Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Nginx deny list pr devel #593

Open
wants to merge 106 commits into
base: devel
Choose a base branch
from
Open

Nginx deny list pr devel #593

Changes from all commits
Commits
Show all changes
106 commits
Select commit Hold shift + click to select a range
b2db7eb
GitHub Actions - Rebuilt documentation.
ce-jenkins Nov 10, 2021
195ff54
Need to check if is_local is defined in webserver meta dependencies. …
EmlynK Jan 5, 2022
a21e8d1
Ce dev refactor pr 1.x (#518)
gregharvey Jan 5, 2022
cb681f8
Adding backup handling to ldap_server. (#525)
gregharvey Jan 10, 2022
f134be0
Allowing 'gitLab' to disable Prometheus. (#530)
gregharvey Jan 17, 2022
450d409
GitHub Actions - Rebuilt documentation. (#526)
github-actions[bot] Jan 17, 2022
965d7b2
Prometheus pr 1.x (#533)
gregharvey Jan 17, 2022
cbb386d
Add private files support for Drupal in Nginx. (#535)
EmlynK Jan 18, 2022
8904ba8
Prometheus pr 1.x (#539)
gregharvey Jan 18, 2022
df86ca3
Removing our unused ClamAV roles and adding a Galaxy role to common b…
gregharvey Jan 25, 2022
c0e8b06
Revert "Moving OSSEC pkill to use process_manager role instead. (#258…
gregharvey Jan 27, 2022
9b41cf7
Moving key servers to a variable so we can set them. (#555)
gregharvey Feb 3, 2022
7804c19
Adding a reboot option to the patching role. (#557)
gregharvey Feb 7, 2022
71d1ea7
Add minimal support for Aurora RDS instances (#567)
EmlynK Feb 7, 2022
81ee940
Gpg servers fix pr 1.x (#571)
gregharvey Feb 8, 2022
c268b54
Support termination protection in EC2. (#573)
gregharvey Feb 8, 2022
43eaefa
Fix managed SSL key perms and the variable used for the private key. …
EmlynK Feb 8, 2022
f61e540
Ec2 subnet lookup pr 1.x (#583)
gregharvey Feb 10, 2022
c75366e
Ec2 subnet lookup pr 1.x (#589)
gregharvey Feb 10, 2022
4ea0d3c
Fixing gitlab-runner overriders so upgrades do not break the runner. …
gregharvey Feb 10, 2022
9b10e44
Gitlab runner service override pr 1.x (#591)
gregharvey Feb 10, 2022
3f6d9a2
uncommenting deny blocks in nginx
Feb 17, 2022
8cc1766
Merge branch 'devel' into nginx_deny_list-PR-devel
Feb 17, 2022
c48881c
Merge branch 'nginx_deny_list' into nginx_deny_list-PR-devel
Feb 17, 2022
565f1f7
Pass db_cluster_identifier for RDS instance during ASG build (#600)
EmlynK Feb 22, 2022
1c12e38
Also pass in the aurora_reader var from the ASG role when including t…
EmlynK Feb 22, 2022
3c26300
Removing obsolete MySQL config option log_syslog from template. (#607)
gregharvey Feb 24, 2022
ed5399f
GitHub Actions - Rebuilt documentation. (#536)
github-actions[bot] Feb 25, 2022
fdf42d9
Consistent default region pr 1.x (#611)
gregharvey Feb 25, 2022
7ef4684
Merge branch 'documentation' into 1.x
gregharvey Feb 25, 2022
63c7193
No need for region, IAM SAML setup is global, (#617)
gregharvey Feb 25, 2022
f56b598
Support ebs encryption pr 1.x (#609)
gregharvey Feb 25, 2022
08c75ca
Allow install|update scripts in Drupal8+ (#599)
DionisioFG Feb 25, 2022
9f3e42b
Add some flexibility to Packer (#633)
EmlynK Mar 11, 2022
e424190
Making PHP >= 8.0 compatible (#634)
DionisioFG Mar 15, 2022
fac4796
Packer VPC filtering (#638)
EmlynK Mar 16, 2022
756241f
Cert management pr 1.x (#640)
gregharvey Mar 16, 2022
63621d7
Cert management pr 1.x (#642)
gregharvey Mar 16, 2022
9d46788
Cert management pr 1.x (#644)
gregharvey Mar 16, 2022
9e8a27f
Cert management pr 1.x (#647)
gregharvey Mar 18, 2022
f097e1d
Fix Nginx auth_message in vhost (#653)
EmlynK Mar 18, 2022
532229a
Cert management pr 1.x (#655)
gregharvey Mar 23, 2022
663fc4f
Adding options to disable sign-up, sign-in and private projects. (#663)
gregharvey Apr 1, 2022
10ce129
Making ALB healthchecks optional and defaulting to disabled. (#670)
gregharvey Apr 7, 2022
de14da6
Remove alb healthchecks pr 1.x (#673)
gregharvey Apr 7, 2022
566684b
Allow user to set cachetool version in the opcache role. (#665)
gregharvey Apr 13, 2022
5c56b06
Adding a 'repack' option for AMIs and ASGs. (#675)
gregharvey Apr 14, 2022
83f4ef1
Ami repack option pr 1.x (#707)
gregharvey Apr 19, 2022
e36e2ae
Editing GitLab config so LE is enabled and auto-renewing by default. …
gregharvey Apr 19, 2022
5bbe9c4
Provide profile and region when creating an RDS parameter group, and …
EmlynK Apr 19, 2022
7b93804
Add a task in ASG role to add an Aurora RDS endpoint. (#714)
EmlynK Apr 20, 2022
6ea4756
Ssl le fixes pr 1.x (#725)
gregharvey Apr 22, 2022
555af72
Move drupal8 install/update config to drupal_common under if local bl…
EmlynK Apr 29, 2022
2746c5c
WIP: 58848 apache role pr 1.x (#667)
gregharvey May 4, 2022
f0075c9
Extending SG behaviour to RDS and EFS SGs in an ASG. (#735)
gregharvey May 6, 2022
42559e9
Turn off HTTP auth in Nginx vhosts when certbot is used (#738)
EmlynK May 17, 2022
5bfbb1f
R57692 cloudfront log format pr 1.x (#742)
nfawbert May 23, 2022
f9ed292
We must not merge www.example.com with ssl.domain - there's only one …
gregharvey May 31, 2022
c0dc3c5
Fix tar perms pr 1.x (#745)
gregharvey May 31, 2022
9ce28eb
SGs might not have inbound rules, allow them to be missing. (#756)
gregharvey Jun 2, 2022
1c0d1e5
Speed up gitlab config pr 1.x (#757)
gregharvey Jun 2, 2022
e8b2dd6
Accelerate asg deregistration pr devel (#760) (#761)
gregharvey Jun 14, 2022
8b7f979
Force install of latest CloudWatch Agent regardless of current versio…
gregharvey Jun 16, 2022
2e7382f
Accelerate asg deregistration pr 1.x (#766)
gregharvey Jun 16, 2022
f215b10
Support RDS parameter groups in ASG builds (#775)
EmlynK Jun 17, 2022
2da2693
Squashfs pr 1.x (#764)
gregharvey Jun 20, 2022
76ebef5
Delete .DS_Store
gregharvey Jun 30, 2022
329b46e
Delete ce-provision-publish-docs.yml
gregharvey Jun 30, 2022
7022249
Simplifying docs building.
gregharvey Jun 30, 2022
83a0a4f
GitHub Actions (Greg local) - Rebuilt documentation.
gregharvey Jun 30, 2022
bf3cf09
Merge branch '1.x' of https://github.com/codeenigma/ce-provision into…
gregharvey Jun 30, 2022
3d4ac46
Build preservation behaviour seems to mess up perms. (#778)
gregharvey Jul 1, 2022
e68d561
Adding a 'state' filter to NAT gateway lookup. (#780)
gregharvey Jul 1, 2022
7d6e2e9
Allowing ce-provision to skip creating users for Ansible scripts. (#782)
gregharvey Jul 13, 2022
6a7155c
Gitlab Runner default username using the wrong var. (#784)
gregharvey Jul 22, 2022
c061b3d
Organising and fixing docs and defaults for Postfix. (#786)
gregharvey Jul 26, 2022
78a3eff
Postfix tidy pr 1.x (#790)
gregharvey Jul 27, 2022
c992180
r62347 fix postfix email delivery (#792)
nfawbert Aug 3, 2022
ae4a6de
Implement awscli version support (#794)
EmlynK Aug 9, 2022
80423d0
Temporarily pinning amazon.aws collection to version 4.0.0 - see http…
gregharvey Aug 10, 2022
19325b8
Attempting to sort out the init/ce-provision vars confusion. (#799)
gregharvey Sep 5, 2022
bbabbba
Fix debian release issues pr 1.x (#803)
gregharvey Sep 14, 2022
ff1f198
Linting fixes pr 1.x (#805)
gregharvey Sep 15, 2022
f2109a2
Linting fixes pr 1.x (#814)
gregharvey Sep 15, 2022
fae3fb1
Nginx conf custom directives and remove deprecated Apache directive (…
EmlynK Sep 21, 2022
eb1828e
Create aws_elb role (#819)
EmlynK Sep 21, 2022
e32b3b6
Provide ability to create an ASG without creating an ELB (#821)
EmlynK Sep 26, 2022
5d46472
IPv6 support (#830)
EmlynK Sep 29, 2022
841af77
Linting fixes pr 1.x (#832)
gregharvey Sep 30, 2022
274c76f
IPv6 fixes (#835)
EmlynK Oct 3, 2022
277772c
Npm support pr 1.x (#838)
gregharvey Oct 4, 2022
03ccb0a
Incorrect variable name for SSH keys. (#840)
gregharvey Oct 6, 2022
110fb43
Supporting private keys in user_ansible. (#842)
gregharvey Oct 6, 2022
0461c4a
Support private keys pr 1.x (#846)
gregharvey Oct 6, 2022
ea61738
Make aws_cli a dependency for CE tools roles. (#849)
gregharvey Oct 17, 2022
6ddb39e
Supporting opcache variables for PHP-FPM and CLI. (#855)
gregharvey Nov 14, 2022
61b21a6
make_nginx_ssl_protocols_modifiable (#856)
tymofiisobchenko Nov 14, 2022
d4dd95b
Fixing namespaces. (#858)
gregharvey Dec 26, 2022
082f8f4
Suppress ec2 creation pr 1.x (#868)
gregharvey Dec 26, 2022
bf60cc8
Removing EC2 modules that are now available directly. (#873)
gregharvey Dec 26, 2022
c37850a
Linting fixes pr 1.x (#875)
gregharvey Dec 26, 2022
1fa93ed
Fixing linting and namespacing for EFS role. (#851)
gregharvey Dec 26, 2022
dafeebb
Merge branch '1.x' into nginx_deny_list
gregharvey Dec 26, 2022
368ef89
Merge branch 'devel' into nginx_deny_list-PR-devel
gregharvey Dec 26, 2022
e9cd093
Merge branch 'nginx_deny_list' into nginx_deny_list-PR-devel
gregharvey Dec 26, 2022
05abf2f
Merge branch 'nginx_deny_list-PR-devel' of github.com:codeenigma/ce-p…
gregharvey Dec 26, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 6 additions & 6 deletions roles/nginx/templates/drupal_common.j2
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -111,11 +111,11 @@ location = /robots.txt {
}

# Deny listed requests for security reasons.
# location ~* (?:delete.+from|insert.+into|select.+from|union.+select|onload|\.php.+src|system\(.+|document\.cookie|\;|\.\.) {
# return 403;
# }
location ~* (?:delete.+from|insert.+into|select.+from|union.+select|onload|\.php.+src|system\(.+|document\.cookie|\;|\.\.) {
return 403;
}

# Deny listed requests for security reasons.
# location ~* (/\..*|settings\.php$|settings\.php\..*$|web\.config|composer\..*|\.(?:git|htaccess|engine|inc|info|install|module|profile|pl|po|sh|.*sql|theme|tpl(?:\.php)?|xtmpl)$|^(?:Entries.*|Repository|Root|Tag|Template))$ {
# return 403;
#}
location ~* (/\..*|settings\.php$|settings\.php\..*$|web\.config|composer\..*|\.(?:git|htaccess|engine|inc|info|install|module|profile|pl|po|sh|.*sql|theme|tpl(?:\.php)?|xtmpl)$|^(?:Entries.*|Repository|Root|Tag|Template))$ {
return 403;
}