Веб Защита вашего сайта от копирования

Для joomla nginx конфиг:

Спойлер: site.conf

Код:

server {
        listen       80;
        server_name  site.ru;
        server_name_in_redirect on;
        server_tokens off;
        root   /var/nginx/www/sites/oldsite/site.ru/site/site;
        access_log /var/nginx/www/sites/oldsite/site.ru/site/access.log;
        error_log /var/nginx/www/sites/oldsite/site.ru/site/error.log;
        index index.php index.html index.htm;
        error_page 404 = http://site.ru/404.html;
        #error_page 403 = /15-errors/9-403-forbidden.html;
        # Support Clean (aka Search Engine Friendly) URLs
    
######################################################################
## Redirect www to non-www
######################################################################
if ($host = 'www.site.ru' ) {
        rewrite ^/(.*)$ $scheme://site.ru/$1 permanent;
}


#       location /administrator {
    #allow 127.0.0.1;
#    deny all;
#    return 404;
#}         

if ($request_method !~ ^(GET|HEAD|POST)$ ) {
return 444;
}
# Но если вдруг окажется, что нет, то вот весь диапозон buildwith.com.
# Если решили перестраховаться и вписать весь диапозон, то предыдущий IP
# вписывать не надо, он входит в диапозон ниже:
deny 198.22.98.0/23;
deny 198.22.100.0/22;
deny 198.22.104.0/21;
deny 198.22.112.0/20;
deny 198.22.128.0/17;
deny 198.23.0.0/16;
deny 198.24.0.0/13;
deny 198.32.0.0/14;
deny 198.36.0.0/19;  

# Блокируем менеджеры загрузки
if ($http_user_agent ~* LWP::Simple|BBBike|wget) {
return 403;
}
# Блокируем некоторые типы ботов
if ($http_user_agent ~* msnbot|scrapbot|SputnikBot) {
return 403;
}
# Секция server
if ( $http_referer ~* (babes|forsale|girl|jewelry|love|nudit|organic|poker|porn|sex|teen) )
{
return 403;
}

#location ~* ^/(administrator)($|\/) {deny all; return 404;}

        location ~ \.php$ {
            try_files $uri =404;
            fastcgi_pass  127.0.0.1:9000;
            fastcgi_cache  one;
            fastcgi_cache_min_uses 3;
            fastcgi_cache_valid 200 301 302 304 5m;
            fastcgi_cache_key "$request_method|$host|$request_uri";

#Если не использовать эту опцию - то в форумах все будут сидеть под именем первого вошедшего на форум
            #fastcgi_hide_header "Set-Cookie";

            fastcgi_index index.php;
            include /etc/nginx/fastcgi_params;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            fastcgi_ignore_client_abort     off;
            include /etc/nginx/fastcgi.conf;
        }

### ===========================================================================
### Security Enhanced & Highly Optimized NginX Configuration File for Joomla!
### automatically generated by Admin Tools 3.8.3 on 2016-05-08 08:57:33 GMT
### ===========================================================================
###
### Admin Tools is Free Software, distributed under the terms of the GNU
### General Public License version 3 or, at your option, any later version
### published by the Free Software Foundation.
###
### !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! IMPORTANT !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
### !!                                                                       !!
### !!  If you get an Internal Server Error 500 or a blank page when trying  !!
### !!  to access your site, remove this file and try tweaking its settings  !!
### !!  in the back-end of the Admin Tools component.                        !!
### !!                                                                       !!
### !!  Remember to include this file in your site's configuration file.     !!
### !!  Also remember to reload or restart NginX after making any change to  !!
### !!  this file.                                                           !!
### !!                                                                       !!
### !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
###

### Prevent access to this file

location = /nginx.conf {
    log_not_found off;
    access_log off;
    return 404;
    break;
}

location = /nginx.conf.admintools {
    log_not_found off;
    access_log off;
    return 404;
    break;
}
######################################################################
## Protect against common file injection attacks
######################################################################
set $file_injection 0;
if ($query_string ~ "[a-zA-Z0-9_]=http://") {
    set $file_injection 1;
}
if ($query_string ~ "[a-zA-Z0-9_]=(\.\.//?)+") {
    set $file_injection 1;
}
if ($query_string ~ "[a-zA-Z0-9_]=/([a-z0-9_.]//?)+") {
    set $file_injection 1;
}
if ($file_injection = 1) {
    return 403;
    break;
}
######################################################################
## Disable PHP Easter Eggs
######################################################################
if ($query_string ~ "\=PHP[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}") {
    return 403;
    break;
}
######################################################################
## Block access to configuration.php-dist and htaccess.txt
######################################################################
location = /configuration.php-dist {
    log_not_found off;
    access_log off;
    return 404;
    break;
}

location = /htaccess.txt {
    log_not_found off;
    access_log off;
    return 404;
    break;
}

location = /web.config {
    log_not_found off;
    access_log off;
    return 404;
    break;
}

location = /configuration.php {
    log_not_found off;
    access_log off;
    return 404;
    break;
}

location = /CONTRIBUTING.md {
    log_not_found off;
    access_log off;
    return 404;
    break;
}

location = /joomla.xml {
    log_not_found off;
    access_log off;
    return 404;
    break;
}

location = /LICENSE.txt {
    log_not_found off;
    access_log off;
    return 404;
    break;
}

location = /phpunit.xml {
    log_not_found off;
    access_log off;
    return 404;
    break;
}

location = /README.txt {
    log_not_found off;
    access_log off;
    return 404;
    break;
}

location = /web.config.txt {
    log_not_found off;
    access_log off;
    return 404;
    break;
}
## Protect against clickjacking
add_header X-Frame-Options SAMEORIGIN;
######################################################################
## Directory indices and no automatic directory listings
## Forces index.php to be read before the index.htm(l) files
## Also disables showing files in a directory automatically
######################################################################
#index index.php index.html index.htm;
######################################################################
## Set default expiration time
######################################################################
# CSS and JavaScript : 1 week
location ~* \.(css|js)$ {
        access_log off; log_not_found off;
        expires 1w;
}

# Image files : 1 month
location ~* \.(bmp|gif|jpg|jpeg|jp2|png|svg|tif|tiff|ico|wbmp|wbxml|smil)$ {
        access_log off; log_not_found off;
        expires 1M;
}

# Document files : 1 month
location ~* \.(pdf|txt|xml)$ {
        access_log off; log_not_found off;
        expires 1M;
}

# Audio files : 1 month
location ~* \.(mid|midi|mp3|m4a|m4r|aif|aiff|ra|wav|voc|ogg)$ {
        access_log off; log_not_found off;
        expires 1M;
}

# Video files : 1 month
location ~* \.(swf|vrml|avi|mkv|mpg|mpeg|mp4|m4v|mov|asf)$ {
        access_log off; log_not_found off;
        expires 1M;
}######################################################################
## Automatic compression of static resources
## Compress text, html, javascript, css, xml and other static resources
## May kill access to your site for old versions of Internet Explorer
######################################################################
# The following is the actual automatic compression setup
gzip            on;
gzip_vary        on;
gzip_comp_level 6;
gzip_proxied    expired no-cache no-store private auth;
gzip_min_length 1000;
gzip_http_version 1.1;
gzip_types      text/plain text/css application/xhtml+xml application/xml+rss application/rss+xml application/x-javascript application/javascript text/javascript application/json text/xml application/xml image/svg+xml;
gzip_buffers    16 8k;
gzip_disable "MSIE [1-6]\.(?!.*SV1)";
######################################################################
## Reduce MIME type security risks
add_header X-Content-Type-Options "nosniff";
## Reflected XSS prevention
add_header X-XSS-Protection "1; mode=block";
## Prevent content transformation
add_header Cache-Control "no-transform";
# -- Timeout handling, see http://wiki.nginx.org/HttpCoreModule
client_header_timeout 10;
client_body_timeout   10;
send_timeout          30;
keepalive_timeout     30s;
# -- Socket settings, see http://wiki.nginx.org/HttpCoreModule
connection_pool_size        8192;
client_header_buffer_size   4k;
large_client_header_buffers 8 8k;
request_pool_size           8k;
# -- Performance, see http://wiki.nginx.org/HttpCoreModule
sendfile on;
sendfile_max_chunk 1m;
postpone_output 0;
tcp_nopush on;
tcp_nodelay on;
# -- Output buffering, see http://wiki.nginx.org/HttpCoreModule
output_buffers 8 32k;
# -- Character encoding, see http://wiki.nginx.org/HttpCharsetModule
charset                 utf-8;
source_charset          utf-8;
# -- Security options, see http://wiki.nginx.org/HttpCoreModule
ignore_invalid_headers on;
# -- Maximum client body size set to 1 Gigabyte
client_max_body_size 1G;
set $common_exploit 0;
if ($query_string ~ "proc/self/environ") {
    set $common_exploit 1;
}
if ($query_string ~ "mosConfig_[a-zA-Z_]{1,21}(=|\%3D)") {
    set $common_exploit 1;
}
if ($query_string ~ "base64_(en|de)code\(.*\)") {
    set $common_exploit 1;
}
if ($query_string ~ "(<|%3C).*script.*(>|%3E)") {
    set $common_exploit 1;
}
if ($query_string ~ "GLOBALS(=|\[|\%[0-9A-Z]{0,2})") {
    set $common_exploit 1;
}
if ($query_string ~ "_REQUEST(=|\[|\%[0-9A-Z]{0,2})") {
    set $common_exploit 1;
}
if ($common_exploit = 1) {
    return 403;
}
## Enable SEF URLs
location / {
    try_files $uri $uri/ /index.php?$args;
}
location ~* /index.php$ {
    fastcgi_pass   127.0.0.1:9000;
    break;
}
######################################################################
## Advanced server protection rules exceptions
######################################################################
location = /administrator\/components\/com_akeeba\/restore\.php {
    fastcgi_pass   127.0.0.1:9000;
    break;
}
location = /administrator\/components\/com_admintools\/restore\.php {
    fastcgi_pass   127.0.0.1:9000;
    break;
}
location = /administrator\/components\/com_joomlaupdate\/restore\.php {
    fastcgi_pass   127.0.0.1:9000;
    break;
}
location ~* ^/templates\/prostar/.*$
{
    break;
}
#location ~* ^/administrator\/.*$
#{
#        return 404;
#}
######################################################################
## Advanced server protection
######################################################################
# Allow media files in select back-end directories
location ~* ^/administrator/(components|modules|templates|images|plugins)/.*.(jpe|jpg|jpeg|jp2|jpe2|png|gif|bmp|css|js|swf|html|mpg|mp3|mpeg|mp4|avi|wav|ogg|ogv|xls|xlsx|doc|docx|ppt|pptx|zip|rar|pdf|xps|txt|7z|svg|odt|ods|odp|flv|mov|htm|ttf|woff|woff2|eot|JPG|JPEG|PNG|GIF|CSS|JS|TTF|WOFF|WOFF2|EOT)$ {
    break;
}


location ~* ^/administrator$ {
    return 301 /administrator/index.php;
}
location ~* ^/administrator/$ {
    return 301 /administrator/index.php;
}

# Disable access to everything else.
# Disable access to everything else.
location ~* /administrator.*$ {
        # If it is a file, directory or symlink and I haven't deliberately
        # enabled access to it, forbid any access to it!
        if (-e $request_filename) {
                return 403;
        }
        # In any other case, just treat as a SEF URL
        try_files $uri $uri/ /administrator/index.php?$args;
}
# Allow media files in select front-end directories
location ~* ^/(components|modules|templates|images|plugins|media|libraries|media/jui/fonts)/.*.(jpe|jpg|jpeg|jp2|jpe2|png|gif|bmp|css|js|swf|html|mpg|mp3|mpeg|mp4|avi|wav|ogg|ogv|xls|xlsx|doc|docx|ppt|pptx|zip|rar|pdf|xps|txt|7z|svg|odt|ods|odp|flv|mov|ico|htm|ttf|woff|woff2|eot|JPG|JPEG|PNG|GIF|CSS|JS|TTF|WOFF|WOFF2|EOT)$ {
    break;
}

## Disallow front-end access for certain Joomla! system directories (unless access to their files is allowed above)
location ~* ^/includes/js/ {
    return 403;
}
location ~* ^/(cache|includes|language|logs|log|tmp)/ {
    return 403;
}

# Disable access to everything else.
location ~* ^/.*$ {
    # If it is a file, directory or symlink and I haven't deliberately
    # enabled access to it, forbid any access to it!
    #if (-e $request_filename) {
    #    return 403;
    #}
    # In any other case, just treat as a SEF URL
    try_files $uri $uri/ /index.php?$args;
}
##### Advanced server protection -- END
}

Google PageSpeed Insights выдаёт
для мобильных
Скорость - 79 / 100
Удобство для пользователей - 95 / 100
и для настольных
Рекомендации - 93 / 100

 

В чем смысл этого?

Спойлер

Код:

location = /htaccess.txt {
    log_not_found off;
    access_log off;
    return 404;
    break;
}
location = /web.config {
    log_not_found off;
    access_log off;
    return 404;
    break;
}
location = /configuration.php {
    log_not_found off;
    access_log off;
    return 404;
    break;
}
location = /CONTRIBUTING.md {
    log_not_found off;
    access_log off;
    return 404;
    break;
}
location = /joomla.xml {
    log_not_found off;
    access_log off;
    return 404;
    break;
}
location = /LICENSE.txt {
    log_not_found off;
    access_log off;
    return 404;
    break;
}
location = /phpunit.xml {
    log_not_found off;
    access_log off;
    return 404;
    break;
}
location = /README.txt {
    log_not_found off;
    access_log off;
    return 404;
    break;
}
location = /web.config.txt {
    log_not_found off;
    access_log off;
    return 404;
    break;
}

 

Лень удалять. Да и запросы в логах от ботов светятся.

 

Удалить легче чем прописать в конфиг. Имхо. Ну да ладно.