diff options
| -rw-r--r-- | config/default.rules | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/config/default.rules b/config/default.rules index b52ae4c..8ac4498 100644 --- a/config/default.rules +++ b/config/default.rules | |||
| @@ -4,6 +4,9 @@ sp.disable_function.function("chmod").param("mode").value_r("^[0-9]{2}[67]$").dr | |||
| 4 | # Prevent various `mail`-related vulnerabilities | 4 | # Prevent various `mail`-related vulnerabilities |
| 5 | sp.disable_function.function("mail").param("additional_parameters").value_r("\\-").drop(); | 5 | sp.disable_function.function("mail").param("additional_parameters").value_r("\\-").drop(); |
| 6 | 6 | ||
| 7 | # Since it's now burned, me might as well mitigate it publicly | ||
| 8 | sp.disable_function.function("putenv").param("setting").value_r("LD_PRELOAD").drop() | ||
| 9 | |||
| 7 | ##Prevent various `include`-related vulnerabilities | 10 | ##Prevent various `include`-related vulnerabilities |
| 8 | sp.disable_function.function_r("^(?:require|include)_once$").value_r("\\.(?:php|php7|inc|tpl)$").allow(); | 11 | sp.disable_function.function_r("^(?:require|include)_once$").value_r("\\.(?:php|php7|inc|tpl)$").allow(); |
| 9 | sp.disable_function.function_r("^require|include$").value_r("\\.(?:php|php7|inc|tpl)$").allow(); | 12 | sp.disable_function.function_r("^require|include$").value_r("\\.(?:php|php7|inc|tpl)$").allow(); |