| #/* |
| # * Copyright (c) 2012 Adobe Systems Incorporated. All rights reserved. |
| # * |
| # * Permission is hereby granted, free of charge, to any person obtaining a |
| # * copy of this software and associated documentation files (the "Software"), |
| # * to deal in the Software without restriction, including without limitation |
| # * the rights to use, copy, modify, merge, publish, distribute, sublicense, |
| # * and/or sell copies of the Software, and to permit persons to whom the |
| # * Software is furnished to do so, subject to the following conditions: |
| # * |
| # * The above copyright notice and this permission notice shall be included in |
| # * all copies or substantial portions of the Software. |
| # * |
| # * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR |
| # * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, |
| # * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE |
| # * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER |
| # * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING |
| # * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER |
| # * DEALINGS IN THE SOFTWARE. |
| # * |
| # */ |
| location / { |
| LearningMode; #learning mode enabled, will not block requests, used for generating whitelists |
| SecRulesEnabled; |
| DeniedUrl "/RequestDenied"; |
| |
| |
| CheckRule "$SQL >= 8" BLOCK; |
| CheckRule "$RFI >= 8" BLOCK; |
| CheckRule "$XSS >= 8" BLOCK; |
| CheckRule "$TRAVERSAL >= 8" BLOCK; |
| CheckRule "$EVADE >= 8" BLOCK; |
| root /etc/api-gateway/html; |
| index index.html index.htm; |
| } |
| |
| |
| location /health-check { |
| access_log off; |
| content_by_lua ' |
| ngx.say("API-Platform is running!") |
| if jit then |
| ngx.say("LuaJIT-" .. jit.version); |
| else |
| ngx.say("LuaJIT is not enabled"); |
| end |
| '; |
| } |
| |
| |
| |
| location /RequestDenied { |
| return 500; |
| } |
| error_page 500 501 502 503 504 /50x.html; |
| |
| location /50x.html { |
| more_set_headers 'Content-Type: application/json'; |
| return 500 '{"code":$status, "message":"Oops. Something went wrong. Check your URI and try again."}\n'; |
| } |