search

mitchellkrogza / nginx-ultimate-bad-bot-blocker

Nginx Block Bad Bots, Spam Referrer Blocker, Vulnerability Scanners, User-Agents, Malware, Adware, Ransomware, Malicious Sites, with anti-DDOS, Wordpress Theme Detector Blocking and Fail2Ban Jail for Repeat Offenders
Other
3.81k stars 472 forks source link

[INSTALLATION] [emerg] "limit_conn" directive is not allowed here #525

Closed cblonde closed 11 months ago

cblonde commented 11 months ago

Describe the problem you are experiencing

After installation the NGINX config file test fails, citing a problem with a limit_conn directive. I read through past issues but I'm not sure what to do to resolve this.

Error Messages

Post any error messages (if applicable):


/etc/alternatives$ sudo nginx -t
nginx: [warn] duplicate network "138.199.57.151", value: "0", old value: "1" in /etc/nginx/conf.d/globalblacklist.conf:18884
nginx: [warn] duplicate network "143.244.38.129", value: "0", old value: "1" in /etc/nginx/conf.d/globalblacklist.conf:18900
nginx: [warn] duplicate network "195.181.163.194", value: "0", old value: "1" in /etc/nginx/conf.d/globalblacklist.conf:18995
nginx: [warn] duplicate network "5.188.120.15", value: "0", old value: "1" in /etc/nginx/conf.d/globalblacklist.conf:19122
nginx: [warn] duplicate network "89.187.173.66", value: "0", old value: "1" in /etc/nginx/conf.d/globalblacklist.conf:19169
nginx: [emerg] "limit_conn" directive is not allowed here in /etc/nginx/bots.d/ddos.conf:35
nginx: configuration file /etc/nginx/nginx.conf test failed

Copy of nginx.conf

If applicable please paste your nginx.conf file here (paste in between the markers)


        error_log /var/log/nginx/error.log warn;

        ##
        # Gzip Settings
        ##

        gzip on;
        gzip_disable "msie6";

         gzip_vary on;
         gzip_proxied any;
         gzip_comp_level 6;
         gzip_buffers 16 8k;
         gzip_http_version 1.1;
         gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

        ##
        # Virtual Host Configs
        ##

        #include /etc/nginx/conf.d/*.conf;
        include /etc/nginx/sites-enabled/*;

        ##test
        fastcgi_buffers 16 16k;
        fastcgi_buffer_size 32k;

        ##Disable Symlinks - Added by Craig Jan 4 2023
        disable_symlinks off;

}

#mail {
#       # See sample authentication script at:
#       # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
#
#       # auth_http localhost/auth.php;
#       # pop3_capabilities "TOP" "USER";
#       # imap_capabilities "IMAP4rev1" "UIDPLUS";
#
#       server {
#               listen     localhost:110;
#               protocol   pop3;
#               proxy      on;
#       }
#
#       server {
#               listen     localhost:143;
#               protocol   imap;
#               proxy      on;
#       }
#}

Copy of vhost / website / host .conf file

If applicable please paste your site/vhost configuration file in between the code ticks (paste in between the markers)


There are a number of vhosts - this is representative of all of them

# Default server configuration
#
server {

        # SSL configuration
        #
        # listen 443 ssl default_server;
        # listen [::]:443 ssl default_server;
        #
        # Note: You should disable gzip for SSL traffic.
        # See: https://bugs.debian.org/773332
        #
        # Read up on ssl_ciphers to ensure a secure configuration.
        # See: https://bugs.debian.org/765782
        #
        # Self signed certs generated by the ssl-cert package
        # Don't use them in a production server!
        #
        # include snippets/snakeoil.conf;

        root /mnt/websitestorage/exampleURL.com;

        # Add index.php to the list if you are using PHP
        index index.php index.html index.htm;

        server_name exampleURL.com www.exampleURL.com;

    ##
    # Nginx Bad Bot Blocker Includes
    # REPO: https://github.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker
    ##
        include /etc/nginx/bots.d/ddos.conf;
        include /etc/nginx/bots.d/blockbots.conf;

location / {
                # First attempt to serve request as file, then
                # as directory, then fall back to displaying a 404.
                #try_files $uri $uri/ =404;
                try_files $uri $uri/ /index.php?q=$uri&$args;
        }

#Added to block undesirable wordpress PHP execution - 27/08/2018
#        location ~* /wp-includes/.*.php$ {
#                deny all;
#                access_log off;
#                log_not_found off;
#                }
        location ~* /wp-content/.*.php$ {
                deny all;
                access_log off;
                log_not_found off;
                }
        location ~* /(?:uploads|files)/.*.php$ {
                deny all;
                access_log off;
                log_not_found off;
                }
        location = /xmlrpc.php {
                deny all;
                access_log off;
                log_not_found off;
                }

# pass PHP scripts to FastCGI server
        location ~ \.php$ {
                fastcgi_split_path_info ^(.+\.php)(/.+)$;
                # With php-fpm (or other unix sockets):
                fastcgi_pass unix:/var/run/php/php7.4-fpm-exampleURL.sock;

                include snippets/fastcgi-php.conf;
                }

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/exampleURL.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/exampleURL.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}

server {
    if ($host = www.exampleURL.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    if ($host = exampleURL.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

        server_name exampleURL www.exampleURL.com;
    listen 80;

    return 404; # managed by Certbot

}

Screenshots

If applicable, add screenshots to help explain your problem.

Server (please complete the following information):

Debian 11

Post output of uname -a here

Linux hostname 5.10.0-21-amd64 #1 SMP Debian 5.10.162-1 (2023-01-21) x86_64 GNU/Linux

nginx/1.18.0

Paste output of sudo nginx -V here (paste in between the markers)

configure arguments: --with-cc-opt='-g -O2 -ffile-prefix-map=/build/nginx-x3gsRV/nginx-1.18.0=. -fstack-protector-strong -Wformat -Werror=format-security -fPIC -Wdate-time -D_FORTIFY_SOURCE=2' --with-ld-opt='-Wl,-z,relro -Wl,-z,now -fPIC' --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --modules-path=/usr/lib/nginx/modules --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-compat --with-debug --with-pcre-jit --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_v2_module --with-http_dav_module --with-http_slice_module --with-threads --with-http_addition_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_sub_module


Paste any log / error messages here (paste in between the ```     ``` markers)

Additional information

Add any other context about the problem here.

cblonde commented 11 months ago

The installation script put the bot blocker includes in the wrong spot in all of my vhosts. I moved it and the error is gone. Included sample vhost updated to show a working location.