summaryrefslogtreecommitdiff
path: root/config (follow)
AgeCommit message (Expand)Author
2025-05-25Unify/fix the default.rules file across PHP versions, and add some new onesjvoisin
2024-06-09Forbid file:// protocol in Curlbohwaz
2024-06-09Wording updatesChristian Göttsche
2024-06-09Add option to specify the allowed "php" wrapper typesChristian Göttsche
2024-06-06Fix misc typosChristian Göttsche
2024-03-24Fix yet another php surprised-rename of functions parametersjvoisin
2023-11-27Update config/ini_protection.rulesJulien Voisin
2023-11-27Add condition for mysqli.reconnectChristian Göttsche
2023-11-03Add some documentation in the default rules.jvoisin
2023-02-16Add another burned vuln to the php8 rulesJulien Voisin
2023-02-16Add another burned vuln to the php7 rulesJulien Voisin
2023-01-03Add example configuration for Xenforo 2.2.12Julien Voisin
2023-01-03Add example configuration for Xenforo 2.2.12Tristan
2022-08-18Fix the default configuration on php7.4+jvoisin
2022-04-17Improve the portability of the php7 rulesjvoisin
2022-03-20Merge remote-tracking branch 'sektioneins/master'jvoisin
2022-01-11make xxe protection conditional in default rulesBen Fuhrmannek
2022-01-11enable strict_mode in example configBen Fuhrmannek
2022-01-10renamed ini protection example rulesBen Fuhrmannek
2022-01-10added conditions to ini protection exampleBen Fuhrmannek
2022-01-07added dangerous extension checkBen Fuhrmannek
2021-11-26PHP8 update parameters name in "move_uploaded_file" (#406)pfdutot
2021-11-11inverted logic. set xxe_protection.enable() instead of disable_xxe.disable()Ben Fuhrmannek
2021-08-30fixed typoBen Fuhrmannek
2021-08-29updated documentation URLBen Fuhrmannek
2021-08-18ported Suhosin rules to Snuffleupagus rulesBen Fuhrmannek
2021-08-18updated documentation URLBen Fuhrmannek
2021-08-16Fix a few typos and inconsistencies in config filesGasper Vozel
2021-08-07more ini protection featuresBen Fuhrmannek
2021-08-06default ruleset for ini protection featureBen Fuhrmannek
2021-05-09Fix disable function chmodWhiteWinterWolf
2021-05-01Additional PHP 8 sample config argument name changesTristan Deloche
2021-05-01Improve our SQLI-related documentation and remove some useless rulesjvoisin
2021-04-27Update some parameter names which changed for PHP 8.0Tristan Deloche
2021-04-26Add a configuration file for php8jvoisin
2020-06-07Lockdown of the logging directivesjvoisin
2020-04-25Fix and improve the previous commitjvoisin
2020-04-25Add yet an other stupid things to the default set of rulesjvoisin
2020-04-24Add yet another disabled_functions bypassjvoisin
2019-10-16Fix the default configurationjvoisin
2019-04-07Protect against a now-public open_basedir bypassjvoisin
2019-01-16Improve a bit the default rulesjvoisin
2018-12-25Tighten a bit the command-injection prevention rulejvoisin
2018-08-29Change how we're validating certificatesxXx-caillou-xXx
2018-08-29Verify certs (#223)jvoisin
2018-07-23Improve a bit the default rulesjvoisin
2018-07-23Whitelist the inclusion of `.phtml` filesjvoisin
2018-07-23Allow the inclusion of `.inc` filesjvoisin
2018-07-23Use SameSite on PHP's session cookie in the default rulesjvoisin
2018-07-23Activate more features in the default rulesjvoisin