File: //etc/nginx/sites-available/grabsongdo.com
# Ploi Webserver Configuration, do not remove!
include /etc/nginx/ploi/grabsongdo.com/before/*;
server {
root /home/grabsong-135/grabsongdo.com/public;
server_name grabsongdo.com;
include /etc/nginx/ssl/grabsongdo.com;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/nginx/dhparams.pem;
index index.php index.html;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
charset utf-8;
# [수정 1] 공격 경로 즉시 차단 (PHP로 절대 안 넘김)
location ~* (blogClicks\.php|ojs|jptoto|rip\.php|classwithtostring\.php|wp_filemanager\.php|setup-config\.php|xmlrpc\.php) {
return 444;
access_log off;
}
# [수정 2] 봇 차단 강화
if ($http_user_agent ~* (zgrab|paloaltonetworks|dotbot|petalbot|bingbot|python|curl|go-http-client)) {
return 444;
}
# Ploi Configuration
include /etc/nginx/ploi/grabsongdo.com/server/*;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
access_log off;
error_log /var/log/nginx/grabsongdo.com-error.log error;
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
# [수정 3] 404 발생 시 PHP(index.php)를 호출하지 않음 (부하 절감의 핵심)
error_page 404 =444 /404.html;
location = /404.html { internal; }
location ~ \.php$ {
try_files $uri /index.php =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/run/php/php8.3-fpm-grabsong-135.sock;
fastcgi_buffers 16 32k;
fastcgi_buffer_size 32k;
fastcgi_busy_buffers_size 64k;
# [수정 4] 타임아웃을 10초로 단축 (공격 봇이 일꾼을 점유하지 못하게 함)
fastcgi_read_timeout 10s;
fastcgi_send_timeout 10s;
fastcgi_connect_timeout 10s;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
fastcgi_param DOCUMENT_ROOT $realpath_root;
include fastcgi_params;
}
location ~ /\.(?!well-known).* {
deny all;
}
}
include /etc/nginx/ploi/grabsongdo.com/after/*;