diff options
| author | lolcat <will@lolcat.ca> | 2024-03-24 22:31:19 -0400 |
|---|---|---|
| committer | lolcat <will@lolcat.ca> | 2024-03-24 22:31:19 -0400 |
| commit | 2976c0a6a4c3ef72784a92867edd7df32ef67d3a (patch) | |
| tree | 892ab5836726d25eb43f0309e976cac402eb549a /data | |
| parent | 81502d4721405e8e4632b37c252d4254426b1728 (diff) | |
fag protection
Diffstat (limited to 'data')
| -rw-r--r-- | data/config.php | 42 |
1 files changed, 32 insertions, 10 deletions
diff --git a/data/config.php b/data/config.php index 1b10d14..cc1961a 100644 --- a/data/config.php +++ b/data/config.php @@ -23,17 +23,13 @@ class config{ // Enable the API? const API_ENABLED = true; - // Bot protection - // 4get.ca has been hit with 500k bot reqs every single day for months - // you probably want to enable this if your instance is public... - // 0 = disabled - // 1 = ask for image captcha (requires imagemagick v6 or higher) - // @TODO: 2 = invite only (users needs a pass) - const BOT_PROTECTION = 0; + // + // BOT PROTECTION + // - // Maximal number of searches per captcha key/pass issued. Counter gets - // reset on every APCU cache clear (should happen once a day) - const MAX_SEARCHES = 100; + // 0 = disabled, 1 = ask for image captcha, @TODO: 2 = invite only (users needs a pass) + // VERY useful against a targetted attack + const BOT_PROTECTION = 0; // if BOT_PROTECTION is set to 1, specify the available datasets here // images should be named from 1.png to X.png, and be 100x100 in size @@ -45,6 +41,32 @@ class config{ // ["minecraft", 848] ]; + // If this regex expression matches on the user agent, it blocks the request + // Not useful at all against a targetted attack + const HEADER_REGEX = '/bot|wget|curl|python-requests|scrapy|go-http-client|ruby|yahoo|spider/i'; + + // Block clients who present any of the following headers in their request (SPECIFY IN !!lowercase!!) + // Eg: ["x-forwarded-for", "x-via", "forwarded-for", "via"]; + // Useful for blocking *some* proxies used for botting + const FILTERED_HEADER_KEYS = [ + "x-forwarded-for", + "x-via", + "forwarded-for", + "via" + ]; + + // @TODO: Portscan the user for open proxies before allowing a connection, block user if any are found + // Requires the nmap package + const NMAP_PROXY_CHECK = false; + + // @TODO: Make IP blacklist public under /api/v1/blacklist endpoint ? + const PUBLIC_IP_BLACKLIST = true; + + // Maximal number of searches per captcha key/pass issued. Counter gets + // reset on every APCU cache clear (should happen once a day). + // Only useful when BOT_PROTECTION is NOT set to 0 + const MAX_SEARCHES = 100; + // List of domains that point to your servers. Include your tor/i2p // addresses here! Must be a valid URL. Won't affect links placed on // the homepage. |