diff options
| author | jvoisin | 2018-08-29 08:55:49 +0000 |
|---|---|---|
| committer | xXx-caillou-xXx | 2018-08-29 10:55:49 +0200 |
| commit | 64e52596abaf4bdd4c17f79c4e8acf25d1a452b4 (patch) | |
| tree | 5452af804c25304cabe0f7e1160263fad25c3bf9 /config/default.rules | |
| parent | a0300b15a3afffe02c737d263c3d6dd31ac307b7 (diff) | |
Verify certs (#223)
Ensure that certificates are verified in curl
should close #47
Diffstat (limited to 'config/default.rules')
| -rw-r--r-- | config/default.rules | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/config/default.rules b/config/default.rules index 2bd3c48..6e443ea 100644 --- a/config/default.rules +++ b/config/default.rules | |||
| @@ -7,6 +7,9 @@ sp.disable_xxe.enable(); | |||
| 7 | # use SameSite on session cookie | 7 | # use SameSite on session cookie |
| 8 | sp.cookie.name("PHPSESSID").samesite("lax"); | 8 | sp.cookie.name("PHPSESSID").samesite("lax"); |
| 9 | 9 | ||
| 10 | # Always verify certificates | ||
| 11 | sp.curl_verify_certificates.enable(); | ||
| 12 | |||
| 10 | # Harden the `chmod` function | 13 | # Harden the `chmod` function |
| 11 | sp.disable_function.function("chmod").param("mode").value_r("^[0-9]{2}[67]$").drop(); | 14 | sp.disable_function.function("chmod").param("mode").value_r("^[0-9]{2}[67]$").drop(); |
| 12 | 15 | ||
| @@ -91,3 +94,4 @@ sp.disable_function.function("is_callable").param("var").value("passthru").drop( | |||
| 91 | #File upload | 94 | #File upload |
| 92 | sp.disable_function.function("move_uploaded_file").param("destination").value_r("\\.ph").drop(); | 95 | sp.disable_function.function("move_uploaded_file").param("destination").value_r("\\.ph").drop(); |
| 93 | sp.disable_function.function("move_uploaded_file").param("destination").value_r("\\.ht").drop(); | 96 | sp.disable_function.function("move_uploaded_file").param("destination").value_r("\\.ht").drop(); |
| 97 | |||