tat cả vhost domain mình đều set:
add_header X-Frame-Options SAMEORIGIN;
add_header X-Frame-Options ALLOWALL;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
và trong file trong file all.conf của mình thế này:
Code: Select alllocation / {
try_files $uri $uri/ /index.php?$args;
#try_files $uri $uri/ /index.php?$query_string;
#try_files $uri $uri/ /index.php;
# try_files $uri $uri/ /index.html;
#if ($http_origin ~* (https?://[^/]*(\.)?diathevang\.info(:[0-9]+)?|https?://[^/]*(\.)?diembds\.com(:[0-9]+)?|https?://[^/]*(\.)?bdsdn\.info(:[0-9]+)?)) {
# add_header ‘Access-Control-Allow-Origin’ “$http_origin”;
#}
}
location ~ ([^/]*)sitemap(.*)\.x(m|s)l$ {
## SEOPress
rewrite ^/sitemaps\.xml$ /index.php?seopress_sitemap=1 last;
rewrite ^/sitemaps_xsl\.xsl$ /index.php?seopress_sitemap_xsl=1 last;
rewrite ^/sitemaps/([_0-9a-zA-Z-]+)?\.xml$ /index.php?seopress_cpt=$1 last;
rewrite ^/sitemap(-+([a-zA-Z0-9_-]+))?\.xml$ "/index.php?xml_sitemap=params=$2" last;
rewrite ^/sitemap(-+([a-zA-Z0-9_-]+))?\.xml\.gz$ "/index.php?xml_sitemap=params=$2;zip=true" last;
rewrite ^/sitemap(-+([a-zA-Z0-9_-]+))?\.html$ "/index.php?xml_sitemap=params=$2;html=true" last;
rewrite ^/sitemap(-+([a-zA-Z0-9_-]+))?\.html.gz$ "/index.php?xml_sitemap=params=$2;html=true;zip=true" last;
}
location ~ ([^/]*)sitemap(.*)\.x(m|s)l$ {
## SEOPress
rewrite ^/sitemaps\.xml$ /index.php?seopress_sitemap=1 last;
rewrite ^/sitemaps_xsl\.xsl$ /index.php?seopress_sitemap_xsl=1 last;
rewrite ^/sitemaps/([_0-9a-zA-Z-]+)?\.xml$ /index.php?seopress_cpt=$1 last;
}
location ~* \.(?:ico|css|js|jpe?g|png|gif|svg|pdf|mov|mp4|mp3|eot|otf|svg|ttf|woff|woff2)$ {
expires 7d;
add_header Pragma public;
add_header Cache-Control "public";
gzip_vary on;
}
#location ~ ^/(wp-admin|wp-login\.php) {
# allow 42.112.91.18;
# deny all;
# }
location ~* wp-config.php {
deny all;
}
location /wordpress/ {
try_files $uri $uri/ /wordpress/index.php?$args;
}
location /wp/ {
try_files $uri $uri/ /wp/index.php?$args;
}
location /diendan/ {
try_files $uri $uri/ /diendan/index.php?$args;
}
mình tắt hết cache
reset lại vps vẫn bị domain phụ