summaryrefslogtreecommitdiff
path: root/config (follow)
AgeCommit message (Expand)Author
2022-08-18Fix the default configuration on php7.4+jvoisin
2022-04-17Improve the portability of the php7 rulesjvoisin
2022-03-20Merge remote-tracking branch 'sektioneins/master'jvoisin
2022-01-11make xxe protection conditional in default rulesBen Fuhrmannek
2022-01-11enable strict_mode in example configBen Fuhrmannek
2022-01-10renamed ini protection example rulesBen Fuhrmannek
2022-01-10added conditions to ini protection exampleBen Fuhrmannek
2022-01-07added dangerous extension checkBen Fuhrmannek
2021-11-26PHP8 update parameters name in "move_uploaded_file" (#406)pfdutot
2021-11-11inverted logic. set xxe_protection.enable() instead of disable_xxe.disable()Ben Fuhrmannek
2021-08-30fixed typoBen Fuhrmannek
2021-08-29updated documentation URLBen Fuhrmannek
2021-08-18ported Suhosin rules to Snuffleupagus rulesBen Fuhrmannek
2021-08-18updated documentation URLBen Fuhrmannek
2021-08-16Fix a few typos and inconsistencies in config filesGasper Vozel
2021-08-07more ini protection featuresBen Fuhrmannek
2021-08-06default ruleset for ini protection featureBen Fuhrmannek
2021-05-09Fix disable function chmodWhiteWinterWolf
2021-05-01Additional PHP 8 sample config argument name changesTristan Deloche
2021-05-01Improve our SQLI-related documentation and remove some useless rulesjvoisin
2021-04-27Update some parameter names which changed for PHP 8.0Tristan Deloche
2021-04-26Add a configuration file for php8jvoisin
2020-06-07Lockdown of the logging directivesjvoisin
2020-04-25Fix and improve the previous commitjvoisin
2020-04-25Add yet an other stupid things to the default set of rulesjvoisin
2020-04-24Add yet another disabled_functions bypassjvoisin
2019-10-16Fix the default configurationjvoisin
2019-04-07Protect against a now-public open_basedir bypassjvoisin
2019-01-16Improve a bit the default rulesjvoisin
2018-12-25Tighten a bit the command-injection prevention rulejvoisin
2018-08-29Change how we're validating certificatesxXx-caillou-xXx
2018-08-29Verify certs (#223)jvoisin
2018-07-23Improve a bit the default rulesjvoisin
2018-07-23Whitelist the inclusion of `.phtml` filesjvoisin
2018-07-23Allow the inclusion of `.inc` filesjvoisin
2018-07-23Use SameSite on PHP's session cookie in the default rulesjvoisin
2018-07-23Activate more features in the default rulesjvoisin
2018-07-13Massively optimize how rules are handledxXx-caillou-xXx
2018-03-09Improve the performances of our default rulesjvoisin
2018-03-09Vastly improve our typo3 rulesjvoisin
2018-03-05Improve a bit the performances (+10%)jvoisin
2018-03-02Add some rules for Typo3, courtesy of @kjojojvoisin
2018-02-26Improve the previous commitjvoisin
2018-02-26Add a rule to prevent various sandbox escapesjvoisin
2018-02-22Refactor a bit our rulesjvoisin
2018-02-07Tested two more rules for Abantecart 1.2.8 from the RIPS calendarkjojo
2018-02-07Add an example rule from the rips calendar for abantecart's XSSkjojo
2018-01-17Our configuration files are ending in .rules, not .inijvoisin
2017-12-27Fix the debian packageblotus
2017-12-04Fix the configuration parser wrt. non-matching bracketsjvoisin