Tested on UBUNTU 18.04 LTS Server fresh install OVH VPS |
UPDATE 20.10.2019 new whitelist.rule rm /etc/nginx/whitelist.rules && wget --no-check-certificate https://dev.d-dtox.com/nginx/conf/whitelist.rules -O /etc/nginx/whitelist.rules && service nginx restart Fix mag palyback blocked from naxsi FIX compile error whit --with-http_geoip_module |
Install : wget https://dev.d-dtox.com/nginx/script/install.sh && chmod +x install.sh && ./install.sh |
|
After install change into nginx.conf on main server : |
|
nano /home/xtreamcodes/iptv_xtream_codes/nginx/conf/nginx.conf |
after "client_max_body_size 3m;" add : |
real_ip_header X-Forwarded-For; set_real_ip_from ADD-PROXY-IP-ADDRESS-HERE; real_ip_recursive on; |
save and reload nginx |
/home/xtreamcodes/iptv_xtream_codes/nginx/sbin/nginx -s reload |
|
|
HOW TO MAKE WHITELIST RULES for ADMIN panel |
|
on proxy sevrer go to /etc/nginx/nginx.conf |
enable learning mode from #LearningMode; to LearningMode; |
restart nginx |
service nginx restart |
Navigate on ADMIN panel to populate data |
|
Install |
cd /home/nginx-waf |
git clone https://github.com/prajal/nxutil.git |
cd nxutil |
python setup.py install |
after install analize the error.log of nginx whit this command : |
python nx_util.py -l /var/log/nginx/error.log -o -p 1 |
this is make whitelist rules add this on /etc/nginx/whitelist.rules: |
BasicRule wl:16 "mz:$URL:/api.php|BODY"; # total_count:9 (100.0%), peer_count:1 (100.0%) | open square backet ([), possible js BasicRule wl:1310 "mz:$URL:/table_search.php|$ARGS_VAR:columns[0][data]|NAME"; # total_count:7689 (50.42%), peer_count:1 (100.0%) | close square bracket (]), possible js BasicRule wl:1311 "mz:$URL:/table_search.php|ARGS|NAME"; # total_count:7560 (49.58%), peer_count:1 (100.0%) | open square backet ([), possible js BasicRule wl:1310 "mz:$URL:/table_search.php|ARGS|NAME"; |
Disable the lerning mode then restart nginx. |
|
GEO IP ALLOW/BLOCK country |
|
if you need to allow all country comment whit # on /etc/nginx/nginx.conf: |
... #geo $localnet { #default 0; #10.0.0.0/8 1; #192.168.0.0/16 1; #} ... #include geoblock; ... |
save and restart nginx |
service nginx restart |
if need to allow specified country only uncomment on /etc/nginx/nginx.conf |
... geo $localnet { default 0; 10.0.0.0/8 1; 192.168.0.0/16 1; } ... include geoblock; ... |
then edit /etc/nginx/geoblock and set allow country es. (EN|IT|UK) : |
... if ($geoip_country_code !~ (EN|IT|UK)) { ... |
save and restart nginx |
service nginx restart |
if need to block USA country but need to enable only specified ip edit /etc/nginx/nginx.conf: |
... geo $localnet { default 0; 10.0.0.0/8 1; 192.168.0.0/16 1; 222.222.222.222 1; # Add ip or network to allow } ... |
save and restart nginx |
service nginx restart |