From 4b187bc81d9a87dc000ea9bf297819161f0f3e72 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Denis=20Duli=C3=A7i?= Date: Thu, 4 Aug 2022 17:07:20 +0300 Subject: [PATCH] updated firewall config --- config/firewall.php | 65 +++++++++++++++++++++++++++++++++++---------- 1 file changed, 51 insertions(+), 14 deletions(-) diff --git a/config/firewall.php b/config/firewall.php index 4bf767a6b..903d2653f 100644 --- a/config/firewall.php +++ b/config/firewall.php @@ -12,6 +12,15 @@ return [ // 'ip' => '\App\Models\YourIpModel', ], + 'log' => [ + 'max_request_size' => 2048, + ], + + 'cron' => [ + 'enabled' => env('FIREWALL_CRON_ENABLED', true), + 'expression' => env('FIREWALL_CRON_EXPRESSION', '* * * * *'), + ], + 'responses' => [ 'block' => [ @@ -61,6 +70,8 @@ return [ 'middleware' => [ 'ip' => [ + 'enabled' => env('FIREWALL_MIDDLEWARE_IP_ENABLED', env('FIREWALL_ENABLED', true)), + 'methods' => ['all'], 'routes' => [ @@ -70,6 +81,8 @@ return [ ], 'agent' => [ + 'enabled' => env('FIREWALL_MIDDLEWARE_AGENT_ENABLED', env('FIREWALL_ENABLED', true)), + 'methods' => ['all'], 'routes' => [ @@ -99,13 +112,15 @@ return [ ], 'auto_block' => [ - 'attempts' => 5, + 'attempts' => env('FIREWALL_MIDDLEWARE_AGENT_AUTO_BLOCK_ATTEMPTS', 5), 'frequency' => 1 * 60, // 1 minute 'period' => 30 * 60, // 30 minutes ], ], 'bot' => [ + 'enabled' => env('FIREWALL_MIDDLEWARE_BOT_ENABLED', env('FIREWALL_ENABLED', true)), + 'methods' => ['all'], 'routes' => [ @@ -120,13 +135,15 @@ return [ ], 'auto_block' => [ - 'attempts' => 5, + 'attempts' => env('FIREWALL_MIDDLEWARE_BOT_AUTO_BLOCK_ATTEMPTS', 5), 'frequency' => 1 * 60, // 1 minute 'period' => 30 * 60, // 30 minutes ], ], 'geo' => [ + 'enabled' => env('FIREWALL_MIDDLEWARE_GEO_ENABLED', env('FIREWALL_ENABLED', true)), + 'methods' => ['all'], 'routes' => [ @@ -158,13 +175,15 @@ return [ 'service' => 'ipapi', 'auto_block' => [ - 'attempts' => 3, + 'attempts' => env('FIREWALL_MIDDLEWARE_GEO_AUTO_BLOCK_ATTEMPTS', 3), 'frequency' => 5 * 60, // 5 minutes 'period' => 30 * 60, // 30 minutes ], ], 'lfi' => [ + 'enabled' => env('FIREWALL_MIDDLEWARE_LFI_ENABLED', env('FIREWALL_ENABLED', true)), + 'methods' => ['get', 'delete'], 'routes' => [ @@ -182,23 +201,25 @@ return [ ], 'auto_block' => [ - 'attempts' => 3, + 'attempts' => env('FIREWALL_MIDDLEWARE_LFI_AUTO_BLOCK_ATTEMPTS', 3), 'frequency' => 5 * 60, // 5 minutes 'period' => 30 * 60, // 30 minutes ], ], 'login' => [ - 'enabled' => true, + 'enabled' => env('FIREWALL_MIDDLEWARE_LOGIN_ENABLED', env('FIREWALL_ENABLED', true)), 'auto_block' => [ - 'attempts' => 5, + 'attempts' => env('FIREWALL_MIDDLEWARE_LOGIN_AUTO_BLOCK_ATTEMPTS', 10), 'frequency' => 1 * 60, // 1 minute 'period' => 30 * 60, // 30 minutes ], ], 'php' => [ + 'enabled' => env('FIREWALL_MIDDLEWARE_PHP_ENABLED', env('FIREWALL_ENABLED', true)), + 'methods' => ['get', 'post', 'delete'], 'routes' => [ @@ -225,13 +246,15 @@ return [ ], 'auto_block' => [ - 'attempts' => 3, + 'attempts' => env('FIREWALL_MIDDLEWARE_PHP_AUTO_BLOCK_ATTEMPTS', 3), 'frequency' => 5 * 60, // 5 minutes 'period' => 30 * 60, // 30 minutes ], ], 'referrer' => [ + 'enabled' => env('FIREWALL_MIDDLEWARE_REFERRER_ENABLED', env('FIREWALL_ENABLED', true)), + 'methods' => ['all'], 'routes' => [ @@ -242,13 +265,15 @@ return [ 'blocked' => [], 'auto_block' => [ - 'attempts' => 3, + 'attempts' => env('FIREWALL_MIDDLEWARE_REFERRER_AUTO_BLOCK_ATTEMPTS', 3), 'frequency' => 5 * 60, // 5 minutes 'period' => 30 * 60, // 30 minutes ], ], 'rfi' => [ + 'enabled' => env('FIREWALL_MIDDLEWARE_RFI_ENABLED', env('FIREWALL_ENABLED', true)), + 'methods' => ['get', 'post', 'delete'], 'routes' => [ @@ -268,13 +293,15 @@ return [ 'exceptions' => [], 'auto_block' => [ - 'attempts' => 3, + 'attempts' => env('FIREWALL_MIDDLEWARE_RFI_AUTO_BLOCK_ATTEMPTS', 3), 'frequency' => 5 * 60, // 5 minutes 'period' => 30 * 60, // 30 minutes ], ], 'session' => [ + 'enabled' => env('FIREWALL_MIDDLEWARE_SESSION_ENABLED', env('FIREWALL_ENABLED', true)), + 'methods' => ['get', 'post', 'delete'], 'routes' => [ @@ -293,13 +320,15 @@ return [ ], 'auto_block' => [ - 'attempts' => 3, + 'attempts' => env('FIREWALL_MIDDLEWARE_SESSION_AUTO_BLOCK_ATTEMPTS', 3), 'frequency' => 5 * 60, // 5 minutes 'period' => 30 * 60, // 30 minutes ], ], 'sqli' => [ + 'enabled' => env('FIREWALL_MIDDLEWARE_SQLI_ENABLED', env('FIREWALL_ENABLED', true)), + 'methods' => ['get', 'delete'], 'routes' => [ @@ -318,13 +347,15 @@ return [ ], 'auto_block' => [ - 'attempts' => 3, + 'attempts' => env('FIREWALL_MIDDLEWARE_SQLI_AUTO_BLOCK_ATTEMPTS', 3), 'frequency' => 5 * 60, // 5 minutes 'period' => 30 * 60, // 30 minutes ], ], 'swear' => [ + 'enabled' => env('FIREWALL_MIDDLEWARE_SWEAR_ENABLED', env('FIREWALL_ENABLED', true)), + 'methods' => ['post', 'put', 'patch'], 'routes' => [ @@ -340,25 +371,29 @@ return [ 'words' => [], 'auto_block' => [ - 'attempts' => 3, + 'attempts' => env('FIREWALL_MIDDLEWARE_SWEAR_AUTO_BLOCK_ATTEMPTS', 3), 'frequency' => 5 * 60, // 5 minutes 'period' => 30 * 60, // 30 minutes ], ], 'url' => [ + 'enabled' => env('FIREWALL_MIDDLEWARE_URL_ENABLED', env('FIREWALL_ENABLED', true)), + 'methods' => ['all'], 'inspections' => [], // i.e. 'admin' 'auto_block' => [ - 'attempts' => 5, + 'attempts' => env('FIREWALL_MIDDLEWARE_URL_AUTO_BLOCK_ATTEMPTS', 5), 'frequency' => 1 * 60, // 1 minute 'period' => 30 * 60, // 30 minutes ], ], 'whitelist' => [ + 'enabled' => env('FIREWALL_MIDDLEWARE_WHITELIST_ENABLED', env('FIREWALL_ENABLED', true)), + 'methods' => ['all'], 'routes' => [ @@ -368,6 +403,8 @@ return [ ], 'xss' => [ + 'enabled' => env('FIREWALL_MIDDLEWARE_XSS_ENABLED', env('FIREWALL_ENABLED', true)), + 'methods' => ['post', 'put', 'patch'], 'routes' => [ @@ -393,7 +430,7 @@ return [ ], 'auto_block' => [ - 'attempts' => 3, + 'attempts' => env('FIREWALL_MIDDLEWARE_XSS_AUTO_BLOCK_ATTEMPTS', 3), 'frequency' => 5 * 60, // 5 minutes 'period' => 30 * 60, // 30 minutes ],