diff --git a/bitfire.php b/bitfire.php index 9c5daac..517953a 100644 --- a/bitfire.php +++ b/bitfire.php @@ -17,6 +17,8 @@ const WAF_MIN_HIT = 25; const WAF_MIN_PERCENT = 10; +const CONFIG_WHITELIST_ENABLE='whitelist_enable'; +const CONFIG_BLACKLIST_ENABLE='blacklist_enable'; const CONFIG_REQUIRE_BROWSER = 'require_full_browser'; const CONFIG_USER_TRACK_COOKIE = 'user_tracking_cookie'; const CONFIG_MAX_CACHE_AGE = 'max_cache_age'; diff --git a/botfilter.php b/botfilter.php index 6dda4c2..667ffa0 100644 --- a/botfilter.php +++ b/botfilter.php @@ -26,12 +26,10 @@ const CONFIG_HONEYPOT='honeypot_url'; const CONFIG_METHODS='allowed_methods'; -const CONFIG_WHITELIST_ENABLE='whitelist_enable'; const CONFIG_WHITELIST='botwhitelist'; -const CONFIG_BLACKLIST_ENABLE='blacklist_enable'; -const CONFIG_BLACKLIST='blacklist'; const CONFIG_RATE_LIMIT_ACTION='rate_limit_action'; const CONFIG_MFA_PAGES='mfa_pages'; +const CONFIG_BLACKLIST='blacklist'; const AGENT_OS = 'os'; diff --git a/config.ini b/config.ini index 6e9b206..eb6f366 100644 --- a/config.ini +++ b/config.ini @@ -3,7 +3,7 @@ ; for details see the BitFire wiki: https://github.com/bitslip6/bitfire/wiki ; enable or disable all firewall features -bitfire_enabled = false +bitfire_enabled = true ; allow the firewall to blacklist misbevaving IPs for 10,60 or 1440 minutes allow_ip_block = false @@ -31,7 +31,7 @@ max_cache_age = 4200 [Input Filtering] ; enable filtering for malicious input (server side includes, etc) -web_filter_enabled = false +web_filter_enabled = true ; also decode html encoded input before inspection (good default) decode_html = true @@ -40,7 +40,7 @@ decode_html = true spam_filter_enabled = false ; block cross site scripting attempts -xss_block = false +xss_block = true ; block sql injection sql_block = true @@ -122,7 +122,7 @@ blacklist_enable = true require_full_browser = false ; set the honeypot url configuration -honeypot_url = '/gwxhuuaw/contact' +honeypot_url = '/mcaamxss/contact' ; require a valid host header check_domain = false @@ -141,19 +141,19 @@ rr_5m = 0 cache_type = 'shm' ; user confirmed tracking url - this must be a url that will be passed to the php interpreter -user_tracking_param = '_ouohwglo' +user_tracking_param = '_ddvleaip' ; name of the cookie used to verify real browser interactions -user_tracking_cookie = '_wehc' +user_tracking_cookie = '_laie' ; block failure page block_page = 'blocked.php' ; a system wide encryption key custom to this domain -encryption_key = 'KUhdp4Deaw6sOuj2kfLuJOul' +encryption_key = 'kij2NvqrKn8UtSxgWyCEj5Ae' ; custom site secret -secret = 'tzAg131Z0q6fH3Zy' +secret = 'LVTYO3epTJ8ZLSQI' ; user_id of web user web_uid = 33