shihaam/akaunting
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
akaunting/config/firewall.php
Denis Duliçi acad3c50db updated firewall config
2021-03-12 22:15:32 +03:00

405 lines
11 KiB
PHP
Raw Blame History

<?php
return [
'enabled' => env('FIREWALL_ENABLED', false),
'whitelist' => [env('FIREWALL_WHITELIST', '')],
'models' => [
'user' => '\App\Models\Auth\User',
// 'log' => '\App\Models\YourLogModel',
// 'ip' => '\App\Models\YourIpModel',
],
'responses' => [
'block' => [
'view' => env('FIREWALL_BLOCK_VIEW', null),
'redirect' => env('FIREWALL_BLOCK_REDIRECT', null),
'abort' => env('FIREWALL_BLOCK_ABORT', false),
'code' => env('FIREWALL_BLOCK_CODE', 403),
],
],
'notifications' => [
'mail' => [
'enabled' => env('FIREWALL_EMAIL_ENABLED', false),
'name' => env('FIREWALL_EMAIL_NAME', 'Akaunting Firewall'),
'from' => env('FIREWALL_EMAIL_FROM', 'firewall@mydomain.com'),
'to' => env('FIREWALL_EMAIL_TO', 'admin@mydomain.com'),
],
'slack' => [
'enabled' => env('FIREWALL_SLACK_ENABLED', false),
'emoji' => env('FIREWALL_SLACK_EMOJI', ':fire:'),
'from' => env('FIREWALL_SLACK_FROM', 'Akaunting Firewall'),
'to' => env('FIREWALL_SLACK_TO'), // webhook url
'channel' => env('FIREWALL_SLACK_CHANNEL', null), // set null to use the default channel of webhook
],
],
'all_middleware' => [
'firewall.ip',
'firewall.agent',
'firewall.bot',
'firewall.geo',
'firewall.lfi',
'firewall.php',
'firewall.referrer',
'firewall.rfi',
'firewall.session',
'firewall.sqli',
'firewall.swear',
'firewall.xss',
//'App\Http\Middleware\YourCustomRule',
],
'middleware' => [
'ip' => [
'methods' => ['all'],
'routes' => [
'only' => [], // i.e. 'contact'
'except' => [], // i.e. 'admin/*'
],
],
'agent' => [
'methods' => ['all'],
'routes' => [
'only' => [], // i.e. 'contact'
'except' => [], // i.e. 'admin/*'
],
// https://github.com/jenssegers/agent
'browsers' => [
'allow' => [], // i.e. 'Chrome', 'Firefox'
'block' => [], // i.e. 'IE'
],
'platforms' => [
'allow' => [], // i.e. 'Ubuntu', 'Windows'
'block' => [], // i.e. 'OS X'
],
'devices' => [
'allow' => [], // i.e. 'Desktop', 'Mobile'
'block' => [], // i.e. 'Tablet'
],
'properties' => [
'allow' => [], // i.e. 'Gecko', 'Version/5.1.7'
'block' => [], // i.e. 'AppleWebKit'
],
'auto_block' => [
'attempts' => 5,
'frequency' => 1 * 60, // 1 minute
'period' => 30 * 60, // 30 minutes
],
],
'bot' => [
'methods' => ['all'],
'routes' => [
'only' => [], // i.e. 'contact'
'except' => [], // i.e. 'admin/*'
],
// https://github.com/JayBizzle/Crawler-Detect/blob/master/raw/Crawlers.txt
'crawlers' => [
'allow' => [], // i.e. 'GoogleSites', 'GuzzleHttp'
'block' => [], // i.e. 'Holmes'
],
'auto_block' => [
'attempts' => 5,
'frequency' => 1 * 60, // 1 minute
'period' => 30 * 60, // 30 minutes
],
],
'geo' => [
'methods' => ['all'],
'routes' => [
'only' => [], // i.e. 'contact'
'except' => [], // i.e. 'admin/*'
],
'continents' => [
'allow' => [], // i.e. 'Africa'
'block' => [], // i.e. 'Europe'
],
'regions' => [
'allow' => [], // i.e. 'California'
'block' => [], // i.e. 'Nevada'
],
'countries' => [
'allow' => [], // i.e. 'Albania'
'block' => [], // i.e. 'Madagascar'
],
'cities' => [
'allow' => [], // i.e. 'Istanbul'
'block' => [], // i.e. 'London'
],
// ipapi, extremeiplookup, ipstack, ipdata, ipinfo
'service' => 'ipapi',
'auto_block' => [
'attempts' => 3,
'frequency' => 5 * 60, // 5 minutes
'period' => 30 * 60, // 30 minutes
],
],
'lfi' => [
'methods' => ['get', 'delete'],
'routes' => [
'only' => [], // i.e. 'contact'
'except' => [], // i.e. 'admin/*'
],
'inputs' => [
'only' => [], // i.e. 'first_name'
'except' => [], // i.e. 'password'
],
'patterns' => [
'#\.\/#is',
],
'auto_block' => [
'attempts' => 3,
'frequency' => 5 * 60, // 5 minutes
'period' => 30 * 60, // 30 minutes
],
],
'login' => [
'enabled' => true,
'auto_block' => [
'attempts' => 5,
'frequency' => 1 * 60, // 1 minute
'period' => 30 * 60, // 30 minutes
],
],
'php' => [
'methods' => ['get', 'post', 'delete'],
'routes' => [
'only' => [], // i.e. 'contact'
'except' => [], // i.e. 'admin/*'
],
'inputs' => [
'only' => [], // i.e. 'first_name'
'except' => [], // i.e. 'password'
],
'patterns' => [
'bzip2://',
'expect://',
'glob://',
'phar://',
'php://',
'ogg://',
'rar://',
'ssh2://',
'zip://',
'zlib://',
],
'auto_block' => [
'attempts' => 3,
'frequency' => 5 * 60, // 5 minutes
'period' => 30 * 60, // 30 minutes
],
],
'referrer' => [
'methods' => ['all'],
'routes' => [
'only' => [], // i.e. 'contact'
'except' => [], // i.e. 'admin/*'
],
'blocked' => [],
'auto_block' => [
'attempts' => 3,
'frequency' => 5 * 60, // 5 minutes
'period' => 30 * 60, // 30 minutes
],
],
'rfi' => [
'methods' => ['get', 'post', 'delete'],
'routes' => [
'only' => [], // i.e. 'contact'
'except' => [], // i.e. 'admin/*'
],
'inputs' => [
'only' => [], // i.e. 'first_name'
'except' => [], // i.e. 'password'
],
'patterns' => [
'#(http|ftp){1,1}(s){0,1}://.*#i',
],
'exceptions' => [],
'auto_block' => [
'attempts' => 3,
'frequency' => 5 * 60, // 5 minutes
'period' => 30 * 60, // 30 minutes
],
],
'session' => [
'methods' => ['get', 'post', 'delete'],
'routes' => [
'only' => [], // i.e. 'contact'
'except' => [], // i.e. 'admin/*'
],
'inputs' => [
'only' => [], // i.e. 'first_name'
'except' => [], // i.e. 'password'
],
'patterns' => [
'@[\|:]O:\d{1,}:"[\w_][\w\d_]{0,}":\d{1,}:{@i',
'@[\|:]a:\d{1,}:{@i',
],
'auto_block' => [
'attempts' => 3,
'frequency' => 5 * 60, // 5 minutes
'period' => 30 * 60, // 30 minutes
],
],
'sqli' => [
'methods' => ['get', 'delete'],
'routes' => [
'only' => [], // i.e. 'contact'
'except' => [], // i.e. 'admin/*'
],
'inputs' => [
'only' => [], // i.e. 'first_name'
'except' => [], // i.e. 'password'
],
'patterns' => [
'#[\d\W](union select|union join|union distinct)[\d\W]#is',
'#[\d\W](union|union select|insert|from|where|concat|into|cast|truncate|select|delete|having)[\d\W]#is',
],
'auto_block' => [
'attempts' => 3,
'frequency' => 5 * 60, // 5 minutes
'period' => 30 * 60, // 30 minutes
],
],
'swear' => [
'methods' => ['post', 'put', 'patch'],
'routes' => [
'only' => [], // i.e. 'contact'
'except' => [], // i.e. 'admin/*'
],
'inputs' => [
'only' => [], // i.e. 'first_name'
'except' => [], // i.e. 'password'
],
'words' => [],
'auto_block' => [
'attempts' => 3,
'frequency' => 5 * 60, // 5 minutes
'period' => 30 * 60, // 30 minutes
],
],
'url' => [
'methods' => ['all'],
'inspections' => [], // i.e. 'admin'
'auto_block' => [
'attempts' => 5,
'frequency' => 1 * 60, // 1 minute
'period' => 30 * 60, // 30 minutes
],
],
'whitelist' => [
'methods' => ['all'],
'routes' => [
'only' => [], // i.e. 'contact'
'except' => [], // i.e. 'admin/*'
],
],
'xss' => [
'methods' => ['post', 'put', 'patch'],
'routes' => [
'only' => [], // i.e. 'contact'
'except' => [], // i.e. 'admin/*'
],
'inputs' => [
'only' => [], // i.e. 'first_name'
'except' => [], // i.e. 'password'
],
'patterns' => [
// Evil starting attributes
'#(<[^>]+[\x00-\x20\"\'\/])(form|formaction|on\w*|style|xmlns|xlink:href)[^>]*>?#iUu',
// javascript:, livescript:, vbscript:, mocha: protocols
'!((java|live|vb)script|mocha|feed|data):(\w)*!iUu',
'#-moz-binding[\x00-\x20]*:#u',
// Unneeded tags
'#</*(applet|meta|xml|blink|link|style|script|embed|object|iframe|frame|frameset|ilayer|layer|bgsound|title|base)[^>]*>?#i'
],
'auto_block' => [
'attempts' => 3,
'frequency' => 5 * 60, // 5 minutes
'period' => 30 * 60, // 30 minutes
],
],
],
];
Reference in New Issue View Git Blame Copy Permalink