553
56- ## Static files are served directly.
57- location ~* \.(?:js|css|png|jpg|jpeg|gif|ico)$ {
58- expires max ;
59- log_not_found off ;
60- ## No need to bleed constant updates. Send the all shebang in one
61- ## fell swoop.
62- tcp_nodelay off ;
63- }
64-
65- ## Keep a tab on the 'big' static files.
66- location ~* ^.+\.(?:m4a|mp[34]|mov|ogg|flv|pdf|ppt[x]*)$ {
67- expires 30d ;
68- ## No need to bleed constant updates. Send the all shebang in one
69- ## fell swoop.
70- tcp_nodelay off ;
71- }
72-
7354 ## Protect the readme.html file to not reveal the installed
7455 ## version.
7556 location = /readme.html {
7657 auth_basic "Restricted Access" ; # auth realm
7758 auth_basic_user_file .htpasswd-users; # htpasswd file
7859 }
79-
80- ## All files/directories that are protected and unaccessible from
81- ## the web.
82- location ~* ^.*(\.(?:git|svn|htaccess|txt|po[t]*))$ {
83- return 404 ;
84- }
85-
8660
8761 ## Try the requested URI as files before handling it to PHP.
8862 location / {
@@ -125,8 +99,29 @@ server {
12599 ## Passing the request upstream to the FastCGI
126100 ## listener.
127101 fastcgi_pass phpcgi;
128- ## Upload progress support.
129- track_uploads uploads 60s ;
102+ }
103+
104+ ## All files/directories that are protected and unaccessible from
105+ ## the web.
106+ location ~* ^.*(\.(?:git|svn|htaccess|txt|po[t]*))$ {
107+ return 404 ;
108+ }
109+
110+ ## Static files are served directly.
111+ location ~* \.(?:js|css|png|jpg|jpeg|gif|ico)$ {
112+ expires max ;
113+ log_not_found off ;
114+ ## No need to bleed constant updates. Send the all shebang in one
115+ ## fell swoop.
116+ tcp_nodelay off ;
117+ }
118+
119+ ## Keep a tab on the 'big' static files.
120+ location ~* ^.+\.(?:m4a|mp[34]|mov|ogg|flv|pdf|ppt[x]*)$ {
121+ expires 30d ;
122+ ## No need to bleed constant updates. Send the all shebang in one
123+ ## fell swoop.
124+ tcp_nodelay off ;
130125 }
131126 } # / location
132127
@@ -135,16 +130,6 @@ server {
135130 try_files $uri $uri / /index.php?q=$uri &$args ;
136131 }
137132
138- ## For upload progress to work.
139- location ~ (.*)/x-progress-id:(\w*) {
140- rewrite ^(.*)/x-progress-id:(\w*) $1 ?X-Progress-ID=$2 ;
141- }
142-
143- location ^~ /progress {
144- report_uploads uploads;
145- }
146-
147-
148133 ## Including the php-fpm status and ping pages config.
149134 ## Uncomment to enable if you're running php-fpm.
150135 #include php_fpm_status.conf;
@@ -157,5 +142,4 @@ server {
157142 # location = /50x.html {
158143 # root /var/www/nginx-default;
159144 # }
160-
161- } # server
145+ } # server
0 commit comments