asxpi/nginx
asxpi/nginx
1
0
Fork 0
Code Issues Pull requests Activity

initial commit

Browse source
This commit is contained in:
Sergei Poljanski 2023-08-02 19:42:42 +00:00
commit 7977d297ac
28 changed files with 21761 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

0
README.md Normal file
View file

92
bots.d/bad-referrer-words.conf Normal file
View file

@ -0,0 +1,92 @@
# EDIT THIS FILE AS YOU LIKE TO ADD OR REMOVE ANY BAD WORDS YOU WANT TO SCAN FOR ###
# VERSION INFORMATION #
#----------------------
# Version: V4.2019.11
# Updated: 2019-07-05
#----------------------
# VERSION INFORMATION #
##############################################################################
# _ __ _ #
# / |/ /__ _(_)__ __ __ #
# / / _ `/ / _ \\ \ / #
# /_/|_/\_, /_/_//_/_\_\ #
# __/___/ __ ___ __ ___ __ __ #
# / _ )___ ____/ / / _ )___ / /_ / _ )/ /__ ____/ /_____ ____ #
# / _ / _ `/ _ / / _ / _ \/ __/ / _ / / _ \/ __/ '_/ -_) __/ #
# /____/\_,_/\_,_/ /____/\___/\__/ /____/_/\___/\__/_/\_\\__/_/ #
# #
##############################################################################
# This is merely an example and gets auto included as since Version 2.2017.07 introduced on 2017-04-20
# This file must exist on your system or Nginx will fail a reload due to a missing file
# For all intensive purpose you can delete everything inside this file and leave it
# completely blank if you do not want your Nginx Blocker to include scanning for bad words within urls or referrer string
# Only add one entry per line
# -------------------------------
# !!! WARNING WARNING WARNING !!!
# -------------------------------
# ---------------------------------------
# PLEASE BE VERY CAREFUL HOW YOU USE THIS
# ---------------------------------------
# Here is an example of how one supposed bad word can cause your whole site to go down.
# An issue was logged where the users own domain name was specialisteparquet.com
# Because this list contained the word "cialis" it was detected within his domain name causing
# his entire site to go down and not server any assets.
# That one entry would even cause any site containing a word like "specialist" anywhere in any
# of their sites pages to cause them to be blocked and whitelisting your own domain name in the
# whitelist-domains.conf file will not even bypass this, SO BE CAREFUL PLEASE
# Think very carefully before you add any word here
# -----------------------------------------------------------------------------------------
# PLEASE MAKE SURE that you use word regex boundaries to avoid false positive detection !!!
# -----------------------------------------------------------------------------------------
# BY DEFAULT ALL THE EXAMPLES BELOW ARE COMMENTED OUT AND HENCE NOT ENABLED
# As you can see in the examples below the word "adultgalls" is entered with a preceding (?:\b) and an ending (?:\b)
# this makes it now "(?:\b)adultgalls(?:\b)". It is crucial to use the word boundaries regex formatting.
# ---------
# EXAMPLES:
# ---------
# "~*(?:\b)adultgalls(?:\b)" 1;
# "~*(?:\b)amateurxpass(?:\b)" 1;
# "~*(?:\b)bigblackbooty(?:\b)" 1;
# "~*(?:\b)blacktits(?:\b)" 1;
# "~*(?:\b)cookie\-law\-enforcement(?:\b)" 1;
# "~*(?:\b)free\-share\-buttons(?:\b)" 1;
# "~*(?:\b)free\-social\-buttons(?:\b)" 1;
# "~*(?:\b)fuck\-paid\-share\-buttons(?:\b)" 1;
# "~*(?:\b)ilovevitaly(?:\b)" 1;
# "~*(?:\b)law\-enforcement\-bot(?:\b)" 1;
# "~*(?:\b)law\-enforcement\-check(?:\b)" 1;
# "~*(?:\b)share\-buttons\-for\-free(?:\b)" 1;
# "~*(?:\b)webfuck(?:\b)" 1;
# "~*(?:\b)xxxrus(?:\b)" 1;
# "~*(?:\b)zeroredirect(?:\b)" 1;
# "~*(?:\b|)x22(?:\b)" 1; (in this string if your own domain name was sex22.com it would be blocked)
# Here is a list of unsanitary words used in referrer strings - used in various injection attacks
# THE RULES BELOW ARE ENABLED BY DEFAULT
# You can disable this default list by switching the values to 0
"~*(?:\b|)mb_ereg_replace(?:\b|)" 1;
# -----------
# PLEASE NOTE
# -----------
# If you whitelist your own domain in whitelist-domains.conf and your own domain is passed in the referrer string with an attack string it will NOT be blocked.
# --------
# EXAMPLE:
# --------
# This string "http://yourwebsite.com/?s=/index/%5Cthink%5Capp/invokefunction&function=call_user_func_array&vars[0]=file_put_contents&vars[1][]=gqopu.php&vars[1][]=<?php mb_ereg_replace('.*',@$_REQUEST[_], '', 'e');?>$"
# contains the above 'mb_ereg_replace" attack string
# If your domain is whitelisted in whitelist-domains.conf this string will NOT be detected

100
bots.d/blacklist-ips.conf Normal file
View file

@ -0,0 +1,100 @@
# EDIT THIS FILE AS YOU LIKE TO ADD OR REMOVE ANY BAD IP ADDRESSES OR IP RANGES YOU WANT TO BLOCK ###
# VERSION INFORMATION #
#----------------------
# Version: V4.2019.09
# Updated: 2019-06-28
#----------------------
# VERSION INFORMATION #
##############################################################################
# _ __ _ #
# / |/ /__ _(_)__ __ __ #
# / / _ `/ / _ \\ \ / #
# /_/|_/\_, /_/_//_/_\_\ #
# __/___/ __ ___ __ ___ __ __ #
# / _ )___ ____/ / / _ )___ / /_ / _ )/ /__ ____/ /_____ ____ #
# / _ / _ `/ _ / / _ / _ \/ __/ / _ / / _ \/ __/ '_/ -_) __/ #
# /____/\_,_/\_,_/ /____/\___/\__/ /____/_/\___/\__/_/\_\\__/_/ #
# #
##############################################################################
# This is merely an example and gets auto included as since Version 2.2017.07 introduced on 2017-04-20
# This file must exist on your system or Nginx will fail a reload due to a missing file
# For all intensive purpose you can delete everything inside this file and leave it
# completely blank if you do not want your Nginx Blocker to do any blocking of bad IP's
# Add IP's you want to blacklist below this line, one per line as per example
# Nginx [warn] notices may be reported when you try reload Nginx if you happen to include an
# IP here that may already be included by the blocker with it's daily updates
# NOTE: It is only an Nginx Warning message and will not cause Nginx to fail a reload.
# 111.111.111.111 1;
# -------------------------------------------
# Cyveillance / Qwest Communications / PSINET
# -------------------------------------------
# I am extensively researching this subject - appears to be US government involved
# and also appears to be used by all sorts of law enforcement agencies. For one they
# do not obey robots.txt and continually disguise their User-Agent strings. Time will
# tell if this is all correct or not.
# For now see - https://en.wikipedia.org/wiki/Cyveillance
# IMPORTANT UPDATE ON Cyveillance / Qwest Communications !!!
# **********************************************************
# I have done a lot of research on Cyveillance now and through monitoring my logs I know
# for sure what companies are using them and what they are actually looking for.
# My research has led me to understand that Cyveillance services are used by hundreds
# of companies to help them dicsover theft of copyrighted materials like images, movies
# music and other materials. I personally believe a lot of block lists who originally recommended
# blocking Cyveillance have done so to protect their torrent or p2p sites from being scanned.
# I personally have now unblocked them as image theft is a big problem of mine but if you
# do want to block Cyveillance you can simply modify the entries in the block below from "0" to "1"
# Getty Images is one such company who appears to use Cyveillance to help monitor for copyright theft.
# If you really do want to block them change all the 0's below to 1.
# Use this section at YOUR OWN RISK, you may block some legitimate networks but after many hours of
# Research this is now the completely updated list of all IP ranges IPV4 and IPV6 owned Qwest Communications
# PSINET and Cyveillance
# IMPORTANT NOTE: If you really want to keeps bot and things out of certain parts of your web site
# Rather implement a comlex Google Re-Captcha to reach sections of your sites and for people to be able
# to access download links. Google Re-Captcha with images is too complex for any bot.
38.0.0.0/8 0;
206.2.138.0/23 0;
208.71.164.0/22 0;
4.17.135.32/27 0;
63.144.0.0/13 0;
65.112.0.0/12 0;
65.192.0.0/11 0;
# ---------------
# Berkely Scanner
# ---------------
# The Berkeley University has a scanner testing all over the web sending a complex
# payload an expecting a reply from servers who are infected or who just respond to such
# a payload. The payload looks similar to this
# "$\xC9\xE1\xDC\x9B+\x8F\x1C\xE71\x99\xA8\xDB6\x1E#\xBB\x19#Hx\xA7\xFD\x0F9-"
# and is sometime VERY long. You may have noticed this in your logs.
# I support research projects and all my servers respond with an error to this type of
# string so I do not block them but if you want to block just uncomment the following line
# or email them asking them not to scan your server. They do respond.
# Visit http://169.229.3.91/ for more info
# If you really do want to block them change all the 0 below to 1.
169.229.3.88/29 0;
# ------------
# MY BLACKLIST
# ------------
# 111.111.111.111 1;
# NOTE: If you blacklist your own IP by mistake whitelist-ips.conf will completely over-ride this.
# whitelist-ips.conf will always WIN and over-ride anything here and in the blocker

79
bots.d/blacklist-user-agents.conf Normal file
View file

@ -0,0 +1,79 @@
# EDIT THIS FILE AS YOU LIKE TO BLACKLIST OR WHITELIST ANY BAD USER-AGENT STRINGS YOU WANT TO SCAN FOR
# ****************************************************************************************************
# THIS IS BOTH YOUR WHITELIST AND BLACKLIST FOR USER-AGENTS
# VERSION INFORMATION #
#----------------------
# Version: V4.2022.03
# Updated: 2022-03-25
#----------------------
# VERSION INFORMATION #
##############################################################################
# _ __ _ #
# / |/ /__ _(_)__ __ __ #
# / / _ `/ / _ \\ \ / #
# /_/|_/\_, /_/_//_/_\_\ #
# __/___/ __ ___ __ ___ __ __ #
# / _ )___ ____/ / / _ )___ / /_ / _ )/ /__ ____/ /_____ ____ #
# / _ / _ `/ _ / / _ / _ \/ __/ / _ / / _ \/ __/ '_/ -_) __/ #
# /____/\_,_/\_,_/ /____/\___/\__/ /____/_/\___/\__/_/\_\\__/_/ #
# #
##############################################################################
# Add One Entry Per Line - List all the extra bad User-Agents you want to permanently block or whitelist.
# This is for User-Agents that are not included in the main list of the bot blocker
# This file must exist on your system or Nginx will fail a reload due to a missing file
# This allows you finer control of keeping certain bots blocked and automatic updates will
# Never be able to remove this custom list of yours
# Please note this include file loads first before any of the already whitelisted User-Agents
# in the bad bot blocker. By loading first in line it over-rides anything below it so for instance
# if you want to block Baidu, Google or Bing for any reason you add them to this file which loads
# first and takes precedence over anything below it. This now allows even finer control over the
# bad bot blocker. Enjoy !!!
# Even though this file is called blacklist-user-agents, as mentioned it can also be used to whitelist user agents
# By adding them below and setting the 3; to 0; this will permanently whitelist the User-Agent.
# Make sure any words that contain special characters are escaped and include word boundaries as per the Regex examples below.
# Example the User-Agent name "someverybaduseragentname1" is entered as "(?:\b)someverybaduseragentname1(?:\b)"
# Example the User-Agent name "some-very-bad-useragentname2" is entered as "(?:\b)some\-very\-bad\-useragentname1(?:\b)"
# the "(?:\b)" and "(?:\b)" are word boundaries which prevents partial matching and false positives.
# BY DEFAULT ALL THE EXAMPLES BELOW ARE COMMENTED OUT AND HENCE NOT ENABLED
# ---------------------
# WHITELISTING EXAMPLES
# ---------------------
# "~*(?:\b)someverygooduseragentname1(?:\b)" 0;
# "~*(?:\b)someverygooduseragentname2(?:\b)" 0;
# "~*(?:\b)some\-very\-good\-useragentname2(?:\b)" 0;
# ---------------------
# BLACKLISTING EXAMPLES
# ---------------------
# "~*(?:\b)someverybaduseragentname1(?:\b)" 3;
# "~*(?:\b)someverybaduseragentname2(?:\b)" 3;
# "~*(?:\b)some\-very\-bad\-useragentname2(?:\b)" 3;
# Here are some default things I block on my own server, these appear in various types of injection attacks
# You can disable them if you have problems or don't agree by switching thir value to 0 or moving them into the whitelist section first and then making their value 0
# ------------
# MY WHITELIST
# ------------
# ------------
# MY BLACKLIST
# ------------
"~*(?:\b)x22(?:\b)" 3;
"~*(?:\b){|}|{(?:\b)" 3;
"~*(?:\b)mb_ereg_replace(?:\b)" 3;
"~*(?:\b)file_put_contents(?:\b)" 3;

85
bots.d/blockbots.conf Normal file
View file

@ -0,0 +1,85 @@
# Author/Copyright: Mitchell Krog <mitchellkrog@gmail.com> - https://github.com/mitchellkrogza/
# VERSION INFORMATION #
#----------------------
# Version: V4.2019.04
# Updated: 2019-06-28
#----------------------
# VERSION INFORMATION #
##############################################################################
# _ __ _ #
# / |/ /__ _(_)__ __ __ #
# / / _ `/ / _ \\ \ / #
# /_/|_/\_, /_/_//_/_\_\ #
# __/___/ __ ___ __ ___ __ __ #
# / _ )___ ____/ / / _ )___ / /_ / _ )/ /__ ____/ /_____ ____ #
# / _ / _ `/ _ / / _ / _ \/ __/ / _ / / _ \/ __/ '_/ -_) __/ #
# /____/\_,_/\_,_/ /____/\___/\__/ /____/_/\___/\__/_/\_\\__/_/ #
# #
##############################################################################
# Include this in a vhost file within a server {} block using and include statement like below
# Place it near the top of your server {} block before any location / statements and it will block everywhere on your site.
# server {
# #Config stuff here
# include /etc/nginx/bots.d/blockbots.conf
# include /etc/nginx/bots.d/ddos.conf
# #Other config stuff here
# }
#######################################################################
# -----------------------------------
# OVER-RIDE BLOCKER / SUPER WHITELIST
# -----------------------------------
# In this block you can allow any IP address specified here to over-ride any bad bot or IP blocking of the blocker.
# This is useful for testing or allowing only specific IP's (ie. Internal ranges) to never be blocked.
# More IP's can be added example > "(127.0.0.1)|(192.168.0.1)|(192.168.1.1)"
# If you even blacklisted 127.0.0.1 or your own IP by giving it a value of 1 in any of the includes, this will over-ride that block.
# UNCOMMENT THE NEXT 4 LINES TO ACTIVATE THE SUPER WHITELIST
#if ($remote_addr ~ "(127.0.0.1)|(192.168.0.1)" ) {
#set $bad_bot '0'; #Uncommenting this line will disable bad_bots functionality for specified IP(s)
#set $validate_client '0'; #Uncommenting this line will disable validate_client ip blocking functionality for specified IP(s)
#}
# --------------
# BLOCK BAD BOTS
# --------------
# Section bot_1 Unused
#limit_conn bot1_connlimit 100;
#limit_req zone=bot1_reqlimitip burst=50;
limit_conn bot2_connlimit 10;
limit_req zone=bot2_reqlimitip burst=10;
if ($bad_bot = '3') {
return 444; # << Response Code Issued May Be Modified to Whatever you Choose ie. 404 but 444 wastes less of Nginxs time
}
# ---------------------
# BLOCK BAD REFER WORDS
# ---------------------
if ($bad_words) {
return 444; # << Response Code Issued May Be Modified to Whatever you Choose ie. 404 but 444 wastes less of Nginxs time
}
# ------------------
# BLOCK BAD REFERERS
# ------------------
if ($bad_referer) {
return 444; # << Response Code Issued May Be Modified to Whatever you Choose ie. 404 but 444 wastes less of Nginxs time
}
# -----------------------------
# BLOCK IP ADDRESSES and RANGES
# -----------------------------
if ($validate_client) {
return 444; # << Response Code Issued May Be Modified to Whatever you Choose ie. 404 but 444 wastes less of Nginxs time
}

62
bots.d/custom-bad-referrers.conf Normal file
View file

@ -0,0 +1,62 @@
# EDIT THIS FILE AS YOU LIKE TO ADD ANY ADDITIONAL BAD REFERRER DOMAINS YOU WANT TO SCAN FOR ###
# THIS IS BOTH YOUR WHITELIST AND BLACKLIST FOR REFERRERS and DOMAINS
# VERSION INFORMATION #
#----------------------
# Version: V4.2019.09
# Updated: 2019-07-05
#----------------------
# VERSION INFORMATION #
##############################################################################
# _ __ _ #
# / |/ /__ _(_)__ __ __ #
# / / _ `/ / _ \\ \ / #
# /_/|_/\_, /_/_//_/_\_\ #
# __/___/ __ ___ __ ___ __ __ #
# / _ )___ ____/ / / _ )___ / /_ / _ )/ /__ ____/ /_____ ____ #
# / _ / _ `/ _ / / _ / _ \/ __/ / _ / / _ \/ __/ '_/ -_) __/ #
# /____/\_,_/\_,_/ /____/\___/\__/ /____/_/\___/\__/_/\_\\__/_/ #
# #
##############################################################################
# This is merely an example and gets auto included as since Version 2.2017.07 introduced on 2017-04-20
# This file must exist on your system or Nginx will fail a reload due to a missing file
# Only add one entry per line
# Make sure any domains have dots and special characters escaped as per the Regex examples below.
# For example some-veryvery-randomwebsitename-thatdoesnotexist4.com should be entered as
# some\-veryvery\-randomwebsitename\-thatdoesnotexist4\.com
# *****************************************************************************************
# PLEASE MAKE SURE that you use word regex boundaries to avoid false positive detection !!!
# *****************************************************************************************
# As you can see in the examples below the domain "someveryveryrandomwebsitenamethatdoesnotexist1\.com"
# is entered with a preceding (?:\b) and an ending (?:\b)
# this makes it now "(?:\b)someveryveryrandomwebsitenamethatdoesnotexist1\.com(?:\b)".
# It is crucial to use the word boundaries regex formatting.
# ---------
# EXAMPLES:
# ---------
# BY DEFAULT ALL THE EXAMPLES BELOW ARE COMMENTED OUT AND HENCE NOT ENABLED
# "~*(?:\b)someveryveryrandomwebsitenamethatdoesnotexist1\.com(?:\b)" 1;
# "~*(?:\b)someveryveryrandomwebsitenamethatdoesnotexist2\.com(?:\b)" 1;
# "~*(?:\b)someveryveryrandomwebsitenamethatdoesnotexist3\.com(?:\b)" 1;
# "~*(?:\b)some\-veryvery\-randomweb\-sitenamethatdoesnotexist4\.com(?:\b)" 1;
# ------------
# MY WHITELIST
# ------------
# "~*(?:\b)mywebsite\.com(?:\b)" 0;
# ------------
# MY BLACKLIST
# ------------
# "~*(?:\b)someotherwebsite\.com(?:\b)" 1;

36
bots.d/ddos.conf Normal file
View file

@ -0,0 +1,36 @@
#######################################################################
### VERSION INFORMATION #
###################################################
### Version: V4.2019.02
### Updated: 2019-06-24
###################################################
### VERSION INFORMATION ##
##############################################################################
# _ __ _ #
# / |/ /__ _(_)__ __ __ #
# / / _ `/ / _ \\ \ / #
# /_/|_/\_, /_/_//_/_\_\ #
# __/___/ __ ___ __ ___ __ __ #
# / _ )___ ____/ / / _ )___ / /_ / _ )/ /__ ____/ /_____ ____ #
# / _ / _ `/ _ / / _ / _ \/ __/ / _ / / _ \/ __/ '_/ -_) __/ #
# /____/\_,_/\_,_/ /____/\___/\__/ /____/_/\___/\__/_/\_\\__/_/ #
# #
##############################################################################
# Author: Mitchell Krog <mitchellkrog@gmail.com> - https://github.com/mitchellkrogza/
# Include this in a vhost file within a server {} block using and include statement like below
# server {
# #Config stuff here
# include /etc/nginx/bots.d/blockbots.conf
# include /etc/nginx/bots.d/ddos.conf
# #Other config stuff here
# }
#######################################################################
limit_conn addr 200;
limit_req zone=flood burst=200 nodelay;

57
bots.d/whitelist-domains.conf Normal file
View file

@ -0,0 +1,57 @@
# EDIT THIS FILE AS YOU LIKE TO WHITELIST YOUR OWN DOMAIN NAMES AND SPARE THEM FROM ANY REFERRER CHECKING ###
# VERSION INFORMATION #
#----------------------
# Version: V4.2019.08
# Updated: 2019-07-05
#----------------------
# VERSION INFORMATION #
##############################################################################
# _ __ _ #
# / |/ /__ _(_)__ __ __ #
# / / _ `/ / _ \\ \ / #
# /_/|_/\_, /_/_//_/_\_\ #
# __/___/ __ ___ __ ___ __ __ #
# / _ )___ ____/ / / _ )___ / /_ / _ )/ /__ ____/ /_____ ____ #
# / _ / _ `/ _ / / _ / _ \/ __/ / _ / / _ \/ __/ '_/ -_) __/ #
# /____/\_,_/\_,_/ /____/\___/\__/ /____/_/\___/\__/_/\_\\__/_/ #
# #
##############################################################################
# Add One Entry Per Line - List all your own domains of the sites you host on the server
# This file must exist on your system or Nginx will fail a reload due to a missing file
# Automatic updates will never be able to remove this custom list of yours
# Add One Entry Per Line
# Make sure any domains have dots and special characters escaped as per the Regex examples below.
# For example myfirstowndomainname.com should be entered as myfirstowndomainname\.com
# and my-second-owndomainname.com should be entered as my\-second\-owndomainname\.com
# *****************************************************************************************
# PLEASE MAKE SURE that you use word regex boundaries to avoid false positive detection !!!
# *****************************************************************************************
# As you can see in the examples below the domain "myfirstowndomainname\.com" is entered with a preceding (?:\b) and an ending (?:\b)
# this makes it now "(?:\b)myfirstowndomainname\.com(?:\b)". It is important to use the word boundaries regex formatting.
# BY DEFAULT ALL THE EXAMPLES BELOW ARE COMMENTED OUT AND HENCE NOT ENABLED
# ---------
# EXAMPLES:
# ---------
# "~*(?:\b)myfirstowndomainname\.com(?:\b)" 0;
# "~*(?:\b)my\-second\-owndomainname\.com(?:\b)" 0;
# ------------
# MY WHITELIST
# ------------
# NOTE: This file can also blacklist by giving something a value of 1
# but rather please do your blacklisting in the custom-bad-referrers.conf include file.
# NOTE: If you whitelist your own domain here, any words in bad-referrer-words.conf will not be effective if the attacker passes your own domain name in the referrer string.
# SEE NOTES: in bad-referrer-words.conf

47
bots.d/whitelist-ips.conf Normal file
View file

@ -0,0 +1,47 @@
# EDIT THIS FILE AS YOU LIKE TO WHITELIST ALL YOUR IP ADDRESSES AND IP RANGES ###
# VERSION INFORMATION #
#----------------------
# Version: V4.2019.05
# Updated: 2019-06-28
#----------------------
# VERSION INFORMATION #
##############################################################################
# _ __ _ #
# / |/ /__ _(_)__ __ __ #
# / / _ `/ / _ \\ \ / #
# /_/|_/\_, /_/_//_/_\_\ #
# __/___/ __ ___ __ ___ __ __ #
# / _ )___ ____/ / / _ )___ / /_ / _ )/ /__ ____/ /_____ ____ #
# / _ / _ `/ _ / / _ / _ \/ __/ / _ / / _ \/ __/ '_/ -_) __/ #
# /____/\_,_/\_,_/ /____/\___/\__/ /____/_/\___/\__/_/\_\\__/_/ #
# #
##############################################################################
# Add One Entry Per Line - List all your IP's and IP Ranges you want to whitelist
# This file must exist on your system or Nginx will fail a reload due to a missing file
# Automatic updates will never be able to remove this custom list of yours
# Add One Entry Per Line as per the example
# Only add actual IP addresses and ranges here
# BY DEFAULT ALL THE EXAMPLES BELOW ARE COMMENTED OUT AND HENCE NOT ENABLED
# REFRAIN FROM USING 127.0.0.1 AS IT MAY CAUSE UNDESIRABLE RESULTS ON SOME SYSTEMS
# ---------
# EXAMPLES:
# ---------
# 111.111.111.111 0;
# ------------
# MY WHITELIST
# ------------
# ------
# NOTES:
# ------
# - This file rules over any other other parts of the IP blocking.
# - If you blacklisted your own IP in blacklist-ips.conf whitelisting it here will over-ride the blacklisting.
# - Whitelisting IP's and RANGES here ONLY affects the IP blocking functions.
# - This file will NOT allow your own IP to bypass bad User-Agent or Referrer String checks.
# - To bypass everything for a certain IP see notes in blockbots.conf on SUPER WHITELIST

31
conf.d/botblocker-nginx-settings.conf Normal file
View file

@ -0,0 +1,31 @@
##############################################################################
# _ __ _ #
# / |/ /__ _(_)__ __ __ #
# / / _ `/ / _ \\ \ / #
# /_/|_/\_, /_/_//_/_\_\ #
# __/___/ __ ___ __ ___ __ __ #
# / _ )___ ____/ / / _ )___ / /_ / _ )/ /__ ____/ /_____ ____ #
# / _ / _ `/ _ / / _ / _ \/ __/ / _ / / _ \/ __/ '_/ -_) __/ #
# /____/\_,_/\_,_/ /____/\___/\__/ /____/_/\___/\__/_/\_\\__/_/ #
# #
##############################################################################
# Version 1.1
# ! new directives also to be added to include_filelist.txt ! #
server_names_hash_bucket_size 256;
server_names_hash_max_size 4096;
variables_hash_max_size 4096;
variables_hash_bucket_size 4096;
limit_req_zone $binary_remote_addr zone=flood:50m rate=90r/s;
limit_conn_zone $binary_remote_addr zone=addr:50m;
# ****************************************************************************
# NOTE: IF you are using a system like Nginx-Proxy from @JWilder
# ****************************************************************************
# Repo URL: https://github.com/jwilder/nginx-proxy
# You will need to comment out the first line here as follows.
# #server_names_hash_bucket_size 128;
# You will also need to modify the nginx.tmpl file to add the default include
# include /etc/nginx/conf.d/*
# ****************************************************************************

19306
conf.d/globalblacklist.conf Normal file
View file

File diff suppressed because it is too large Load diff

26
fastcgi.conf Normal file
View file

@ -0,0 +1,26 @@
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param REQUEST_SCHEME $scheme;
fastcgi_param HTTPS $https if_not_empty;
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param REDIRECT_STATUS 200;

25
fastcgi_params Normal file
View file

@ -0,0 +1,25 @@
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param REQUEST_SCHEME $scheme;
fastcgi_param HTTPS $https if_not_empty;
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param REDIRECT_STATUS 200;

109
koi-utf Normal file
View file

@ -0,0 +1,109 @@
# This map is not a full koi8-r <> utf8 map: it does not contain
# box-drawing and some other characters. Besides this map contains
# several koi8-u and Byelorussian letters which are not in koi8-r.
# If you need a full and standard map, use contrib/unicode2nginx/koi-utf
# map instead.
charset_map koi8-r utf-8 {
80 E282AC ; # euro
95 E280A2 ; # bullet
9A C2A0 ; # &nbsp;
9E C2B7 ; # &middot;
A3 D191 ; # small yo
A4 D194 ; # small Ukrainian ye
A6 D196 ; # small Ukrainian i
A7 D197 ; # small Ukrainian yi
AD D291 ; # small Ukrainian soft g
AE D19E ; # small Byelorussian short u
B0 C2B0 ; # &deg;
B3 D081 ; # capital YO
B4 D084 ; # capital Ukrainian YE
B6 D086 ; # capital Ukrainian I
B7 D087 ; # capital Ukrainian YI
B9 E28496 ; # numero sign
BD D290 ; # capital Ukrainian soft G
BE D18E ; # capital Byelorussian short U
BF C2A9 ; # (C)
C0 D18E ; # small yu
C1 D0B0 ; # small a
C2 D0B1 ; # small b
C3 D186 ; # small ts
C4 D0B4 ; # small d
C5 D0B5 ; # small ye
C6 D184 ; # small f
C7 D0B3 ; # small g
C8 D185 ; # small kh
C9 D0B8 ; # small i
CA D0B9 ; # small j
CB D0BA ; # small k
CC D0BB ; # small l
CD D0BC ; # small m
CE D0BD ; # small n
CF D0BE ; # small o
D0 D0BF ; # small p
D1 D18F ; # small ya
D2 D180 ; # small r
D3 D181 ; # small s
D4 D182 ; # small t
D5 D183 ; # small u
D6 D0B6 ; # small zh
D7 D0B2 ; # small v
D8 D18C ; # small soft sign
D9 D18B ; # small y
DA D0B7 ; # small z
DB D188 ; # small sh
DC D18D ; # small e
DD D189 ; # small shch
DE D187 ; # small ch
DF D18A ; # small hard sign
E0 D0AE ; # capital YU
E1 D090 ; # capital A
E2 D091 ; # capital B
E3 D0A6 ; # capital TS
E4 D094 ; # capital D
E5 D095 ; # capital YE
E6 D0A4 ; # capital F
E7 D093 ; # capital G
E8 D0A5 ; # capital KH
E9 D098 ; # capital I
EA D099 ; # capital J
EB D09A ; # capital K
EC D09B ; # capital L
ED D09C ; # capital M
EE D09D ; # capital N
EF D09E ; # capital O
F0 D09F ; # capital P
F1 D0AF ; # capital YA
F2 D0A0 ; # capital R
F3 D0A1 ; # capital S
F4 D0A2 ; # capital T
F5 D0A3 ; # capital U
F6 D096 ; # capital ZH
F7 D092 ; # capital V
F8 D0AC ; # capital soft sign
F9 D0AB ; # capital Y
FA D097 ; # capital Z
FB D0A8 ; # capital SH
FC D0AD ; # capital E
FD D0A9 ; # capital SHCH
FE D0A7 ; # capital CH
FF D0AA ; # capital hard sign
}

103
koi-win Normal file
View file

@ -0,0 +1,103 @@
charset_map koi8-r windows-1251 {
80 88 ; # euro
95 95 ; # bullet
9A A0 ; # &nbsp;
9E B7 ; # &middot;
A3 B8 ; # small yo
A4 BA ; # small Ukrainian ye
A6 B3 ; # small Ukrainian i
A7 BF ; # small Ukrainian yi
AD B4 ; # small Ukrainian soft g
AE A2 ; # small Byelorussian short u
B0 B0 ; # &deg;
B3 A8 ; # capital YO
B4 AA ; # capital Ukrainian YE
B6 B2 ; # capital Ukrainian I
B7 AF ; # capital Ukrainian YI
B9 B9 ; # numero sign
BD A5 ; # capital Ukrainian soft G
BE A1 ; # capital Byelorussian short U
BF A9 ; # (C)
C0 FE ; # small yu
C1 E0 ; # small a
C2 E1 ; # small b
C3 F6 ; # small ts
C4 E4 ; # small d
C5 E5 ; # small ye
C6 F4 ; # small f
C7 E3 ; # small g
C8 F5 ; # small kh
C9 E8 ; # small i
CA E9 ; # small j
CB EA ; # small k
CC EB ; # small l
CD EC ; # small m
CE ED ; # small n
CF EE ; # small o
D0 EF ; # small p
D1 FF ; # small ya
D2 F0 ; # small r
D3 F1 ; # small s
D4 F2 ; # small t
D5 F3 ; # small u
D6 E6 ; # small zh
D7 E2 ; # small v
D8 FC ; # small soft sign
D9 FB ; # small y
DA E7 ; # small z
DB F8 ; # small sh
DC FD ; # small e
DD F9 ; # small shch
DE F7 ; # small ch
DF FA ; # small hard sign
E0 DE ; # capital YU
E1 C0 ; # capital A
E2 C1 ; # capital B
E3 D6 ; # capital TS
E4 C4 ; # capital D
E5 C5 ; # capital YE
E6 D4 ; # capital F
E7 C3 ; # capital G
E8 D5 ; # capital KH
E9 C8 ; # capital I
EA C9 ; # capital J
EB CA ; # capital K
EC CB ; # capital L
ED CC ; # capital M
EE CD ; # capital N
EF CE ; # capital O
F0 CF ; # capital P
F1 DF ; # capital YA
F2 D0 ; # capital R
F3 D1 ; # capital S
F4 D2 ; # capital T
F5 D3 ; # capital U
F6 C6 ; # capital ZH
F7 C2 ; # capital V
F8 DC ; # capital soft sign
F9 DB ; # capital Y
FA C7 ; # capital Z
FB D8 ; # capital SH
FC DD ; # capital E
FD D9 ; # capital SHCH
FE D7 ; # capital CH
FF DA ; # capital hard sign
}

1080
mime.types Normal file
View file

File diff suppressed because it is too large Load diff

134
nginx.conf Normal file
View file

@ -0,0 +1,134 @@
#user http;
worker_processes 1;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
types_hash_max_size 4096;
types_hash_bucket_size 4096;
#gzip on;
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
server {
listen 80;
server_name localhost 127.0.0.1;
#charset koi8-r;
#access_log logs/host.access.log main;
location / {
root /usr/share/nginx/html;
#root /srv/http/asxpio;
index index.html;
}
location /nginx_status {
stub_status on;
allow 127.0.0.1;
deny all;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
#root /usr/share/nginx/html;
root /srv/http/;
index index.html;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# root html;
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
# include fastcgi_params;
#}
#location ~ \.php$ {
# fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
# fastcgi_index index.php;
# root /srv/http;
# include fastcgi.conf;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
# another virtual host using mix of IP-, name-, and port-based configuration
#
#server {
# listen 8000;
# listen somename:8080;
# server_name somename alias another.alias;
# location / {
# root html;
# index index.html index.htm;
# }
#}
# HTTPS server
#
#server {
# listen 443 ssl;
# server_name localhost;
# ssl_certificate cert.pem;
# ssl_certificate_key cert.key;
# ssl_session_cache shared:SSL:1m;
# ssl_session_timeout 5m;
# ssl_ciphers HIGH:!aNULL:!MD5;
# ssl_prefer_server_ciphers on;
# location / {
# root html;
# index index.html index.htm;
# }
#}
}

17
scgi_params Normal file
View file

@ -0,0 +1,17 @@
scgi_param REQUEST_METHOD $request_method;
scgi_param REQUEST_URI $request_uri;
scgi_param QUERY_STRING $query_string;
scgi_param CONTENT_TYPE $content_type;
scgi_param DOCUMENT_URI $document_uri;
scgi_param DOCUMENT_ROOT $document_root;
scgi_param SCGI 1;
scgi_param SERVER_PROTOCOL $server_protocol;
scgi_param REQUEST_SCHEME $scheme;
scgi_param HTTPS $https if_not_empty;
scgi_param REMOTE_ADDR $remote_addr;
scgi_param REMOTE_PORT $remote_port;
scgi_param SERVER_PORT $server_port;
scgi_param SERVER_NAME $server_name;

77
sites-available/asxp.io Normal file
View file

@ -0,0 +1,77 @@
#asxp.io
server {
if ($host = www.asxp.io) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = asxp.io) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name www.asxp.io asxp.io;
listen [::]:80;
server_name www.asxp.io asxp.io;
root /srv/http/asxpio;
#root /srv/http/photos;
index index.html;
server_name _;
return 444;
location / {
try_files $uri $uri/ =404;
}
}
server {
root /srv/http/asxpio;
#root /srv/http/photos;
index index.html;
server_name asxp.io www.asxp.io; # managed by Certbot
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
location ~ \.php$ {
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
fastcgi_index index.php;
root /srv/http/asxpio;
include fastcgi.conf;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
#listen [::]:443 ssl ipv6only=on; # managed by Certbot
#listen [::]:443;
#ssl on;
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/asxp.io/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/asxp.io/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
##
# Nginx Bad Bot Blocker Includes
# REPO: https://github.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker
##
#include /etc/nginx/bots.d/ddos.conf;
#include /etc/nginx/bots.d/blockbots.conf;
}

45
sites-available/gitea Normal file
View file

@ -0,0 +1,45 @@
server {
if ($host = www.git.asxp.io) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = git.asxp.io) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name www.git.asxp.io git.asxp.io;
listen [::]:80;
server_name www.git.asxp.io git.asxp.io;
server_name _;
return 444;
location / {
proxy_pass http://localhost:3000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name git.asxp.io;
ssl_certificate /etc/letsencrypt/live/asxp.io/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/asxp.io/privkey.pem; # managed by Certbot
location / {
proxy_pass http://localhost:3000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}

75
sites-available/photos.asxp.io Normal file
View file

@ -0,0 +1,75 @@
#asxp.io
server {
if ($host = www.photos.asxp.io) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = photos.asxp.io) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name www.photos.asxp.io photos.asxp.io;
listen [::]:80;
server_name www.photos.asxp.io photos.asxp.io;
root /srv/http/photos;
index index.html;
server_name _;
return 444;
location / {
try_files $uri $uri/ =404;
}
}
server {
root /srv/http/photos;
index index.html;
server_name photos.asxp.io www.photos.asxp.io; # managed by Certbot
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
location ~ \.php$ {
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
fastcgi_index index.php;
root /srv/http/photos;
include fastcgi.conf;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
#listen [::]:443 ssl ipv6only=on; # managed by Certbot
#listen [::]:443;
#ssl on;
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/asxp.io/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/asxp.io/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
##
# Nginx Bad Bot Blocker Includes
# REPO: https://github.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker
##
include /etc/nginx/bots.d/ddos.conf;
include /etc/nginx/bots.d/blockbots.conf;
}

11
sites-available/upload.asxp.io Normal file
View file

@ -0,0 +1,11 @@
server {
listen 80;
listen 443 ssl;
server_name upload.asxp.io;
location /content {
root /var/telegabber/content/.. ;
}
ssl_certificate /etc/letsencrypt/live/asxp.io/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/asxp.io/privkey.pem; # managed by Certbot
}

18
sites-available/uptime.asxp.io Normal file
View file

@ -0,0 +1,18 @@
server {
listen 443 ssl http2;
# Remove '#' in the next line to enable IPv6
# listen [::]:443 ssl http2;
server_name uptime.asxp.io;
ssl_certificate /etc/letsencrypt/live/asxp.io/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/asxp.io/privkey.pem; # managed by Certbot
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_pass http://localhost:3001/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}

1
sites-enabled/asxp.io Symbolic link
View file

@ -0,0 +1 @@
/etc/nginx/sites-available/asxp.io

1
sites-enabled/gitea Symbolic link
View file

@ -0,0 +1 @@
/etc/nginx/sites-available/gitea

1
sites-enabled/uptime.asxp.io Symbolic link
View file

@ -0,0 +1 @@
/etc/nginx/sites-available/uptime.asxp.io

17
uwsgi_params Normal file
View file

@ -0,0 +1,17 @@
uwsgi_param QUERY_STRING $query_string;
uwsgi_param REQUEST_METHOD $request_method;
uwsgi_param CONTENT_TYPE $content_type;
uwsgi_param CONTENT_LENGTH $content_length;
uwsgi_param REQUEST_URI $request_uri;
uwsgi_param PATH_INFO $document_uri;
uwsgi_param DOCUMENT_ROOT $document_root;
uwsgi_param SERVER_PROTOCOL $server_protocol;
uwsgi_param REQUEST_SCHEME $scheme;
uwsgi_param HTTPS $https if_not_empty;
uwsgi_param REMOTE_ADDR $remote_addr;
uwsgi_param REMOTE_PORT $remote_port;
uwsgi_param SERVER_PORT $server_port;
uwsgi_param SERVER_NAME $server_name;

126
win-utf Normal file
View file

@ -0,0 +1,126 @@
# This map is not a full windows-1251 <> utf8 map: it does not
# contain Serbian and Macedonian letters. If you need a full map,
# use contrib/unicode2nginx/win-utf map instead.
charset_map windows-1251 utf-8 {
82 E2809A ; # single low-9 quotation mark
84 E2809E ; # double low-9 quotation mark
85 E280A6 ; # ellipsis
86 E280A0 ; # dagger
87 E280A1 ; # double dagger
88 E282AC ; # euro
89 E280B0 ; # per mille
91 E28098 ; # left single quotation mark
92 E28099 ; # right single quotation mark
93 E2809C ; # left double quotation mark
94 E2809D ; # right double quotation mark
95 E280A2 ; # bullet
96 E28093 ; # en dash
97 E28094 ; # em dash
99 E284A2 ; # trade mark sign
A0 C2A0 ; # &nbsp;
A1 D18E ; # capital Byelorussian short U
A2 D19E ; # small Byelorussian short u
A4 C2A4 ; # currency sign
A5 D290 ; # capital Ukrainian soft G
A6 C2A6 ; # borken bar
A7 C2A7 ; # section sign
A8 D081 ; # capital YO
A9 C2A9 ; # (C)
AA D084 ; # capital Ukrainian YE
AB C2AB ; # left-pointing double angle quotation mark
AC C2AC ; # not sign
AD C2AD ; # soft hypen
AE C2AE ; # (R)
AF D087 ; # capital Ukrainian YI
B0 C2B0 ; # &deg;
B1 C2B1 ; # plus-minus sign
B2 D086 ; # capital Ukrainian I
B3 D196 ; # small Ukrainian i
B4 D291 ; # small Ukrainian soft g
B5 C2B5 ; # micro sign
B6 C2B6 ; # pilcrow sign
B7 C2B7 ; # &middot;
B8 D191 ; # small yo
B9 E28496 ; # numero sign
BA D194 ; # small Ukrainian ye
BB C2BB ; # right-pointing double angle quotation mark
BF D197 ; # small Ukrainian yi
C0 D090 ; # capital A
C1 D091 ; # capital B
C2 D092 ; # capital V
C3 D093 ; # capital G
C4 D094 ; # capital D
C5 D095 ; # capital YE
C6 D096 ; # capital ZH
C7 D097 ; # capital Z
C8 D098 ; # capital I
C9 D099 ; # capital J
CA D09A ; # capital K
CB D09B ; # capital L
CC D09C ; # capital M
CD D09D ; # capital N
CE D09E ; # capital O
CF D09F ; # capital P
D0 D0A0 ; # capital R
D1 D0A1 ; # capital S
D2 D0A2 ; # capital T
D3 D0A3 ; # capital U
D4 D0A4 ; # capital F
D5 D0A5 ; # capital KH
D6 D0A6 ; # capital TS
D7 D0A7 ; # capital CH
D8 D0A8 ; # capital SH
D9 D0A9 ; # capital SHCH
DA D0AA ; # capital hard sign
DB D0AB ; # capital Y
DC D0AC ; # capital soft sign
DD D0AD ; # capital E
DE D0AE ; # capital YU
DF D0AF ; # capital YA
E0 D0B0 ; # small a
E1 D0B1 ; # small b
E2 D0B2 ; # small v
E3 D0B3 ; # small g
E4 D0B4 ; # small d
E5 D0B5 ; # small ye
E6 D0B6 ; # small zh
E7 D0B7 ; # small z
E8 D0B8 ; # small i
E9 D0B9 ; # small j
EA D0BA ; # small k
EB D0BB ; # small l
EC D0BC ; # small m
ED D0BD ; # small n
EE D0BE ; # small o
EF D0BF ; # small p
F0 D180 ; # small r
F1 D181 ; # small s
F2 D182 ; # small t
F3 D183 ; # small u
F4 D184 ; # small f
F5 D185 ; # small kh
F6 D186 ; # small ts
F7 D187 ; # small ch
F8 D188 ; # small sh
F9 D189 ; # small shch
FA D18A ; # small hard sign
FB D18B ; # small y
FC D18C ; # small soft sign
FD D18D ; # small e
FE D18E ; # small yu
FF D18F ; # small ya
}