WAF Config
Config Nginx WAF:
!! Ubah xxx dengan Endpoint Website
!! Sesuaikan IP & Port dengan Main Server yang Dituju.
server {
listen 80;
server_name xxx.co.id;
location / {
rewrite ^/(.*)$ https://$host$1 permanent;
}
}
server {
listen 443 ssl;
server_name xxx.co.id;
#ModSecurity Qe3
access_log /var/log/situs/xxx.co.id_access.log;
error_log /var/log/situs/xxx.co.id_error.log;
# change these paths!
ssl_certificate /etc/ssl/qe3.crt;
ssl_certificate_key /etc/ssl/qe3.key;
ssl_session_timeout 5m;
location / {
proxy_pass http://IP:8080;
proxy_set_header Host xxx.co.id;
proxy_set_header Referer http://IP:8080;
proxy_set_header User-Agent $http_user_agent;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Accept-Encoding "";
proxy_set_header Accept-Language $http_accept_language;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
}
#Redirect to IP Subfolder Code Igniter
location /subfolder {
proxy_pass http://IP:8080/subfolder;
}
}
Config Nginx Main Server
server {
listen 8080 default_server;
root /home/xxx;
index index.html index.htm index.php;
server_name _;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location /subfolder {
try_files $uri $uri/ /subfolder/index.php?$query_string;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
#Sesuaikan IP & Port dengan IP PHP yang Digunakan
fastcgi_pass 127.0.0.1:9999;
}
location ~ /\.ht {
deny all;
}
}