WebARX Nginc Rules - Where to add

After running option 22, I'm now looking to get WebARX working with WP & CentminMod.

Question is where to add these rules, and if there are some that need tweaking or could be removed completely. I.e. the

Code:

server_tokens off;

one.

The site(s) is/will be running under TLS/SSL with the help of Let's Encrypt. Adding them to domain.ext.ssl.conf borked Nginx...

Thanks in advance for any guidance and suggestions.

Rules:

Code:

# WebARX nginx protection rules.
# Disable directory listing and server signature.
autoindex off;
server_tokens off;

# Block access to certain files.
location ~* \.(htaccess|htpasswd|errordocs|logs|log)$ {
    return 403;
}

rewrite ^/readme\.html$ /index.php?webarx_fpage=101 break;
rewrite ^/license\.txt$ /index.php?webarx_fpage=102 break;
rewrite ^/wp-config\.php$ /index.php?webarx_fpage=103 break;
rewrite ^/wp-admin/includes/ /index.php?webarx_fpage=201 break;
rewrite ^/wp-includes/[^/]+.php$ /index.php?webarx_fpage=202 break;
rewrite ^/wp-content/uploads/(.*)\.php$ /index.php?webarx_fpage=202 break;
rewrite ^/wp-includes/js/tinymce/langs/.+.php /index.php?webarx_fpage=203 break;
rewrite ^/wp-includes/theme-compat/ /index.php?webarx_fpage=204 break;
rewrite ^/debug*.*log$ /index.php?webarx_fpage=502 break;
if ($remote_addr != "18.221.197.243"){
    rewrite ^/(.*)/plugins/(.*)readme\.(txt|html)$ /index.php?webarx_fpage=19 break;
}

# Prevent proxy comments.
if ($http_cookie !~* "^.*wordpress_logged_in.*$"){
    set $blockcomment A;
}
if ($request_method = POST){
    set $blockcomment "${blockcomment}B";
}
if ($http_via){
    set $blockcomment "${blockcomment}C";
}
if ($http_forwarded){
    set $blockcomment "${blockcomment}C";
}
if ($http_useragent_via){
    set $blockcomment "${blockcomment}C";
}
if ($http_x_forwarded_for){
    set $blockcomment "${blockcomment}C";
}
if ($http_x_forwarded_host){
    set $blockcomment "${blockcomment}C";
}
if ($http_proxy_connection){
    set $blockcomment "${blockcomment}C";
}
if ($http_xproxy_connection){
    set $blockcomment "${blockcomment}C";
}
if ($http_http_pc_remote_addr){
    set $blockcomment "${blockcomment}C";
}
if ($http_http_client_ip){
    set $blockcomment "${blockcomment}C";
}
if ($blockcomment ~ "ABC"){
    rewrite ^/wp-comments-post\.php$ /index.php?webarx_fpage=7 break;
}

Source

 

Thanks @eva2000

Contacting the WebARX folks and ask them where to add the rules sounds like a plan. Will post the answer here for future search queries.

Noob question: above the location / {} context, meaning the top-level dir/config structure of the Nginx WP install, so Nginx processes these before it get's to the actual WP PHP files? (I should probably start a "Centmin Mod for Non-Techies" YT channel and make bank like Adam Preiser...)

Borked, as in after adding the WebARX rules in /domain.ext.ssl.conf and restarting Nginx it threw an error and refused to start. Something about "This is an SSL site." Removing these and restarting Nginx seemed to have fixed that, but if you prefer I can dig in the logs and see what they tell.

 

Thanks again for your swift response!

Probably the latter, but I will read up on the documentation in order to confirm my suspicion.

For now, I’m off to bed. Will update this thread when I get an answer from the WebARX folk.

Ciao!

 

Hi @eva2000

After keeping your hint in mind and reading the Centmin Mod docs, I've gone ahead and added the WebARX rules in the

Code:

pre-staticfiles-local-mysite.ext.conf

. For now, it all seems to work.

And I guess when one want's to implement the rules for all sites on the server it could be added to the

Code:

pre-staticfiles-global.conf

.

 

Thanks. Still trying to confirm my method with the WebARX folk tho. Had a busy week, so the actual process of me taking action is slightly delayed...

 

A quick follow-up. The response from the WebARX team is; “Personally I recommend adding it to the "server" context block of the domain that has WordPress installed, after the constant declarations such as listen/server_name/root, before any other location matches.”

So my guess is that the current context I’ve put the rules in is not the best place. Guess I’ll will have to read the CentMin Mod docs and figure this out.

Hoping that future Centmin Mod and WebARX users find this info useful.