Skip to content

Instantly share code, notes, and snippets.

/nginx.conf Secret

Created April 7, 2014 15:25
Show Gist options
  • Save anonymous/5ed826cdb036467e6903 to your computer and use it in GitHub Desktop.
Save anonymous/5ed826cdb036467e6903 to your computer and use it in GitHub Desktop.
server {
listen 443 spdy;
listen 80;
server_name foo.org www.foo.org;
root /home/site/public;
#if ($request_method !~ "^(GET|HEAD|POST)$" ) { return 444; }
if ($https != 'on') { return 301 https://www.foo.org$request_uri; }
# ANTI CSRF HACK
valid_referers none blocked foo.org www.foo.org;
set $possible_csrf "";
if ($invalid_referer) { set $possible_csrf 1; }
if ($request_method = POST) { set $possible_csrf "${possible_csrf}2"; }
if ($possible_csrf = 12) { return 403; }
# Strict Transport Security
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains";
ssl_certificate /sites-data/nginx/foo.org.crt;
ssl_certificate_key /sites-data/nginx/foo.org.key;
set $private_dir sites/default/files/_private;
include /etc/nginx/apps/drupal.conf;
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment