+++ /dev/null
-#Server security
-## php.ini
-PHP settings are defined in:
-- a main configuration file, usually found under `/etc/php5/php.ini`; some distributions provide different configuration environments, e.g.
- - `/etc/php5/php.ini` - used when running console scripts
- - `/etc/php5/apache2/php.ini` - used when a client requests PHP resources from Apache
- - `/etc/php5/php-fpm.conf` - used when PHP requests are proxied to PHP-FPM
-- additional configuration files/entries, depending on the installed/enabled extensions:
- - `/etc/php/conf.d/xdebug.ini`
-
-### Locate .ini files
-#### Console environment
-```bash
-$ php --ini
-Configuration File (php.ini) Path: /etc/php
-Loaded Configuration File: /etc/php/php.ini
-Scan for additional .ini files in: /etc/php/conf.d
-Additional .ini files parsed: /etc/php/conf.d/xdebug.ini
-```
-
-#### Server environment
-- create a `phpinfo.php` script located in a path supported by the web server, e.g.
- - Apache (with user dirs enabled): `/home/myself/public_html/phpinfo.php`
- - `/var/www/test/phpinfo.php`
-- make sure the script is readable by the web server user/group (usually, `www`, `www-data` or `httpd`)
-- access the script from a web browser
-- look at the _Loaded Configuration File_ and _Scan this dir for additional .ini files_ entries
-```php
-<?php phpinfo(); ?>
-```
-
-## fail2ban
-`fail2ban` is an intrusion prevention framework that reads server (Apache, SSH, etc.) and uses `iptables` profiles to block brute-force attempts:
-- [Official website](http://www.fail2ban.org/wiki/index.php/Main_Page)[](.html)
-- [Source code](https://github.com/fail2ban/fail2ban)[](.html)
-
-### Read Shaarli logs to ban IPs
-Example configuration:
-- allow 3 login attempts per IP address
-- after 3 failures, permanently ban the corresponding IP adddress
-
-`/etc/fail2ban/jail.local`
-```ini
-[shaarli-auth][](.html)
-enabled = true
-port = https,http
-filter = shaarli-auth
-logpath = /var/www/path/to/shaarli/data/log.txt
-maxretry = 3
-bantime = -1
-```
-
-`/etc/fail2ban/filter.d/shaarli-auth.conf`
-```ini
-[INCLUDES][](.html)
-before = common.conf
-[Definition][](.html)
-failregex = \s-\s<HOST>\s-\sLogin failed for user.*$
-ignoreregex =
-```
-
-## Robots - Restricting search engines and web crawler traffic
-
-Creating a `robots.txt` with the following contents at the root of your Shaarli installation will prevent _honest_ web crawlers from indexing each and every link and Daily page from a Shaarli instance, thus getting rid of a certain amount of unsollicited network traffic.
-
-```
-User-agent: *
-Disallow: /
-```
-
-See:
-- http://www.robotstxt.org/
-- http://www.robotstxt.org/robotstxt.html
-- http://www.robotstxt.org/meta.html
projects / github / shaarli / Shaarli.git / blobdiff