I use ngx_http_access_module‘s allow/deny directives to protect sensitive parts of my websites from public access. But if a website is protected by CloudFlare, or same-scheme DDoS protection/CDN provider, your nginx will get only CloudFlare’s IPs, so your blocking (or any another IP-based, e.g. GeoIP) rules will not work. This HOWTO is written for CloudFlare. P.S.
Since SSLv3 is deprecated, it’s a good idea to disable it in webserver config to become invulnerable to POODLE attack (sorry, Windows XP users). The problem is, even if you disable it in config, it may be still available for negotiation! Follow the article to see the remedy for this issue. The main part is
Few days ago I was struggled by broken ownCloud installation, where the app became malfunctional during the update due to updater tool, ignoring any attempts to change it’s configuration or do anything. The owncloud/config/ directory was also lost. The problem was that all data was encrypted, and ownCloud saves the salt hash in the config.php file,