]>
Commit | Line | Data |
---|---|---|
5409ade2 A |
1 | ## php.ini |
2 | PHP settings are defined in: | |
3 | - a main configuration file, usually found under `/etc/php5/php.ini`; some distributions provide different configuration environments, e.g. | |
4 | - `/etc/php5/php.ini` - used when running console scripts | |
5 | - `/etc/php5/apache2/php.ini` - used when a client requests PHP resources from Apache | |
6 | - `/etc/php5/php-fpm.conf` - used when PHP requests are proxied to PHP-FPM | |
7 | - additional configuration files/entries, depending on the installed/enabled extensions: | |
8 | - `/etc/php/conf.d/xdebug.ini` | |
9 | ||
10 | ### Locate .ini files | |
11 | #### Console environment | |
12 | ```bash | |
13 | $ php --ini | |
14 | Configuration File (php.ini) Path: /etc/php | |
15 | Loaded Configuration File: /etc/php/php.ini | |
16 | Scan for additional .ini files in: /etc/php/conf.d | |
17 | Additional .ini files parsed: /etc/php/conf.d/xdebug.ini | |
18 | ``` | |
19 | ||
20 | #### Server environment | |
21 | - create a `phpinfo.php` script located in a path supported by the web server, e.g. | |
22 | - Apache (with user dirs enabled): `/home/myself/public_html/phpinfo.php` | |
23 | - `/var/www/test/phpinfo.php` | |
24 | - make sure the script is readable by the web server user/group (usually, `www`, `www-data` or `httpd`) | |
25 | - access the script from a web browser | |
26 | - look at the _Loaded Configuration File_ and _Scan this dir for additional .ini files_ entries | |
27 | ```php | |
28 | <?php phpinfo(); ?> | |
29 | ``` | |
30 | ||
31 | ## fail2ban | |
32 | `fail2ban` is an intrusion prevention framework that reads server (Apache, SSH, etc.) and uses `iptables` profiles to block brute-force attempts: | |
53ed6d7d | 33 | - [Official website](http://www.fail2ban.org/wiki/index.php/Main_Page) |
34 | - [Source code](https://github.com/fail2ban/fail2ban) | |
5409ade2 A |
35 | |
36 | ### Read Shaarli logs to ban IPs | |
37 | Example configuration: | |
38 | - allow 3 login attempts per IP address | |
39 | - after 3 failures, permanently ban the corresponding IP adddress | |
40 | ||
41 | `/etc/fail2ban/jail.local` | |
42 | ```ini | |
53ed6d7d | 43 | [shaarli-auth] |
5409ade2 A |
44 | enabled = true |
45 | port = https,http | |
46 | filter = shaarli-auth | |
47 | logpath = /var/www/path/to/shaarli/data/log.txt | |
48 | maxretry = 3 | |
49 | bantime = -1 | |
50 | ``` | |
51 | ||
52 | `/etc/fail2ban/filter.d/shaarli-auth.conf` | |
53 | ```ini | |
53ed6d7d | 54 | [INCLUDES] |
5409ade2 | 55 | before = common.conf |
53ed6d7d | 56 | [Definition] |
5409ade2 A |
57 | failregex = \s-\s<HOST>\s-\sLogin failed for user.*$ |
58 | ignoreregex = | |
59 | ``` | |
fdf88d19 A |
60 | |
61 | ## Robots - Restricting search engines and web crawler traffic | |
62 | ||
63 | Creating a `robots.txt` with the following contents at the root of your Shaarli installation will prevent _honest_ web crawlers from indexing each and every link and Daily page from a Shaarli instance, thus getting rid of a certain amount of unsollicited network traffic. | |
64 | ||
65 | ``` | |
66 | User-agent: * | |
67 | Disallow: / | |
68 | ``` | |
69 | ||
70 | See: | |
71 | - http://www.robotstxt.org/ | |
72 | - http://www.robotstxt.org/robotstxt.html | |
73 | - http://www.robotstxt.org/meta.html |