Welcome to Centmin Mod Community
Become a Member

WebARX Nginc Rules - Where to add

Discussion in 'Blogs & CMS usage' started by Droidism, Oct 3, 2019.

  1. Droidism

    Droidism Premium Member Premium Member

    12
    1
    3
    Oct 3, 2019
    Ratings:
    +5
    Local Time:
    4:18 PM
    1.17.4
    10.3.18
    After running option 22, I'm now looking to get WebARX working with WP & CentminMod.

    Question is where to add these rules, and if there are some that need tweaking or could be removed completely. I.e. the
    Code:
    server_tokens off;
    one.

    The site(s) is/will be running under TLS/SSL with the help of Let's Encrypt. Adding them to domain.ext.ssl.conf borked Nginx...

    Thanks in advance for any guidance and suggestions.

    Rules:
    Code:
    # WebARX nginx protection rules.
    # Disable directory listing and server signature.
    autoindex off;
    server_tokens off;
    
    # Block access to certain files.
    location ~* \.(htaccess|htpasswd|errordocs|logs|log)$ {
        return 403;
    }
    
    rewrite ^/readme\.html$ /index.php?webarx_fpage=101 break;
    rewrite ^/license\.txt$ /index.php?webarx_fpage=102 break;
    rewrite ^/wp-config\.php$ /index.php?webarx_fpage=103 break;
    rewrite ^/wp-admin/includes/ /index.php?webarx_fpage=201 break;
    rewrite ^/wp-includes/[^/]+.php$ /index.php?webarx_fpage=202 break;
    rewrite ^/wp-content/uploads/(.*)\.php$ /index.php?webarx_fpage=202 break;
    rewrite ^/wp-includes/js/tinymce/langs/.+.php /index.php?webarx_fpage=203 break;
    rewrite ^/wp-includes/theme-compat/ /index.php?webarx_fpage=204 break;
    rewrite ^/debug*.*log$ /index.php?webarx_fpage=502 break;
    if ($remote_addr != "18.221.197.243"){
        rewrite ^/(.*)/plugins/(.*)readme\.(txt|html)$ /index.php?webarx_fpage=19 break;
    }
    
    # Prevent proxy comments.
    if ($http_cookie !~* "^.*wordpress_logged_in.*$"){
        set $blockcomment A;
    }
    if ($request_method = POST){
        set $blockcomment "${blockcomment}B";
    }
    if ($http_via){
        set $blockcomment "${blockcomment}C";
    }
    if ($http_forwarded){
        set $blockcomment "${blockcomment}C";
    }
    if ($http_useragent_via){
        set $blockcomment "${blockcomment}C";
    }
    if ($http_x_forwarded_for){
        set $blockcomment "${blockcomment}C";
    }
    if ($http_x_forwarded_host){
        set $blockcomment "${blockcomment}C";
    }
    if ($http_proxy_connection){
        set $blockcomment "${blockcomment}C";
    }
    if ($http_xproxy_connection){
        set $blockcomment "${blockcomment}C";
    }
    if ($http_http_pc_remote_addr){
        set $blockcomment "${blockcomment}C";
    }
    if ($http_http_client_ip){
        set $blockcomment "${blockcomment}C";
    }
    if ($blockcomment ~ "ABC"){
        rewrite ^/wp-comments-post\.php$ /index.php?webarx_fpage=7 break;
    }
    Source
     
  2. eva2000

    eva2000 Administrator Staff Member

    41,723
    9,395
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +14,431
    Local Time:
    12:18 AM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    Code (Text):
    # WebARX nginx protection rules.
    # Disable directory listing and server signature.
    autoindex off;
    server_tokens off;
    

    autoindex is disabled by default so not needed as to server_tokens already disabled in /usr/local/nginx/conf/nginx.conf so again not needed :)

    unfamiliar with WebARX but those rules should go above the location / {} context of your nginx vhost - try and see - best to ask WebARX folks though as they'd best know
     
    • Like Like x 1
  3. eva2000

    eva2000 Administrator Staff Member

    41,723
    9,395
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +14,431
    Local Time:
    12:18 AM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    define borked ? errors ? symptoms ?
     
  4. Droidism

    Droidism Premium Member Premium Member

    12
    1
    3
    Oct 3, 2019
    Ratings:
    +5
    Local Time:
    4:18 PM
    1.17.4
    10.3.18
    Thanks @eva2000

    Contacting the WebARX folks and ask them where to add the rules sounds like a plan. Will post the answer here for future search queries.

    Noob question: above the location / {} context, meaning the top-level dir/config structure of the Nginx WP install, so Nginx processes these before it get's to the actual WP PHP files? (I should probably start a "Centmin Mod for Non-Techies" YT channel and make bank like Adam Preiser...)

    Borked, as in after adding the WebARX rules in /domain.ext.ssl.conf and restarting Nginx it threw an error and refused to start. Something about "This is an SSL site." Removing these and restarting Nginx seemed to have fixed that, but if you prefer I can dig in the logs and see what they tell.
     
  5. eva2000

    eva2000 Administrator Staff Member

    41,723
    9,395
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +14,431
    Local Time:
    12:18 AM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    yeah - see Nginx - Insight Guide - Understanding Nginx Vhost Location & Server Contexts

    you might have placed in a position it's not meant for or broken the server context locations wrapped in curly braces {}
     
  6. Droidism

    Droidism Premium Member Premium Member

    12
    1
    3
    Oct 3, 2019
    Ratings:
    +5
    Local Time:
    4:18 PM
    1.17.4
    10.3.18
    Thanks again for your swift response!

    Probably the latter, but I will read up on the documentation in order to confirm my suspicion.

    For now, I’m off to bed. Will update this thread when I get an answer from the WebARX folk.

    Ciao!
     
  7. Droidism

    Droidism Premium Member Premium Member

    12
    1
    3
    Oct 3, 2019
    Ratings:
    +5
    Local Time:
    4:18 PM
    1.17.4
    10.3.18
    Hi @eva2000

    After keeping your hint in mind and reading the Centmin Mod docs, I've gone ahead and added the WebARX rules in the
    Code:
    pre-staticfiles-local-mysite.ext.conf
    . For now, it all seems to work.

    And I guess when one want's to implement the rules for all sites on the server it could be added to the
    Code:
    pre-staticfiles-global.conf
    .
     
  8. eva2000

    eva2000 Administrator Staff Member

    41,723
    9,395
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +14,431
    Local Time:
    12:18 AM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    Glad to see you found a solution that works for you :D
     
  9. Droidism

    Droidism Premium Member Premium Member

    12
    1
    3
    Oct 3, 2019
    Ratings:
    +5
    Local Time:
    4:18 PM
    1.17.4
    10.3.18
    Thanks. Still trying to confirm my method with the WebARX folk tho. Had a busy week, so the actual process of me taking action is slightly delayed...
     
  10. Droidism

    Droidism Premium Member Premium Member

    12
    1
    3
    Oct 3, 2019
    Ratings:
    +5
    Local Time:
    4:18 PM
    1.17.4
    10.3.18
    A quick follow-up. The response from the WebARX team is; “Personally I recommend adding it to the "server" context block of the domain that has WordPress installed, after the constant declarations such as listen/server_name/root, before any other location matches.”

    So my guess is that the current context I’ve put the rules in is not the best place. Guess I’ll will have to read the CentMin Mod docs and figure this out.

    Hoping that future Centmin Mod and WebARX users find this info useful.