client_body_buffer_size 8k;
client_max_body_size 10m;
-location / {
- index index.html index.htm index.php;
+
+if ($bad_bot) {
+ return 444;
}
-location ~* ^.+.(css|gif|html|ico|jpeg|js|jpg|png|txt|xml)$ {
- access_log off;
- expires 30d;
- log_not_found off;
+#if ($bad_referer) {
+# return 444;
+# }
+
+#location ~ /\. {
+# access_log off;
+# deny all;
+# log_not_found off;
+# }
+location ~* ^.+\.(?:css|gif|jpe?g|js|png|swf)$ {
+ ## Defining the valid referers.
+ ## Disallow any usage of piwik assets if referer is non valid.
+ valid_referers none blocked
+ server_names
+ .cyclocoop.org
+ .heureux-cyclage.org
+ .ptitvelo.net
+ .velosenville.org
+ .wiklou.org;
+ if ($invalid_referer) {
+ return 444;
+ }
+
+ expires max;
+ # NOTE: Static files use the OS buffer cache.
+ open_file_cache max=500 inactive=120s;
+ open_file_cache_errors off;
+ open_file_cache_min_uses 2;
+ open_file_cache_valid 45s;
+ tcp_nodelay off;
+ }
+location = /favicon.ico {
+ ## Support for favicon. Return a 204 (No Content) if the favicon doesn't exist.
+ try_files /favicon.ico =204;
}
-location ~ /\. {
- access_log off;
- deny all;
- log_not_found off;
+location / {
+ ## Try all locations and relay to index.php as a fallback.
+ try_files $uri /index.php?$query_string;
}
-location ~ \.php$ {
+location = /piwik.php {
+ ## Relay all piwik.php requests to fastcgi.
include /etc/nginx/conf.d/fastcgi.conf;
- set $no_cache "0";
- if ($request_method !~ ^(GET|HEAD)$) {
- # NOTE: if non GET/HEAD, don't cache and mark user as uncacheable for 1 second via cookie.
- set $no_cache "1";
- }
- if ($no_cache = "1") {
- # NOTE: drop no cache cookie if need be (for some reason, add_header fails if included in prior if-block).
- add_header Set-Cookie "_mcnc=1; Max-Age=2; Path=/";
- add_header X-Microcachable "0";
- }
- if ($http_cookie ~* "_mcnc") {
- # NOTE: bypass cache if no-cache cookie is set
- set $no_cache "1";
- }
+ add_header X-Piwik-Long-Cache $upstream_cache_status;
+ expires epoch;
+ fastcgi_cache microcache;
fastcgi_cache_bypass $no_cache;
- fastcgi_cache_use_stale updating;
- fastcgi_cache_valid 200 10s;
+ fastcgi_cache_use_stale error timeout invalid_header updating http_500;
+ fastcgi_cache_valid 200 301 2h;
+ fastcgi_cache_valid 302 30m;
fastcgi_cache_valid 404 10m;
- fastcgi_ignore_headers Cache-Control Expires Set-Cookie;
- fastcgi_index index.php;
- fastcgi_max_temp_file_size 2M;
+ fastcgi_ignore_headers Cache-Control Expires;
fastcgi_no_cache $no_cache;
fastcgi_param REDIRECT_STATUS 200;
- # NOTE: PHP only, required if PHP was built with --enable-force-cgi-redirect
- fastcgi_pass_header Cookie;
- fastcgi_pass_header Set-Cookie;
- fastcgi_split_path_info ^(.+\.php)(/.+)$;
- fastcgi_pass unix:/run/php5/fpm/lhc_stats;
+ fastcgi_pass php_fpm_lhc_stats;
+ }
+location ~* ^.+\.php$ {
+ ## Any other attempt to access PHP files redirects to the root.
+ return 302 /;
+ }
+location ~* (?:DESIGN|(?:gpl|README|LICENSE)[^.]*|LEGALNOTICE)(?:\.txt)*$ {
+ ## Redirect to the root if attempting to access a txt file.
+ return 302 /;
+ }
+location ~* \.(?:bat|html?|git|ini|sh|svn[^.]*|txt|tpl|xml)$ {
+ ## Disallow access to several helper files.
+ return 404;
+ }
+location = /robots.txt {
+ ## No crawling of this site for bots that obey robots.txt.
+ return 200 "User-agent: *\nDisallow: /\n";
}
# vim: ft=sh
dépôts / lhc / ateliers.git / blobdiff