-
Notifications
You must be signed in to change notification settings - Fork 24
/
01-SETUP.conf
115 lines (99 loc) · 4.13 KB
/
01-SETUP.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
# -=[ Rule 22000000: Client IP Address ]=-
# ----------------------------------------
# This rule set the "real" client IP Address. This usually is %{REMOTE_ADDR}
# but when you are behind CloudFlare or a Load Balancer, the user's IP Address
# is inside a header parameter like X-Forwarded-For, or True-Client-IP,
# or CF-Connecting-IP for CloudFlare. See the 01-SETUP.conf file for more information:
#
# set client ip from REMOTE_ADDR
#SecAction "phase:1,id:22000000,nolog,pass,t:none,setvar:tx.wprs_client_ip=%{REMOTE_ADDR}"
#
# Using CloudFlare:
# Set client ip from CF-Connecting-IP
# ------------------------------------
#SecAction "phase:1,id:22000000,nolog,pass,t:none,setvar:tx.wprs_client_ip=%{REQUEST_HEADERS:CF-Connecting-IP}"
#
# Using a load balancer (like DigitalOcean):
# set client ip from x-forwarded-for
# ------------------------------------------
#SecAction "phase:1,id:22000000,nolog,pass,t:none,setvar:tx.wprs_client_ip=%{REQUEST_HEADERS:X-Forwarded-For}"
# -=[ Rule 22000004: Enable / Disable Brute-force mitigation ]=-
# When wprs_check_bruteforce variable is set to 1, the WPRS will enable all
# brute-force mitigation rules. More information at 03-BRUTEFORCE.conf file.
#
# setvar:tx.wprs_check_bruteforce=1 = brute-force mitigation enabled
# setvar:tx.wprs_check_bruteforce=0 = brute-force mitigation disabled
#
# default: 1
#
#SecAction "id:22000004,phase:1,nolog,pass,t:none,setvar:tx.wprs_check_bruteforce=1"
# -=[ Rule 22000005: Time Span ]=-
# How many seconds the login counter will be incremented
# on each login attempt on /wp-login.php. For example, if you
# want to increment the login attempt counter for a 10 minutes span:
#
# setvar:tx.wprs_bruteforce_timespan=600
#
# default: 120 (2 minutes)
#
#SecAction "id:22000005,phase:1,nolog,pass,t:none,setvar:tx.wprs_bruteforce_timespan=120"
# -=[ Rule 22000010: Threshold ]=-
# This rule set how many login attempts (inside the time span period) WPRS will accepts before ban.
# For example, if you set this to 10, WPRS will ban the user at the 11th attempt.
#
# setvar:tx.wprs_bruteforce_threshold=10
#
# default: 5
#
#SecAction "id:22000010,phase:1,nolog,pass,t:none,setvar:tx.wprs_bruteforce_threshold=5"
# -=[ Rule 22000015: Ban period ]=-
# This rule set for how long a user will be banned if a brute-force attempt is detected.
# For example, if you want to block a user for 5 mins you'll set this to 300:
#
# setvar:tx.wprs_bruteforce_banperiod=300
#
# default: 300
#
#SecAction "id:22000015,phase:1,nolog,pass,t:none,setvar:tx.wprs_bruteforce_banperiod=300"
# -=[ Rule 22000020: Log authentication events ]=-
# This rule enable or disable the logging of authentication events.
# If you enable this, each time a user login on /wp-login.php a log is produced.
#
# setvar:tx.wprs_log_authentications=1 = enables logging
# setvar:tx.wprs_log_authentications=0 = disables logging
#
# default: 1
#
#SecAction "id:22000020,phase:1,nolog,pass,t:none,setvar:tx.wprs_log_authentications=1"
# -=[ Rule 22000025: XMLRPC ]=-
# This rule enable or disable access on xmlrpc.php script.
# Usually many users doesn't use the xmlrpc.php but they leave it
# active, and this could lead to a brute-force amplification attacks.
#
# setvar:tx.wprs_allow_xmlrpc=1 = allows reuests to xmlrpc.php
# setvar:tx.wprs_allow_xmlrpc=0 = blocks reuests to xmlrpc.php
#
# default: 1
#
#SecAction "id:22000025,phase:1,nolog,pass,t:none,setvar:tx.wprs_allow_xmlrpc=1"
# -=[ Rule 22000030: User Enumeration ]=-
# This rule enable or disable requests like "/?author=1".
# An attacker could enumerate all active users by incrementing
# the author parameter.
#
# setvar:tx.wprs_allow_user_enumeration=1 = allows request like /?author=1
# setvar:tx.wprs_allow_user_enumeration=0 = blocks request like /?author=1
#
# default: 1
#
#SecAction "id:22000030,phase:1,nolog,pass,t:none,setvar:tx.wprs_allow_user_enumeration=1"
# -=[ Rule 22000035: DoS Attack ]=-
# This rule enable or disable protection against DoS attacks.
# For example prevent CVE-2018-6389.
#
# setvar:tx.wprs_check_dos=1 = enable DoS protection
# setvar:tx.wprs_check_dos=0 = disable DoS protection
#
# default: 1
#
#SecAction "id:22000035,phase:1,nolog,pass,t:none,setvar:tx.wprs_check_dos=1"