diff options
Diffstat (limited to 'config')
| -rw-r--r-- | config/default.rules | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/config/default.rules b/config/default.rules index 2bd3c48..6e443ea 100644 --- a/config/default.rules +++ b/config/default.rules | |||
| @@ -7,6 +7,9 @@ sp.disable_xxe.enable(); | |||
| 7 | # use SameSite on session cookie | 7 | # use SameSite on session cookie |
| 8 | sp.cookie.name("PHPSESSID").samesite("lax"); | 8 | sp.cookie.name("PHPSESSID").samesite("lax"); |
| 9 | 9 | ||
| 10 | # Always verify certificates | ||
| 11 | sp.curl_verify_certificates.enable(); | ||
| 12 | |||
| 10 | # Harden the `chmod` function | 13 | # Harden the `chmod` function |
| 11 | sp.disable_function.function("chmod").param("mode").value_r("^[0-9]{2}[67]$").drop(); | 14 | sp.disable_function.function("chmod").param("mode").value_r("^[0-9]{2}[67]$").drop(); |
| 12 | 15 | ||
| @@ -91,3 +94,4 @@ sp.disable_function.function("is_callable").param("var").value("passthru").drop( | |||
| 91 | #File upload | 94 | #File upload |
| 92 | sp.disable_function.function("move_uploaded_file").param("destination").value_r("\\.ph").drop(); | 95 | sp.disable_function.function("move_uploaded_file").param("destination").value_r("\\.ph").drop(); |
| 93 | sp.disable_function.function("move_uploaded_file").param("destination").value_r("\\.ht").drop(); | 96 | sp.disable_function.function("move_uploaded_file").param("destination").value_r("\\.ht").drop(); |
| 97 | |||