diff options
Diffstat (limited to 'config/ini_protection.php8.rules')
| -rw-r--r-- | config/ini_protection.php8.rules | 20 |
1 files changed, 19 insertions, 1 deletions
diff --git a/config/ini_protection.php8.rules b/config/ini_protection.php8.rules index 081048f..b4ddb30 100644 --- a/config/ini_protection.php8.rules +++ b/config/ini_protection.php8.rules | |||
| @@ -1,6 +1,20 @@ | |||
| 1 | ## INI protection - prevent unwanted runtime ini changes made by ini_set() or other functions or by .htaccess | 1 | ## INI protection - prevent unwanted runtime ini changes made by ini_set() or other functions or by .htaccess |
| 2 | sp.ini_protection.enable(); | 2 | sp.ini_protection.enable(); |
| 3 | 3 | ||
| 4 | ## simulation mode: only log violations | ||
| 5 | #sp.ini_protection.simulation(); | ||
| 6 | |||
| 7 | ## drop policy: drop request on rule violation | ||
| 8 | #sp.ini_protection.policy_drop(); | ||
| 9 | |||
| 10 | ## do not log violations. | ||
| 11 | ## this setting has no effect in simulation or drop mode | ||
| 12 | #sp.ini_protection.policy_silent_fail(); | ||
| 13 | |||
| 14 | ## do not log read-only violations | ||
| 15 | ## this setting has no effect in simulation or drop mode | ||
| 16 | sp.ini_protection.policy_silent_ro(); | ||
| 17 | |||
| 4 | ## access policy can be one of | 18 | ## access policy can be one of |
| 5 | ## .policy_readonly(): All entries are read-only by default. | 19 | ## .policy_readonly(): All entries are read-only by default. |
| 6 | ## Individual entries can be set read-write using .readwrite() or .rw() | 20 | ## Individual entries can be set read-write using .readwrite() or .rw() |
| @@ -10,13 +24,17 @@ sp.ini_protection.enable(); | |||
| 10 | 24 | ||
| 11 | ## sp.ini entries can have the following attributes | 25 | ## sp.ini entries can have the following attributes |
| 12 | ## .key("..."): mandatory ini name. | 26 | ## .key("..."): mandatory ini name. |
| 13 | ## .set("..."): set the value. This overrides php.ini. | 27 | ## .set("..."): set the initial value. This overrides php.ini. |
| 28 | ## checks are not performed for this initial value. | ||
| 14 | ## .min("...") / .max("..."): value must be an integer between .min and .max. | 29 | ## .min("...") / .max("..."): value must be an integer between .min and .max. |
| 15 | ## shorthand notation (e.g. 1k = 1024) is allowed | 30 | ## shorthand notation (e.g. 1k = 1024) is allowed |
| 16 | ## .regexp("..."): value must match the regular expression | 31 | ## .regexp("..."): value must match the regular expression |
| 32 | ## .allow_null(): allow setting a NULL-value | ||
| 17 | ## .msg("..."): message is shown in logs on rule violation instead of default message | 33 | ## .msg("..."): message is shown in logs on rule violation instead of default message |
| 18 | ## .readonly() / .ro() / .readwrite() / .rw(): set entry to read-only or read-write respectively | 34 | ## .readonly() / .ro() / .readwrite() / .rw(): set entry to read-only or read-write respectively |
| 19 | ## If no access keyword is provided, the entry inherits the default policy set by sp.ini_protection.policy_*-rules. | 35 | ## If no access keyword is provided, the entry inherits the default policy set by sp.ini_protection.policy_*-rules. |
| 36 | ## .drop(): drop request on rule violation for this entry | ||
| 37 | ## .simulation(): only log rule violation for this entry | ||
| 20 | 38 | ||
| 21 | ## FOR PRODUCTION SYSTEMS: disable error messages and version numbers | 39 | ## FOR PRODUCTION SYSTEMS: disable error messages and version numbers |
| 22 | sp.ini.key("display_errors").set("0").ro(); | 40 | sp.ini.key("display_errors").set("0").ro(); |