nginx.conf - limithit/ModSecurity Wiki

Configuration References

user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
#include /usr/share/nginx/modules/*.conf;

events {
    worker_connections 1024;
}

http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" "$request_time"'
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for" "$server_name--$request_id"'
                      '"$upstream_addr" "$upstream_response_time" "$http_x_custom_header"';

    access_log  /var/log/nginx/access.log  main;

    modsecurity on;
    modsecurity_rules_file /etc/nginx/modsecurity/modsecurity.conf;
    modsecurity_transaction_id "$server_name--$request_id";
    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 4096;
    client_max_body_size 100m;
    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;
    server_tokens off;
    proxy_hide_header X-Powered-By;
    proxy_hide_header Server;


    proxy_set_header        Host $host;
    proxy_set_header        X-Real-IP $remote_addr;
    proxy_set_header   REMOTE-HOST $remote_addr;
    proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;

    server_names_hash_bucket_size 128;
    # Load modular configuration files from the /etc/nginx/conf.d directory.
    # See http://nginx.org/en/docs/ngx_core_module.html#include
    # for more information.

    server {
        listen       80;
        listen       [::]:80;
        server_name  _;
       return 444;
    }

     upstream portal_server{
            server 10.1.0.131:80;
            server 10.1.0.132:80;
        }
   server {
          listen       80;
          server_name  node1.xx.com node2.xx.com;
          rewrite ^(.*)$  https://$host$1 permanent;
      }

        server {
        listen 443 ssl;
        server_name node1.xx.com node2.xx.com;
              ssl_certificate       cert/4390688__node.com.pem;
              ssl_certificate_key   cert/4390688__node.com.key;
              ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
              ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
              ssl_prefer_server_ciphers on;
              ssl_session_timeout 5m;

          access_log /var/log/nginx/workstation_access.log;
          error_log /var/log/nginx/workstation_error.log;

            location /{
                
                if ($request_method = OPTIONS) {
                        set $all_hear "Content-Type,Accept,User-Agent,X-Requested-With,Cache-Control,Authorization,Host,Pragma,Access-Control-Request-Method,companycode,merchantcode,Origin,Sec-Fetch-Mode,Referer,Accept-Language,Access-Control-Allow-Origin,Access-Control-Request-Headers,${http_access_control_request_headers}";
                        add_header 'Access-Control-Allow-Origin' $http_origin;
                        add_header  Access-Control-Allow-Credentials true;
                        add_header 'Access-Control-Allow-Methods' '*';
                        add_header 'Access-Control-Allow-Headers' $all_hear;
			add_header 'Access-Control-Max-Age' 3600;
                        return 204;
                }
                proxy_pass http://portal_server/;
                proxy_http_version 1.1;
        }
           error_page  403 444  /40x.html;
           location = /40x.html {
            add_header Content-Type 'text/html; charset=utf-8';
             # 'return' command will intercept the modsec_audit record that triggers the rule 'H', which can only be viewed in the error log, if you do not 
             # want to be intercepted, you can use 'echo' command instead  with -add-module=echo-nginx-module
             # Or don't use 'return' to return the response body
             return 200 "<!DOCTYPE html><html><head><meta charset=utf-8><body><p><b>Your access was blocked because the URL accessed may pose a security threat to the site.</b><br>status:&ensp;$status<br>remote_addr:&ensp;$remote_addr<br>server_name:&ensp;$server_name<br>date:&ensp;$time_local<br>tracking ID:&ensp;$request_id</p>";
        }

 }

LogRotate

cat /etc/logrotate.d/modsec
/var/log/modsec_audit.log
{
        rotate 31
        daily
        missingok
        compress
        delaycompress
        notifempty
}
⚠️ **GitHub.com Fallback** ⚠️