没错，senginx.org网站用的就是senginx反向代理后端的apache服务器，并开启了一系列的安全功能。

完整的配置文件见下（隐去了无用部分）

user nobody;
worker_processes  1;

error_log  logs/error.log  notice;

pid        logs/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       mime.types;
    default_type  application/octet-stream;
    include       /usr/local/senginx/naxsi/naxsi_config/naxsi_core.rules;

    geoip_country /usr/local/senginx/GeoIP.dat;
    geoip_city /usr/local/senginx/GeoLiteCity.dat;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"'
                      ' - [$geoip_city, $geoip_city_country_name]';


    sendfile       on;
    tcp_nopush     on;

    keepalive_timeout  65;

    gzip  on;

    session_max_size 1024;

    upstream backend {
        server 127.0.0.1:8086;
    }

    server {
        listen       80;
        server_name  www.senginx.org;

        access_log  logs/access.www.log  main;

        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }

        session_timeout 600;
        session on;

	location /RequestDenied {
	    return 403;
	}

        location /favicon.ico {
            proxy_pass   http://backend;
        }

        location /download {
            proxy_pass   http://backend;
        }

        location /img {
            proxy_pass   http://backend;
        }

        location /cn {
            error_log logs/error.cn.log;

            robot_mitigation on;
            robot_mitigation_mode js;
            robot_mitigation_action block;
            robot_mitigation_whitelist {
                "Baidu" "Baiduspider";
                "Google" "Googlebot";
            }

            cookie_poisoning on;
            cookie_poisoning_action block;

	    #LearningMode;
	    SecRulesEnabled;
	    #SecRulesDisabled;
	     
	    DeniedUrl "/RequestDenied";
	      
	    include wl.conf;
	       
	    ## check rules
	    CheckRule "$XSS >= 4" BLOCK;
	    CheckRule "$TRAVERSAL >= 4" BLOCK;
	    CheckRule "$EVADE >= 8" BLOCK;
	    CheckRule "$UPLOAD >= 8" BLOCK;
	    CheckRule "$RFI >= 8" BLOCK;
	    CheckRule "$SQL >= 8" BLOCK;
            

            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header Host $http_host;
            proxy_pass   http://backend;
        }

        location /en {
            error_log logs/error.en.log;
            
            robot_mitigation on;
            robot_mitigation_mode js;
            robot_mitigation_action block;
            robot_mitigation_whitelist {
                "Google" "Googlebot";
            }

            cookie_poisoning on;
            cookie_poisoning_action block;

	    #LearningMode;
	    SecRulesEnabled;
	    #SecRulesDisabled;
	     
	    DeniedUrl "/RequestDenied";
	      
	    include wl-en.conf;
	       
	    ## check rules
	    CheckRule "$XSS >= 4" BLOCK;
	    CheckRule "$TRAVERSAL >= 4" BLOCK;
	    CheckRule "$EVADE >= 8" BLOCK;
	    CheckRule "$UPLOAD >= 8" BLOCK;
	    CheckRule "$RFI >= 8" BLOCK;
	    CheckRule "$SQL >= 8" BLOCK;
            

            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header Host $http_host;
            proxy_pass   http://backend;
        }


        location / {
            if ($geoip_country_code = CN) {
                rewrite ^/$ /cn redirect;
            }
            
            if ($geoip_country_code != CN) {
                rewrite ^/$ /en redirect;
            }
        }
    }
}

本配置文件是基于senginx 1.5.3版本的，并编译了cookie poisoning模块和GeoIP模块，旧的版本可能会无法使用其中的一些命令。
www.senginx.org的基础结构是使用apache监听本地的8086端口，然后使用senginx反向代理，并实现了如下功能：
根据地理位置（源IP）分发请求到不同的location
开启session功能
防机器人（把baidu和google的爬虫加入白名单）
cookie防篡改
naxsi的全部检查