add modsec

Signed-off-by: Zoey <zoey@z0ey.de> Update Dockerfile
2025-08-03 16:03:38 +00:00 · 2023-05-18 17:03:35 +02:00
parent 73842be397
commit 7e6612467f
13 changed files with 151 additions and 114 deletions
--- a/rootfs/usr/local/nginx/conf/conf.d/include/block-exploits.conf
+++ b/rootfs/usr/local/nginx/conf/conf.d/include/block-exploits.conf
@@ -131,6 +131,34 @@ if ($http_user_agent ~ "GrabNet") {
    set $block_user_agents 1;
 }

+if ($http_user_agent ~ "Amazonbot") {
+    set $block_user_agents 1;
+}
+
+if ($http_user_agent ~ "Applebot") {
+    set $block_user_agents 1;
+}
+
+if ($http_user_agent ~ "Bingbot") {
+    set $block_user_agents 1;
+}
+
+if ($http_user_agent ~ "Facebookbot") {
+    set $block_user_agents 1;
+}
+
+if ($http_user_agent ~ "Googlebot") {
+    set $block_user_agents 1;
+}
+
+if ($http_user_agent ~ "LinkedInBot") {
+    set $block_user_agents 1;
+}
+
+if ($http_user_agent ~ "Twitterbot") {
+    set $block_user_agents 1;
+}
+
 if ($block_user_agents = 1) {
    return 403;
 }
--- a/rootfs/usr/local/nginx/conf/conf.d/npm.conf
+++ b/rootfs/usr/local/nginx/conf/conf.d/npm.conf
@@ -12,6 +12,9 @@ server {
    include conf.d/include/force-tls.conf;
    include conf.d/include/tls-ciphers.conf;
    include conf.d/include/block-exploits.conf;
+
+    modsecurity on;
+    modsecurity_rules_file /usr/local/nginx/conf/conf.d/include/modsecurity.conf;
    
    #ssl_certificate ;
    #ssl_certificate_key ;