Archive | Nginx

Enable Compression On Plesk With Nginx

By admin on August 20, 2015 in Apache, Nginx, Plesk

To enable compression on a Plesk server with Nginx handling static content, had to add the following to .htaccess:

<IfModule mod_deflate.c>
  <filesMatch "\.(js|css|html|php)$">
    SetOutputFilter DEFLATE
  </filesMatch>
</IfModule>

SetOutputFilter DEFLATE

</filesMatch>

</IfModule>

This configuration is explained here: https://www.a2hosting.com/kb/developer-corner/apache-web-server/data-compression-using-the-mod-deflate-module

And then in Plesk under:

Subscriptions -> acme.com -> Websites & Domains -> Web Server Settings -> Additional nginx directives

added the following:

# enable gzip compression
gzip on;
gzip_min_length  1100;
gzip_buffers  4 32k;
gzip_types    text/plain application/javascript application/x-javascript text/xml text/css;
gzip_vary on;
# end gzip configuration

# enable gzip compression

gzip on;

gzip_min_length 1100;

gzip_buffers 4 32k;

gzip_types text/plain application/javascript application/x-javascript text/xml text/css;

gzip_vary on;

# end gzip configuration

The Nginx configuration is explained here: http://www.nginxtips.com/how-to-configure-nginx-gzip-compression/

Block XSS on Apache or Nginx

By admin on April 16, 2015 in Apache, Nginx

Here are some handy Apache rewrite rules for blocking cross site scripting (XSS) attacks:

RewriteCond %{REQUEST_URI} base64_encode.*\(.*\) [OR]
RewriteCond %{REQUEST_URI} (\<|<).*script.*(\>|>) [NC,OR]
RewriteCond %{REQUEST_URI} (\<|<).*iframe.*(\>|>) [NC,OR]
RewriteCond %{REQUEST_URI} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{REQUEST_URI} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
RewriteRule ^(.*)$ 404.php [F,L]

RewriteCond %{REQUEST_URI} base64_encode.*$.*$ [OR]

RewriteCond %{REQUEST_URI} (\<|<).*script.*(\>|>) [NC,OR]

RewriteCond %{REQUEST_URI} (\<|<).*iframe.*(\>|>) [NC,OR]

RewriteCond %{REQUEST_URI} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]

RewriteCond %{REQUEST_URI} _REQUEST(=|\[|\%[0-9A-Z]{0,2})

RewriteRule ^(.*)$ 404.php [F,L]

And here are similar rules for Nginx:

set $block_xss 0;
if ($query_string ~ "base64_(en|de)code\(.*\)") {
	set $block_xss 1;
}
if ($request_uri ~ "base64_(en|de)code\(.*\)") {
	set $block_xss 1;
}
if ($query_string ~ "(<|%3C).*script.*(>|%3E)") {
	set $block_xss 1;
}
if ($request_uri ~ "(<|%3C).*script.*(>|%3E)") {
	set $block_xss 1;
}
if ($query_string ~ "(<|%3C).*iframe.*(>|%3E)") {
	set $block_xss 1;
}
if ($request_uri ~ "(<|%3C).*iframe.*(>|%3E)") {
	set $block_xss 1;
}
if ($query_string ~ "GLOBALS(=|\[|\%[0-9A-Z]{0,2})") {
        set $block_xss 1;
}
if ($query_string ~ "_REQUEST(=|\[|\%[0-9A-Z]{0,2})") {
        set $block_xss 1;
}
if ($block_xss = 1) {
	return 403;
}

set $block_xss 0;

if ($query_string ~ "base64_(en|de)code$.*$") {

set $block_xss 1;

}

if ($request_uri ~ "base64_(en|de)code$.*$") {

set $block_xss 1;

}

if ($query_string ~ "(<|%3C).*script.*(>|%3E)") {

set $block_xss 1;

}

if ($request_uri ~ "(<|%3C).*script.*(>|%3E)") {

set $block_xss 1;

}

if ($query_string ~ "(<|%3C).*iframe.*(>|%3E)") {

set $block_xss 1;

}

if ($request_uri ~ "(<|%3C).*iframe.*(>|%3E)") {

set $block_xss 1;

}

if ($query_string ~ "GLOBALS(=|\[|\%[0-9A-Z]{0,2})") {

set $block_xss 1;

}

if ($query_string ~ "_REQUEST(=|\[|\%[0-9A-Z]{0,2})") {

set $block_xss 1;

}

if ($block_xss = 1) {

return 403;

}

We gathered these rules from several sources around the net so they are not original but it’s handy to have them all in one place with both the Apache and Nginx versions.

Block Access To .git And .svn Folders

By admin on June 26, 2014 in Apache, Nginx

On Nginx add the following to each “server” block:

location ~ /\.git {
  deny all;
}
location ~ /\.svn {
  deny all;
}

location ~ /\.git {

deny all;

}

location ~ /\.svn {

deny all;

}

And the for Apache add the following to the VirtualHost block:

<Directorymatch "^/.*/\.git+/">
  Order deny,allow
  Deny from all
</Directorymatch>
<Files ~ "^\.git">
    Order allow,deny
    Deny from all 
</Files>
<Directorymatch "^/.*/\.svn+/">
  Order deny,allow
  Deny from all
</Directorymatch>
<Files ~ "^\.svn">
    Order allow,deny
    Deny from all
</Files>

Order deny,allow

Deny from all

</Directorymatch>

Order allow,deny

Deny from all

</Files>

Order deny,allow

Deny from all

</Directorymatch>

Order allow,deny

Deny from all

</Files>

Set X-Robots-Tag Header On Plesk/Nginx

By admin on June 24, 2014 in Nginx, Plesk

On a Plesk server with Nginx enabled here are the steps to setup custom X-Robot-Tag headers has described here:

https://developers.google.com/webmasters/control-crawl-index/docs/robots_meta_tag?csw=1

In Plesk control panel:

1. Select the domain

2. Click Web Server Settings

3. Scroll down to nginx settings

4. If you have “Serve static files directly by nginx” checked (which I recommend), you’ll need to remove the file extensions to which you’re going to apply headers. In this example remove “pdf” from the list.

5. In the “Additional nginx directives” field enter:

location ~* \.pdf$ {
	add_header  X-Robots-Tag "index, noarchive, nosnippet";
}

location ~* \.pdf$ {

add_header X-Robots-Tag "index, noarchive, nosnippet";

}

6. Click OK button to save changes.

Plesk 11 – vhost.conf File For Nginx

By admin on April 21, 2014 in Apache, Nginx, Plesk

We’re all familier with using a vhost.conf file on Plesk to provide custom Apache directives to an individual virtual host. Originally the file was located at:

/var/www/vhosts/domain.com/conf/vhost.conf

1	/var/www/vhosts/domain.com/conf/vhost.conf

Recent versions of Plesk have moved the file to:

/var/www/vhosts/system/domain.com/conf/vhost.conf

1	/var/www/vhosts/system/domain.com/conf/vhost.conf

And of course there is an SSL version of the file at:

/var/www/vhosts/system/domain.com/conf/vhost_ssl.conf

1	/var/www/vhosts/system/domain.com/conf/vhost_ssl.conf

The good news is there’s also now a file for Nginx at:

/var/www/vhosts/system/domain.com/conf/vhost_nginx.conf

1	/var/www/vhosts/system/domain.com/conf/vhost_nginx.conf

By default these files don’t exist and are not included in the configuration. So you’ll need to create the file and then run:

/usr/local/psa/admin/sbin/httpdmng --reconfigure-all

1	/usr/local/psa/admin/sbin/httpdmng --reconfigure-all

/usr/local/psa/admin/sbin/httpdmng --reconfigure-domain domain.com

1	/usr/local/psa/admin/sbin/httpdmng --reconfigure-domain domain.com

← Previous 1 2 3 4 5 Next →

Need help immediately?

$100/hour
Satisfaction Guaranteed

Top Nav

Navigation

Archive | Nginx

Enable Compression On Plesk With Nginx

Block XSS on Apache or Nginx

Block Access To .git And .svn Folders

Set X-Robots-Tag Header On Plesk/Nginx

Plesk 11 – vhost.conf File For Nginx