Can G6 Firewall be converted to be used on NGINX? - apache

I'm a big fan of the G6 firewall (previously G5) htaccess rules. I was wondering if it would be possible, as well as beneficial, to convert this to be used with NGINX? The source article can be found here: https://perishablepress.com/6g/. If it's possible to rewrite this, would you provide the NGINX equivalent rule set? I think it would be helpful to a lot of developers out there.
Here's the orignal .htaccess rules:
# 6G FIREWALL/BLACKLIST
# # https://perishablepress.com/6g/
# 6G:[QUERY STRINGS]
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{QUERY_STRING} (eval\() [NC,OR]
RewriteCond %{QUERY_STRING} (127\.0\.0\.1) [NC,OR]
RewriteCond %{QUERY_STRING} ([a-z0-9]{2000}) [NC,OR]
RewriteCond %{QUERY_STRING} (javascript:)(.*)(;) [NC,OR]
RewriteCond %{QUERY_STRING} (base64_encode)(.*)(\() [NC,OR]
RewriteCond %{QUERY_STRING} (GLOBALS|REQUEST)(=|\[|%) [NC,OR]
RewriteCond %{QUERY_STRING} (<|%3C)(.*)script(.*)(>|%3) [NC,OR]
RewriteCond %{QUERY_STRING} (\\|\.\.\.|\.\./|~|`|<|>|\|) [NC,OR]
RewriteCond %{QUERY_STRING} (boot\.ini|etc/passwd|self/environ) [NC,OR]
RewriteCond %{QUERY_STRING} (thumbs?(_editor|open)?|tim(thumb)?)\.php [NC,OR]
RewriteCond %{QUERY_STRING} (\'|\")(.*)(drop|insert|md5|select|union) [NC]
RewriteRule .* - [F]
</IfModule>
# 6G:[REQUEST METHOD]
<IfModule mod_rewrite.c>
RewriteCond %{REQUEST_METHOD} ^(connect|debug|delete|move|put|trace|track) [NC]
RewriteRule .* - [F]
</IfModule>
# 6G:[REFERRERS]
<IfModule mod_rewrite.c>
RewriteCond %{HTTP_REFERER} ([a-z0-9]{2000}) [NC,OR]
RewriteCond %{HTTP_REFERER} (semalt.com|todaperfeita) [NC]
RewriteRule .* - [F]
</IfModule>
# 6G:[REQUEST STRINGS]
<IfModule mod_alias.c>
RedirectMatch 403 (?i)([a-z0-9]{2000})
RedirectMatch 403 (?i)(https?|ftp|php):/
RedirectMatch 403 (?i)(base64_encode)(.*)(\()
RedirectMatch 403 (?i)(=\\\'|=\\%27|/\\\'/?)\.
RedirectMatch 403 (?i)/(\$(\&)?|\*|\"|\.|,|&|&?)/?$
RedirectMatch 403 (?i)(\{0\}|\(/\(|\.\.\.|\+\+\+|\\\"\\\")
RedirectMatch 403 (?i)(~|`|<|>|:|;|,|%|\\|\s|\{|\}|\[|\]|\|)
RedirectMatch 403 (?i)/(=|\$&|_mm|cgi-|etc/passwd|muieblack)
RedirectMatch 403 (?i)(&pws=0|_vti_|\(null\)|\{\$itemURL\}|echo(.*)kae|etc/passwd|eval\(|self/environ)
RedirectMatch 403 (?i)\.(aspx?|bash|bak?|cfg|cgi|dll|exe|git|hg|ini|jsp|log|mdb|out|sql|svn|swp|tar|rar|rdf)$
RedirectMatch 403 (?i)/(^$|(wp-)?config|mobiquo|phpinfo|shell|sqlpatch|thumb|thumb_editor|thumbopen|timthumb|webshell)\.php
</IfModule>
# 6G:[USER AGENTS]
<IfModule mod_setenvif.c>
SetEnvIfNoCase User-Agent ([a-z0-9]{2000}) bad_bot
SetEnvIfNoCase User-Agent (archive.org|binlar|casper|checkpriv|choppy|clshttp|cmsworld|diavol|dotbot|extract|feedfinder|flicky|g00g1e|harvest|heritrix|httrack|kmccrew|loader|miner|nikto|nutch|planetwork|postrank|purebot|pycurl|python|seekerspider|siclab|skygrid|sqlmap|sucker|turnit|vikspider|winhttp|xxxyy|youda|zmeu|zune) bad_bot
<limit GET POST PUT>
Order Allow,Deny
Allow from All
Deny from env=bad_bot
</limit>
</IfModule>
# 6G:[BAD IPS]
<Limit GET HEAD OPTIONS POST PUT>
Order Allow,Deny
Allow from All
# uncomment/edit/repeat next line to block IPs
# Deny from 123.456.789
</Limit>
Thank you in advance for your help or thoughts on this and a big shout-out to Perishable Press for writing this htaccess. Thank you!


## Add here all user agents that are to be blocked.
map $http_user_agent $bad_bot {
default 0;
"~*([a-z0-9]{2000})" 1;
~*(archive.org|binlar|casper|checkpriv|choppy|clshttp|cmsworld|diavol|dotbot|extract|feedfinder|flicky|g00g1e|harvest|heritrix|htmlparser|libwww|httrack|kmccrew|loader|miner|nikto|nutch|planetwork|postrank|purebot|pycurl|python|seekerspider|siclab|skygrid|sqlmap|sucker|turnit|vikspider|winhttp|xxxyy|youda|zmeu|zune) 1;
}
## Add here all referrers that are to blocked.
map $http_referer $bad_referer {
default 0;
"~*([a-z0-9]{2000})" 1;
~*(semalt.com|todaperfeita) 1;
}
# query strings that should be blocked
map $query_string $bad_querystring {
default 0;
~*(eval\() 1;
~*(127\.0\.0\.1) 1;
"~*([a-z0-9]{2000})" 1;
"~*(javascript:)(.*)(;)" 1;
~*(base64_encode)(.*)(\() 1;
~*(GLOBALS|REQUEST)(=|\[|%) 1;
~*(<|%3C)(.*)script(.*)(>|%3) 1;
~*(\\|\.\.\.|\.\./|~|`|<|>|\|) 1;
~*(boot\.ini|etc/passwd|self/environ) 1;
~*(thumbs?(_editor|open)?|tim(thumb)?)\.php 1;
~*(\'|\")(.*)(drop|insert|md5|select|union|concat) 1;
}
map $request_uri $bad_request {
default 0;
"~*([a-z0-9]{2000})" 1;
~*(https?|ftp|php):/ 1;
~*(base64_encode)(.*)(\() 1;
~*(=\\\'|=\\%27|/\\\'/?)\. 1;
"~*/(\$(\&)?|\*|\"|\.|,|&|&?)/?$" 1;
~*(\{0\}|\(/\(|\.\.\.|\+\+\+|\\\"\\\") 1;
"~*(~|`|<|>|:|;|,|%|\\|\s|\{|\}|\[|\]|\|)" 1;
~*/(=|\$&|_mm|cgi-|etc/passwd|muieblack) 1;
"~*(&pws=0|_vti_|\(null\)|\{\$itemURL\}|echo(.*)kae|etc/passwd|eval\(|self/environ)" 1;
~*\.(aspx?|bash|bak?|cfg|cgi|dll|exe|git|hg|ini|jsp|log|mdb|out|sql|svn|swp|tar|rar|rdf)$ 1;
~*/(^$|(wp-)?config|mobiquo|phpinfo|shell|sqlpatch|thumb|thumb_editor|thumbopen|timthumb|webshell)\.php 1;
}
map $request_method $not_allowed_method {
default 0;
~*^(connect|debug|delete|move|put|trace|track) 1;
}
Then in the server directive I add this
server {
...
if ($bad_bot) { return 444; }
if ($bad_referer) { return 444; }
if ($bad_querystring) { return 444; }
if ($bad_request) { return 444; }
if ($not_allowed_method) { return 405; }
## Filesystem root of the site and index.
root /home/$DOMAIN/public;
index index.php;
...
}

Related

VueRouter pages not found after reloading on apache

I'm having this issue: when I reload the vue app on the homepage everything works quite well.
When I reload the page on another sub-site, the page shows a 404.
I'm using the router module within my project. I tried adapting the vue.config.js and setting the publicPath to '/' and to ''. When setting it to '/' i cannot replicate the issue locally. when the Path is set to '' I get the same error locally and on apache.
I tried applying some redirect rules and conditions but those which I found online which solved the same issue don't work.
I tried to use a catchall route in my router without success.
Anyone having simular issues? thank you!
Router
import { createRouter, createWebHistory } from 'vue-router'
const routes = [
{
path: '/',
name: 'home',
component: () => import('../views/Home.vue')
},
{
path: '/contact-imprint',
name: 'contact',
component: () => import('../views/Contact.vue')
}
]
const router = createRouter({
history: createWebHistory(process.env.BASE_URL),
routes
})
export default router
vue.config.js
const { defineConfig } = require('#vue/cli-service')
module.exports = defineConfig({
publicPath: '/',
transpileDependencies: true
})
apache config
<VirtualHost *:80>
ServerName domain.io
ServerAlias www.domain.io
ServerAdmin daniel#domain.io
DocumentRoot /var/www/domains/domain/
ErrorLog ${APACHE_LOG_DIR}/error-domain.log
CustomLog ${APACHE_LOG_DIR}/access-domain.log combined
<Directory /var/www/domains/domain/>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>
# my default rewrite cond/rule
RewriteEngine on
RewriteCond %{SERVER_NAME} =domain.io [OR]
RewriteCond %{SERVER_NAME} =www.domain.io
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
# RewriteEngine On
# RewriteBase /
# RewriteRule ^index\.html$ - [L]
# RewriteCond %{REQUEST_FILENAME} !-f
# RewriteCond %{REQUEST_FILENAME} !-d
# RewriteRule . /index.html [L]
# <ifModule mod_rewrite.c>
# RewriteEngline On
# RewriteBase /
# RewriteRule ^index\.html$ - [L]
# RewriteCond %{REQUEST_FILENAME} !-f
# RewriteCond %{REQUEST_FILENAME} !-d
# RewriteRule . /index.html [L]
# </ifModule>
</VirtualHost>

In case it's not enabled
sudo a2enmod rewrite
add rewrite
<Directory /var/www/domain/>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.html$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.html [L]
</Directory>
and restarting services apache2 restart helped me to solve the issue.

coverting .htacess to nginx config

This the htacess code
RewriteEngine on
ErrorDocument 404 /404.php
RewriteRule ^watch/(.*)/([0-9]+)/(.*)/?$ search.php?search=$1&page=$2&token=$3
RewriteRule ^video/(.*)/(.*)/?$ watch.php?link=$1&name=$2
RewriteRule ^privacy/?$ privacy.php
RewriteRule ^dmca/?$ dmca.php
RewriteRule ^contact/?$ contact.php
RewriteRule ^send/?$ send.php
RewriteRule ^surprise/?$ surprise.php
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
what should be the correct nginx config?

nginx configuration
error_page 404 /404.php;
location /watch {
rewrite ^/watch/(.*)/([0-9]+)/(.*)/?$ /search.php?search=$1&page=$2&token=$3;
}
location /video {
rewrite ^/video/(.*)/(.*)/?$ /watch.php?link=$1&name=$2;
}
location /privacy {
rewrite ^/privacy/?$ /privacy.php;
}
location /dmca {
rewrite ^/dmca/?$ /dmca.php;
}
location /contact {
rewrite ^/contact/?$ /contact.php;
}
location /send {
rewrite ^/send/?$ /send.php;
}
location /surprise {
rewrite ^/surprise/?$ /surprise.php;
}
location / {
}

htaccess rewrite to nginx config not working

I'm having a problem converting an appache .htaccess file work with nginx.
The .htaccess file
<ifModule mod_rewrite.c>
Allow from 127.0.0.1
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^index(|/)$ index.php
RewriteRule ^logout(|/)$ logout.php
RewriteRule ^keeping/([^/.]+)(|/)$ keeping.php?s=$1
</ifModule>
My Conversion:
location / {
if (!-e $request_filename){
rewrite ^/index(|/)$ /index.php;
}
}
location /logout {
rewrite ^/logout(|/)$ /logout.php;
}
location /kyhsadminpanel {
rewrite ^/keeping/([^/.]+)(|/)$ /keeping.php?s=$1;
}
doesn't work.
It always shows "404 not found" for url's such as /kyhsadminpanel/keeping/index
and /kyhsadminpanel/keeping/news...

You might want to note you used: https://winginx.com/en/htaccess
I tend to use: https://timmehosting.de/htaccess-converter
Here is the result from them.
if (!-d $request_filename){
set $rule_0 1$rule_0;
}
if (!-f $request_filename){
set $rule_0 2$rule_0;
}
if ($rule_0 = "21"){
rewrite ^/index(|/)$ /index.php ;
}
rewrite ^/logout(|/)$ /logout.php ;
rewrite ^/keeping/([^/.]+)(|/)$ /keeping.php?s=$1 ;

Convert Apache rewrite rules to Nginx

How do I convert these rules from .htaccess (apache) to Nginx conf?
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^([^/]+)/$ $1.html
RewriteRule ^([^/]+)/([^/]+)/$ /$1-$2.html
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !(\.[a-zA-Z0-9]{1,5}|/)$
RewriteRule (.*)$ /$1/ [R=301,L]
I use these rules to rewrite requests like:
/someurl1/ => someurl.html (/company/ to /company.html
/someurl1/someurl2/ => someurl-someurl2.html (/projects/3/ to /projects-3.html)
I've already tried this (doesn't work):
if (!-e $request_filename) {
rewrite ^/([^/]+)/$ /$1.html;
rewrite ^/([^/]+)/([^/]+)/$ /$1-$2.html;
}
try_files $uri $uri/ =404;
Where am I wrong?

I have tested the following and it appears to work:
location / {
try_files $uri $uri/ #rewrite;
}
location #rewrite {
rewrite ^/([^/]+)/$ /$1.html last;
rewrite ^/([^/]+)/([^/]+)/$ /$1-$2.html last;
return 404;
}
The RewriteCond %{REQUEST_FILENAME} !-f test is actually accomplished by the try_files directive.
See this for details.

Convert Apache .htaccess to Nginx

I got the following .htaccess code for a Magento plugin, could someone help me convert it to valid Nginx rewrites? I'm having a really tough time getting this down. It's for a plugin that rewrites and caches Magento URL's.
The original editor of the module couldn't help me. I'm sure there are lots of people using Nginx and wanting to use this plugins functionality!
# static rewrite - home page
RewriteCond %{HTTP_COOKIE} store=default
RewriteCond %{HTTP_COOKIE} !artio_mturbo=.*
RewriteCond %{REQUEST_URI} ^/magento/$
RewriteCond %{QUERY_STRING} !.+
RewriteCond /var/ww/var/turbocache/default.html -f
RewriteRule .* var/turbocache/default.html [L]
# static rewrite - other pages
RewriteCond %{HTTP_COOKIE} store=default
RewriteCond %{HTTP_COOKIE} !artio_mturbo=.*
RewriteCond %{REQUEST_URI} /magento/(.*)\.html$ [NC]
RewriteCond %{QUERY_STRING} !.+
RewriteCond /var/www/var/turbocache/magento/default/%1.html -f
RewriteRule .* var/turbocache/magento/default/%1.html [L]
# store view is choosen by request_path
# static rewrite - home page
RewriteCond %{HTTP_COOKIE} !artio_mturbo=.*
RewriteCond %{REQUEST_URI} ^/magento/default(/|)$
RewriteCond %{QUERY_STRING} !.+
RewriteCond /var/www/var/turbocache/default.html -f
RewriteRule .* var/turbocache/default.html [L]
# static rewrite - other pages
RewriteCond %{HTTP_COOKIE} !artio_mturbo=.*
RewriteCond %{REQUEST_URI} ^/magento/default/(.*)\.html$ [NC]
RewriteCond %{QUERY_STRING} !.+
RewriteCond /var/www/var/turbocache/magento/default/%1.html -f
RewriteRule .* var/turbocache/magento/default/%1.html [L]
#cookie
RewriteCond %{HTTP_COOKIE} !artio_mturbo=.*
RewriteCond %{REQUEST_URI} ^/magento/$
RewriteCond %{QUERY_STRING} !.+
RewriteCond /var/www/var/turbocache/default.html -f
RewriteRule .* var/turbocache/default.html [L]
# rules for default storeview
# static rewrite - home page
RewriteCond %{HTTP_COOKIE} !artio_mturbo=.*
RewriteCond %{REQUEST_URI} /magento/(.*)\.html$ [NC]
RewriteCond %{QUERY_STRING} !.+
RewriteCond /var/www/var/turbocache/magento/default/%1.html -f
RewriteRule .* var/turbocache/magento/default/%1.html [L]
Thanks so far!

if ($http_cookie ~ "store=default"){
set $rule_0 1$rule_0;
}
if ($http_cookie !~ "artio_mturbo=.*"){
set $rule_0 2$rule_0;
}
if ($uri ~ "^/magento/$"){
set $rule_0 3$rule_0;
}
if ($args !~ ".+"){
set $rule_0 4$rule_0;
}
if (-f /var/ww/var/turbocache/default.html){
set $rule_0 5$rule_0;
}
if ($rule_0 = "54321"){
rewrite /.* /var/turbocache/default.html last;
}
if ($http_cookie ~ "store=default"){
set $rule_1 1$rule_1;
}
if ($http_cookie !~ "artio_mturbo=.*"){
set $rule_1 2$rule_1;
}
if ($uri ~* "/magento/(.*).html$"){
set $rule_1 3$rule_1;
}
if ($args !~ ".+"){
set $rule_1 4$rule_1;
}
if (-f /var/www/var/turbocache/magento/default/%1.html){
set $rule_1 5$rule_1;
set $bref_1 $1;
}
if ($rule_1 = "54321"){
rewrite /.* /var/turbocache/magento/default/$bref_1.html last;
}
if ($http_cookie !~ "artio_mturbo=.*"){
set $rule_2 1$rule_2;
}
if ($uri ~ "^/magento/default(/|)$"){
set $rule_2 2$rule_2;
}
if ($args !~ ".+"){
set $rule_2 3$rule_2;
}
if (-f /var/www/var/turbocache/default.html){
set $rule_2 4$rule_2;
}
if ($rule_2 = "4321"){
rewrite /.* /var/turbocache/default.html last;
}
if ($http_cookie !~ "artio_mturbo=.*"){
set $rule_3 1$rule_3;
}
if ($uri ~* "^/magento/default/(.*).html$"){
set $rule_3 2$rule_3;
}
if ($args !~ ".+"){
set $rule_3 3$rule_3;
}
if (-f /var/www/var/turbocache/magento/default/%1.html){
set $rule_3 4$rule_3;
set $bref_1 $1;
}
if ($rule_3 = "4321"){
rewrite /.* /var/turbocache/magento/default/$bref_1.html last;
}
if ($http_cookie !~ "artio_mturbo=.*"){
set $rule_4 1$rule_4;
}
if ($uri ~ "^/magento/$"){
set $rule_4 2$rule_4;
}
if ($args !~ ".+"){
set $rule_4 3$rule_4;
}
if (-f /var/www/var/turbocache/default.html){
set $rule_4 4$rule_4;
}
if ($rule_4 = "4321"){
rewrite /.* /var/turbocache/default.html last;
}
if ($http_cookie !~ "artio_mturbo=.*"){
set $rule_5 1$rule_5;
}
if ($uri ~* "/magento/(.*).html$"){
set $rule_5 2$rule_5;
}
if ($args !~ ".+"){
set $rule_5 3$rule_5;
}
if (-f /var/www/var/turbocache/magento/default/%1.html){
set $rule_5 4$rule_5;
set $bref_1 $1;
}
if ($rule_5 = "4321"){
rewrite /.* /var/turbocache/magento/default/$bref_1.html last;
}
Hope it will work ,good luck。

Here is a converter that give you this from your htaccess. This may give you a solid first base. After that, if you have further question please feel free to write them.