hosting-firewall-wordpress-2

src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-wordpress-2.stpl

@@ -0,0 +1,95 @@
+server {
+    listen      %ip%:%proxy_ssl_port% ssl http2;
+    server_name %domain_idn% %alias_idn%;
+    # ssl         on;
+    ssl_certificate      %ssl_pem%;
+    ssl_certificate_key  %ssl_key%;
+    error_log  /var/log/%web_system%/domains/%domain%.error.log error;
+
+    location / {
+        error_page 418 = @wordfence_lh;
+        error_page 419 = @wordfence_route;
+        error_page 420 = @wordfence_sync;
+
+        if ($request_uri ~ "^/\?wordfence_lh") { return 418; }
+        if ($request_uri ~ "^/\?rest_route=%2Fwordfence") { return 419; }
+        if ($request_uri ~ "^/\?wordfence_syncAttackData") { return 420; }
+
+        limit_conn addr 10;
+        limit_conn zone_site 30;
+        limit_req zone=one burst=28 delay=14;
+        proxy_pass      https://%ip%:%web_ssl_port%;
+    }
+
+    location /wp-admin/ {
+        limit_conn addr 48;
+        limit_conn zone_site 60;
+        limit_req zone=one burst=80 delay=14;
+        proxy_pass      https://%ip%:%web_ssl_port%;
+    }
+
+    location /wp-json/ {
+        limit_conn addr 16;
+        limit_conn zone_site 30;
+        limit_req zone=one burst=80 delay=14;
+        proxy_pass      https://%ip%:%web_ssl_port%;
+    }
+
+    location @wordfence_lh {
+        limit_conn addr 16;
+        limit_conn zone_site 30;
+        limit_req zone=wfone burst=240;
+        proxy_pass      https://%ip%:%web_ssl_port%;
+    }
+
+    location @wordfence_route {
+        limit_conn addr 16;
+        limit_conn zone_site 30;
+        limit_req zone=wfone burst=240;
+        proxy_pass      https://%ip%:%web_ssl_port%;
+    }
+
+    location @wordfence_sync {
+        limit_conn addr 16;
+        limit_conn zone_site 30;
+        limit_req zone=wfone burst=240;
+        proxy_pass      https://%ip%:%web_ssl_port%;
+    }
+
+    location /wp-json/wordfence/ {
+        limit_conn addr 16;
+        limit_conn zone_site 30;
+        limit_req zone=wfone burst=240;
+        proxy_pass      https://%ip%:%web_ssl_port%;
+    }
+
+    location ~* ^.+\.(%proxy_extentions%)$ {
+        root           %sdocroot%;
+        access_log     /var/log/%web_system%/domains/%domain%.log combined;
+        access_log     /var/log/%web_system%/domains/%domain%.bytes bytes;
+        expires        max;
+        # try_files      $uri @fallback;
+    }
+
+    location /error/ {
+        alias   %home%/%user%/web/%domain%/document_errors/;
+    }
+
+    location @fallback {
+        proxy_pass      https://%ip%:%web_ssl_port%;
+    }
+
+    location ~ /wp-config.php    {return 404;}
+    location ~ /xmlrpc.php       {return 404;}
+    location ~ /\.ht    {return 404;}
+    location ~ /\.env   {return 404;}
+    location ~ /\.svn/  {return 404;}
+    location ~ /\.git/  {return 404;}
+    location ~ /\.hg/   {return 404;}
+    location ~ /\.bzr/  {return 404;}
+
+    disable_symlinks if_not_owner from=%docroot%;
+
+    include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt;
+    include %home%/%user%/conf/web/s%proxy_system%.%domain%.conf*;
+}

src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-wordpress-2.tpl

@@ -0,0 +1,8 @@
+server {
+    listen      %ip%:%proxy_port%;
+    server_name %domain_idn% %alias_idn%;
+    location / {
+        rewrite ^(.*) https://$host$1 permanent;
+    }
+include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt;
+}

src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-wordpress-2.stpl

@@ -0,0 +1,95 @@
+server {
+    listen      %ip%:%proxy_ssl_port% ssl http2;
+    server_name %domain_idn% %alias_idn%;
+    # ssl         on;
+    ssl_certificate      %ssl_pem%;
+    ssl_certificate_key  %ssl_key%;
+    error_log  /var/log/%web_system%/domains/%domain%.error.log error;
+
+    location / {
+        error_page 418 = @wordfence_lh;
+        error_page 419 = @wordfence_route;
+        error_page 420 = @wordfence_sync;
+
+        if ($request_uri ~ "^/\?wordfence_lh") { return 418; }
+        if ($request_uri ~ "^/\?rest_route=%2Fwordfence") { return 419; }
+        if ($request_uri ~ "^/\?wordfence_syncAttackData") { return 420; }
+
+        limit_conn addr 10;
+        limit_conn zone_site 30;
+        limit_req zone=one burst=28 delay=14;
+        proxy_pass      https://%ip%:%web_ssl_port%;
+    }
+
+    location /wp-admin/ {
+        limit_conn addr 48;
+        limit_conn zone_site 60;
+        limit_req zone=one burst=80 delay=14;
+        proxy_pass      https://%ip%:%web_ssl_port%;
+    }
+
+    location /wp-json/ {
+        limit_conn addr 16;
+        limit_conn zone_site 30;
+        limit_req zone=one burst=80 delay=14;
+        proxy_pass      https://%ip%:%web_ssl_port%;
+    }
+
+    location @wordfence_lh {
+        limit_conn addr 16;
+        limit_conn zone_site 30;
+        limit_req zone=wfone burst=240;
+        proxy_pass      https://%ip%:%web_ssl_port%;
+    }
+
+    location @wordfence_route {
+        limit_conn addr 16;
+        limit_conn zone_site 30;
+        limit_req zone=wfone burst=240;
+        proxy_pass      https://%ip%:%web_ssl_port%;
+    }
+
+    location @wordfence_sync {
+        limit_conn addr 16;
+        limit_conn zone_site 30;
+        limit_req zone=wfone burst=240;
+        proxy_pass      https://%ip%:%web_ssl_port%;
+    }
+
+    location /wp-json/wordfence/ {
+        limit_conn addr 16;
+        limit_conn zone_site 30;
+        limit_req zone=wfone burst=240;
+        proxy_pass      https://%ip%:%web_ssl_port%;
+    }
+
+    location ~* ^.+\.(%proxy_extentions%)$ {
+        root           %sdocroot%;
+        access_log     /var/log/%web_system%/domains/%domain%.log combined;
+        access_log     /var/log/%web_system%/domains/%domain%.bytes bytes;
+        expires        max;
+        # try_files      $uri @fallback;
+    }
+
+    location /error/ {
+        alias   %home%/%user%/web/%domain%/document_errors/;
+    }
+
+    location @fallback {
+        proxy_pass      https://%ip%:%web_ssl_port%;
+    }
+
+    location ~ /wp-config.php    {return 404;}
+    location ~ /xmlrpc.php       {return 404;}
+    location ~ /\.ht    {return 404;}
+    location ~ /\.env   {return 404;}
+    location ~ /\.svn/  {return 404;}
+    location ~ /\.git/  {return 404;}
+    location ~ /\.hg/   {return 404;}
+    location ~ /\.bzr/  {return 404;}
+
+    disable_symlinks if_not_owner from=%docroot%;
+
+    include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt;
+    include %home%/%user%/conf/web/s%proxy_system%.%domain%.conf*;
+}

src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-wordpress-2.tpl

@@ -0,0 +1,92 @@
+server {
+    listen      %ip%:%proxy_port%;
+    server_name %domain_idn% %alias_idn%;
+    error_log  /var/log/%web_system%/domains/%domain%.error.log error;
+
+    location / {
+        error_page 418 = @wordfence_lh;
+        error_page 419 = @wordfence_route;
+        error_page 420 = @wordfence_sync;
+
+        if ($request_uri ~ "^/\?wordfence_lh") { return 418; }
+        if ($request_uri ~ "^/\?rest_route=%2Fwordfence") { return 419; }
+        if ($request_uri ~ "^/\?wordfence_syncAttackData") { return 420; }
+
+        limit_conn addr 10;
+        limit_conn zone_site 30;
+        limit_req zone=one burst=28 delay=14;
+        proxy_pass      http://%ip%:%web_port%;
+    }
+
+    location /wp-admin/ {
+        limit_conn addr 48;
+        limit_conn zone_site 60;
+        limit_req zone=one burst=80 delay=14;
+        proxy_pass      http://%ip%:%web_port%;
+    }
+
+    location /wp-json/ {
+        limit_conn addr 16;
+        limit_conn zone_site 30;
+        limit_req zone=one burst=80 delay=14;
+        proxy_pass      http://%ip%:%web_port%;
+    }
+
+    location @wordfence_lh {
+        limit_conn addr 16;
+        limit_conn zone_site 30;
+        limit_req zone=wfone burst=240;
+        proxy_pass      http://%ip%:%web_port%;
+    }
+
+    location @wordfence_route {
+        limit_conn addr 16;
+        limit_conn zone_site 30;
+        limit_req zone=wfone burst=240;
+        proxy_pass      http://%ip%:%web_port%;
+    }
+
+    location @wordfence_sync {
+        limit_conn addr 16;
+        limit_conn zone_site 30;
+        limit_req zone=wfone burst=240;
+        proxy_pass      http://%ip%:%web_port%;
+    }
+
+    location /wp-json/wordfence/ {
+        limit_conn addr 16;
+        limit_conn zone_site 30;
+        limit_req zone=wfone burst=240;
+        proxy_pass      http://%ip%:%web_port%;
+    }
+
+    location ~* ^.+\.(%proxy_extentions%)$ {
+        root           %docroot%;
+        access_log     /var/log/%web_system%/domains/%domain%.log combined;
+        access_log     /var/log/%web_system%/domains/%domain%.bytes bytes;
+        expires        max;
+        # try_files      $uri @fallback;
+    }
+
+    location /error/ {
+        alias   %home%/%user%/web/%domain%/document_errors/;
+    }
+
+    location @fallback {
+        proxy_pass      http://%ip%:%web_port%;
+    }
+
+    location ~ /wp-config.php    {return 404;}
+    location ~ /xmlrpc.php       {return 404;}
+    location ~ /\.ht    {return 404;}
+    location ~ /\.env   {return 404;}
+    location ~ /\.svn/  {return 404;}
+    location ~ /\.git/  {return 404;}
+    location ~ /\.hg/   {return 404;}
+    location ~ /\.bzr/  {return 404;}
+
+    disable_symlinks if_not_owner from=%docroot%;
+
+    include %home%/%user%/conf/web/nginx.%domain%.conf*;
+}
+

src/deb/for-download/tools/rate-limit-tpl/install_rate_limit_tpl.sh

@@ -71,4 +71,9 @@ wget -nv -O /usr/local/vesta/data/templates/web/nginx/force-https-firewall-wordp
 wget -nv -O /usr/local/vesta/data/templates/web/nginx/hosting-firewall-wordpress.tpl http://c.myvestacp.com/tools/rate-limit-tpl/hosting-firewall-wordpress.tpl
 wget -nv -O /usr/local/vesta/data/templates/web/nginx/hosting-firewall-wordpress.stpl http://c.myvestacp.com/tools/rate-limit-tpl/hosting-firewall-wordpress.stpl
 
+wget -nv -O /usr/local/vesta/data/templates/web/nginx/force-https-firewall-wordpress-2.tpl http://c.myvestacp.com/tools/rate-limit-tpl/force-https-firewall-wordpress-2.tpl
+wget -nv -O /usr/local/vesta/data/templates/web/nginx/force-https-firewall-wordpress-2.stpl http://c.myvestacp.com/tools/rate-limit-tpl/force-https-firewall-wordpress-2.stpl
+wget -nv -O /usr/local/vesta/data/templates/web/nginx/hosting-firewall-wordpress-2.tpl http://c.myvestacp.com/tools/rate-limit-tpl/hosting-firewall-wordpress-2.tpl
+wget -nv -O /usr/local/vesta/data/templates/web/nginx/hosting-firewall-wordpress-2.stpl http://c.myvestacp.com/tools/rate-limit-tpl/hosting-firewall-wordpress-2.stpl
+
 systemctl restart nginx