librewolf
/
bunkerized-nginx
mirror of https://github.com/bunkerity/bunkerized-nginx
4
0
Fork 1
Code Issues Projects Releases Wiki Activity

Edit core plugins regex + make COOKIE_FLAGS multiple + edit DB model accordingly

This commit is contained in:
Théophile Diot 2022-12-14 10:56:52 +01:00
parent 2b2eadf441
commit 13fe4b6eef
No known key found for this signature in database
GPG Key ID: E752C80DB72BB014
28 changed files with 283 additions and 265 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
src/common/core/antibot/plugin.json
View File

@ -28,7 +28,7 @@
"help": "Unused URI that clients will be redirected to to solve the challenge.",
"id": "antibot-uri",
"label": "Antibot URL",
"regex": "^.*$",
"regex": "^/[\\w\\].~:/?#[@!$&'()*+,;=-]*$",
"type": "text"
},
"ANTIBOT_SESSION_SECRET": {
@ -36,8 +36,8 @@
"default": "random",
"help": "Secret used to encrypt sessions variables for storing data related to challenges.",
"id": "antibot-session-secret",
"label": "Session secret",
"regex": "^.*$",
"label": "Antibot Session secret",
"regex": "^(random|\\w+)$",
"type": "text"
},
"ANTIBOT_SESSION_NAME": {
@ -45,8 +45,8 @@
"default": "random",
"help": "Name of the cookie used by the antibot feature.",
"id": "antibot-session-name",
"label": "Session name",
"regex": "^.*$",
"label": "Antibot Session name",
"regex": "^(random|\\w+)$",
"type": "text"
},
"ANTIBOT_RECAPTCHA_SCORE": {
@ -55,7 +55,7 @@
"help": "Minimum score required for reCAPTCHA challenge.",
"id": "antibot-recaptcha-score",
"label": "reCAPTCHA score",
"regex": "^.*$",
"regex": "^(0\\.[1-9]|1\\.0)$",
"type": "text"
},
"ANTIBOT_RECAPTCHA_SITEKEY": {
@ -64,7 +64,7 @@
"help": "Sitekey for reCAPTCHA challenge.",
"id": "antibot-recaptcha-sitekey",
"label": "reCAPTCHA sitekey",
"regex": "^.*$",
"regex": "^[\\w-]*$",
"type": "text"
},
"ANTIBOT_RECAPTCHA_SECRET": {
@ -73,7 +73,7 @@
"help": "Secret for reCAPTCHA challenge.",
"id": "antibot-recaptcha-secret",
"label": "reCAPTCHA secret",
"regex": "^.*$",
"regex": "^[\\w-]*$",
"type": "text"
},
"ANTIBOT_HCAPTCHA_SITEKEY": {
@ -82,7 +82,7 @@
"help": "Sitekey for hCaptcha challenge.",
"id": "antibot-hcaptcha-sitekey",
"label": "hCaptcha sitekey",
"regex": "^.*$",
"regex": "^[a-zA-Z0-9]*$",
"type": "text"
},
"ANTIBOT_HCAPTCHA_SECRET": {
@ -91,7 +91,7 @@
"help": "Secret for hCaptcha challenge.",
"id": "antibot-hcaptcha-secret",
"label": "hCaptcha secret",
"regex": "^.*$",
"regex": "^(0x[a-zA-Z0-9]+)?$",
"type": "text"
}
}

12
src/common/core/authbasic/plugin.json
View File

@ -19,8 +19,8 @@
"default": "sitewide",
"help": "URL of the protected resource or sitewide value.",
"id": "auth-basic-location",
"label": "Location",
"regex": "^.*$",
"label": "Auth basic Location",
"regex": "^(sitewide|/[a-zA-Z0-9-./]*)$",
"type": "text"
},
"AUTH_BASIC_USER": {
@ -28,8 +28,8 @@
"default": "changeme",
"help": "Username",
"id": "auth-basic-user",
"label": "Username",
"regex": "^.*$",
"label": "Auth basic Username",
"regex": "^[\\w-]+",
"type": "text"
},
"AUTH_BASIC_PASSWORD": {
@ -38,7 +38,7 @@
"help": "Password",
"id": "auth-basic-password",
"label": "Password",
"regex": "^.*$",
"regex": "^.+",
"type": "text"
},
"AUTH_BASIC_TEXT": {
@ -47,7 +47,7 @@
"help": "Text to display",
"id": "auth-basic-text",
"label": "Text",
"regex": "^.*$",
"regex": "^.+",
"type": "text"
}
}

10
src/common/core/badbehavior/plugin.json
View File

@ -20,7 +20,7 @@
"help": "List of HTTP status codes considered as 'bad'.",
"id": "bad-behavior-status-code",
"label": "Bad status codes",
"regex": "^.*$",
"regex": "^( *([1-5]\\d{2})(?!.*\\2) *)+$",
"type": "text"
},
"BAD_BEHAVIOR_BAN_TIME": {
@ -29,7 +29,7 @@
"help": "The duration time (in seconds) of a ban when the corresponding IP has reached the threshold.",
"id": "bad-behavior-ban-time",
"label": "Ban duration (in seconds)",
"regex": "^.*$",
"regex": "^\\d+",
"type": "text"
},
"BAD_BEHAVIOR_THRESHOLD": {
@ -38,16 +38,16 @@
"help": "Maximum number of 'bad' HTTP status codes within the period of time before IP is banned.",
"id": "bad-behavior-threshold",
"label": "Threshold",
"regex": "^.*$",
"regex": "^[1-9][0-9]*",
"type": "text"
},
"BAD_BEHAVIOR_COUNT_TIME": {
"context": "multisite",
"default": "60",
"help": "Period of time during which we count 'bad' HTTP status codes.",
"help": "Period of time (in seconds) during which we count 'bad' HTTP status codes.",
"id": "bad-behavior-period",
"label": "Period (in seconds)",
"regex": "^.*$",
"regex": "^\\d+",
"type": "text"
}
}

114
src/common/core/blacklist/plugin.json
View File

@ -14,40 +14,22 @@
"regex": "^(yes|no)$",
"type": "check"
},
"BLACKLIST_IP_URLS": {
"context": "global",
"default": "https://www.dan.me.uk/torlist/?exit",
"help": "List of URLs, separated with spaces, containing bad IP/network to block.",
"id": "blacklist-ip-urls",
"label": "Blacklist IP/network URLs",
"regex": "^.*$",
"type": "text"
},
"BLACKLIST_IP": {
"context": "multisite",
"default": "",
"help": "List of IP/network, separated with spaces, to block.",
"id": "blacklist-ip",
"label": "Blacklist IP/network",
"regex": "^.*$",
"regex": "^( *(((\\b25[0-5]|\\b2[0-4]\\d|\\b[01]?\\d\\d?)(\\.(25[0-5]|2[0-4]\\d|[01]?\\d\\d?)){3})(\\/([1-2][0-9]?|3[0-2]?|[04-9]))?|(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]Z0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}\\d){0,1}\\d)\\.){3,3}(25[0-5]|(2[0-4]|1{0,1}\\d){0,1}\\d)|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}\\d){0,1}\\d)\\.){3,3}(25[0-5]|(2[0-4]|1{0,1}\\d){0,1}\\d))(\\/(12[0-8]|1[01][0-9]|[0-9][0-9]?))?)(?!.*\\D\\2([^\\d\\/]|$)) *)*$",
"type": "text"
},
"BLACKLIST_RDNS": {
"context": "multisite",
"default": ".shodan.io .censys.io",
"help": "List of reverse DNS suffixes, separated with spaces, to block.",
"id": "blacklist-rdns",
"label": "Blacklist reverse DNS",
"regex": "^.*$",
"type": "text"
},
"BLACKLIST_RDNS_URLS": {
"BLACKLIST_IP_URLS": {
"context": "global",
"default": "",
"help": "List of URLs, separated with spaces, containing reverse DNS suffixes to block.",
"id": "blacklist-rdns-urls",
"label": "Blacklist reverse DNS URLs",
"regex": "^.*$",
"default": "https://www.dan.me.uk/torlist/?exit",
"help": "List of URLs, separated with spaces, containing bad IP/network to block.",
"id": "blacklist-ip-urls",
"label": "Blacklist IP/network URLs",
"regex": "^( *(https?:\\/\\/[-\\w@:%.+~#=]+[-\\w()!@:%+.~#?&\\/=$]*)(?!.*\\2(?!.)) *)*$",
"type": "text"
},
"BLACKLIST_RDNS_GLOBAL": {
@ -56,7 +38,25 @@
"help": "Only perform RDNS blacklist checks on global IP addresses.",
"id": "blacklist-rdns-global",
"label": "Blacklist reverse DNS global IPs",
"regex": "^.*$",
"regex": "^(yes|no)$",
"type": "check"
},
"BLACKLIST_RDNS": {
"context": "multisite",
"default": ".shodan.io .censys.io",
"help": "List of reverse DNS suffixes, separated with spaces, to block.",
"id": "blacklist-rdns",
"label": "Blacklist reverse DNS",
"regex": "^( *((\\.([a-zA-Z0-9-]+\\.)+[a-zA-Z]{2,})(?!.* \\3( |$))) *)*$",
"type": "text"
},
"BLACKLIST_RDNS_URLS": {
"context": "global",
"default": "",
"help": "List of URLs, separated with spaces, containing reverse DNS suffixes to block.",
"id": "blacklist-rdns-urls",
"label": "Blacklist reverse DNS URLs",
"regex": "^( *(https?:\\/\\/[-\\w@:%.+~#=]+[-\\w()!@:%+.~#?&\\/=$]*)(?!.*\\2(?!.)) *)*$",
"type": "text"
},
"BLACKLIST_ASN": {
@ -65,7 +65,7 @@
"help": "List of ASN numbers, separated with spaces, to block.",
"id": "blacklist-asn",
"label": "Blacklist ASN",
"regex": "^.*$",
"regex": "^^( *((ASN?)?(\\d+)\\b(?!.*[SN ]\\4\\b)) *)*$",
"type": "text"
},
"BLACKLIST_ASN_URLS": {
@ -74,7 +74,7 @@
"help": "List of URLs, separated with spaces, containing ASN to block.",
"id": "blacklist-asn-urls",
"label": "Blacklist ASN URLs",
"regex": "^.*$",
"regex": "^( *(https?:\\/\\/[-\\w@:%.+~#=]+[-\\w()!@:%+.~#?&\\/=$]*)(?!.*\\2(?!.)) *)*$",
"type": "text"
},
"BLACKLIST_USER_AGENT": {
@ -92,7 +92,7 @@
"help": "List of URLs, separated with spaces, containing bad User-Agent to block.",
"id": "blacklist-user-agent-urls",
"label": "Blacklist User-Agent URLs",
"regex": "^.*$",
"regex": "^( *(https?:\\/\\/[-\\w@:%.+~#=]+[-\\w()!@:%+.~#?&\\/=$]*)(?!.*\\2(?!.)) *)*$",
"type": "text"
},
"BLACKLIST_URI": {
@ -101,7 +101,7 @@
"help": "List of URI, separated with spaces, to block.",
"id": "blacklist-uri",
"label": "Blacklist URI",
"regex": "^.*$",
"regex": "^( *(/[\\w\\].~:/?#[@!$&'()*+,;=-]*)(?!.*\\2(?!.)) *)*$",
"type": "text"
},
"BLACKLIST_URI_URLS": {
@ -110,16 +110,7 @@
"help": "List of URLs, separated with spaces, containing bad URI to block.",
"id": "blacklist-uri-urls",
"label": "Blacklist URI URLs",
"regex": "^.*$",
"type": "text"
},
"BLACKLIST_IGNORE_IP_URLS": {
"context": "global",
"default": "",
"help": "List of URLs, separated with spaces, containing IP/network to ignore in the blacklist.",
"id": "blacklist-ignore-ip-urls",
"label": "Blacklist IP/network URLs",
"regex": "^.*$",
"regex": "^( *(https?:\\/\\/[-\\w@:%.+~#=]+[-\\w()!@:%+.~#?&\\/=$]*)(?!.*\\2(?!.)) *)*$",
"type": "text"
},
"BLACKLIST_IGNORE_IP": {
@ -127,8 +118,17 @@
"default": "",
"help": "List of IP/network, separated with spaces, to ignore in the blacklist.",
"id": "blacklist-ignore-ip",
"label": "Blacklist IP/network",
"regex": "^.*$",
"label": "Blacklist ignore IP/network",
"regex": "^( *(((\\b25[0-5]|\\b2[0-4]\\d|\\b[01]?\\d\\d?)(\\.(25[0-5]|2[0-4]\\d|[01]?\\d\\d?)){3})(\\/([1-2][0-9]?|3[0-2]?|[04-9]))?|(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]Z0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}\\d){0,1}\\d)\\.){3,3}(25[0-5]|(2[0-4]|1{0,1}\\d){0,1}\\d)|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}\\d){0,1}\\d)\\.){3,3}(25[0-5]|(2[0-4]|1{0,1}\\d){0,1}\\d))(\\/(12[0-8]|1[01][0-9]|[0-9][0-9]?))?)(?!.*\\D\\2([^\\d\\/]|$)) *)*$",
"type": "text"
},
"BLACKLIST_IGNORE_IP_URLS": {
"context": "global",
"default": "",
"help": "List of URLs, separated with spaces, containing IP/network to ignore in the blacklist.",
"id": "blacklist-ignore-ip-urls",
"label": "Blacklist ignore IP/network URLs",
"regex": "^( *(https?:\\/\\/[-\\w@:%.+~#=]+[-\\w()!@:%+.~#?&\\/=$]*)(?!.*\\2(?!.)) *)*$",
"type": "text"
},
"BLACKLIST_IGNORE_RDNS": {
@ -136,8 +136,8 @@
"default": "",
"help": "List of reverse DNS suffixes, separated with spaces, to ignore in the blacklist.",
"id": "blacklist-ignore-rdns",
"label": "Blacklist reverse DNS",
"regex": "^.*$",
"label": "Blacklist ignore reverse DNS",
"regex": "^( *((\\.([a-zA-Z0-9-]+\\.)+[a-zA-Z]{2,})(?!.* \\3( |$))) *)*$",
"type": "text"
},
"BLACKLIST_IGNORE_RDNS_URLS": {
@ -145,8 +145,8 @@
"default": "",
"help": "List of URLs, separated with spaces, containing reverse DNS suffixes to ignore in the blacklist.",
"id": "blacklist-ignore-rdns-urls",
"label": "Blacklist reverse DNS URLs",
"regex": "^.*$",
"label": "Blacklist ignore reverse DNS URLs",
"regex": "^( *(https?:\\/\\/[-\\w@:%.+~#=]+[-\\w()!@:%+.~#?&\\/=$]*)(?!.*\\2(?!.)) *)*$",
"type": "text"
},
"BLACKLIST_IGNORE_ASN": {
@ -154,8 +154,8 @@
"default": "",
"help": "List of ASN numbers, separated with spaces, to ignore in the blacklist.",
"id": "blacklist-ignore-asn",
"label": "Blacklist ASN",
"regex": "^.*$",
"label": "Blacklist ignore ASN",
"regex": "^^( *((ASN?)?(\\d+)\\b(?!.*[SN ]\\4\\b)) *)*$",
"type": "text"
},
"BLACKLIST_IGNORE_ASN_URLS": {
@ -163,8 +163,8 @@
"default": "",
"help": "List of URLs, separated with spaces, containing ASN to ignore in the blacklist.",
"id": "blacklist-ignore-asn-urls",
"label": "Blacklist ASN URLs",
"regex": "^.*$",
"label": "Blacklist ignore ASN URLs",
"regex": "^( *(https?:\\/\\/[-\\w@:%.+~#=]+[-\\w()!@:%+.~#?&\\/=$]*)(?!.*\\2(?!.)) *)*$",
"type": "text"
},
"BLACKLIST_IGNORE_USER_AGENT": {
@ -172,7 +172,7 @@
"default": "",
"help": "List of User-Agent, separated with spaces, to ignore in the blacklist.",
"id": "blacklist-ignore-user-agent",
"label": "Blacklist User-Agent",
"label": "Blacklist ignore User-Agent",
"regex": "^.*$",
"type": "text"
},
@ -181,8 +181,8 @@
"default": "",
"help": "List of URLs, separated with spaces, containing User-Agent to ignore in the blacklist.",
"id": "blacklist-ignore-user-agent-urls",
"label": "Blacklist User-Agent URLs",
"regex": "^.*$",
"label": "Blacklist ignore User-Agent URLs",
"regex": "^( *(https?:\\/\\/[-\\w@:%.+~#=]+[-\\w()!@:%+.~#?&\\/=$]*)(?!.*\\2(?!.)) *)*$",
"type": "text"
},
"BLACKLIST_IGNORE_URI": {
@ -190,8 +190,8 @@
"default": "",
"help": "List of URI, separated with spaces, to ignore in the blacklist.",
"id": "blacklist-ignore-uri",
"label": "Blacklist URI",
"regex": "^.*$",
"label": "Blacklist ignore URI",
"regex": "^( *(/[\\w\\].~:/?#[@!$&'()*+,;=-]*)(?!.*\\2(?!.)) *)*$",
"type": "text"
},
"BLACKLIST_IGNORE_URI_URLS": {
@ -199,8 +199,8 @@
"default": "",
"help": "List of URLs, separated with spaces, containing URI to ignore in the blacklist.",
"id": "blacklist-ignore-uri-urls",
"label": "Blacklist URI URLs",
"regex": "^.*$",
"label": "Blacklist ignore URI URLs",
"regex": "^( *(https?:\\/\\/[-\\w@:%.+~#=]+[-\\w()!@:%+.~#?&\\/=$]*)(?!.*\\2(?!.)) *)*$",
"type": "text"
}
},

8
src/common/core/brotli/plugin.json
View File

@ -20,7 +20,7 @@
"help": "List of MIME types that will be compressed with brotli.",
"id": "brotli-types",
"label": "MIME types",
"regex": "^.*$",
"regex": "^(?! )( ?([-\\w.]+/[-\\w.+]+)(?!.*\\2(?!.)))+$",
"type": "text"
},
"BROTLI_MIN_LENGTH": {
@ -29,7 +29,7 @@
"help": "Minimum length for brotli compression.",
"id": "brotli-min-length",
"label": "Minimum length",
"regex": "^.*$",
"regex": "^\\d+",
"type": "text"
},
"BROTLI_COMP_LEVEL": {
@ -38,9 +38,9 @@
"help": "The compression level of the brotli algorithm.",
"id": "brotli-comp-level",
"label": "Compression level",
"regex": "^([1-9]|10|11)$",
"regex": "^([02-9]|1[01]?)$",
"type": "select",
"select": ["1", "2", "3", "4", "5", "6", "7", "8", "9", "10", "11"]
"select": ["0", "1", "2", "3", "4", "5", "6", "7", "8", "9", "10", "11"]
}
}
}

2
src/common/core/bunkernet/plugin.json
View File

@ -20,7 +20,7 @@
"help": "Address of the BunkerNet API.",
"id": "bunkernet-server",
"label": "BunkerNet server",
"regex": "^.*$",
"regex": "^https?:\\/\\/[-\\w@:%.+~#=]+[-\\w()!@:%+.~#?&\\/=$]*$",
"type": "text"
}
},

4
src/common/core/clientcache/plugin.json
View File

@ -17,10 +17,10 @@
"CLIENT_CACHE_EXTENSIONS": {
"context": "global",
"default": "jpg|jpeg|png|bmp|ico|svg|tif|css|js|otf|ttf|eot|woff|woff2",
"help": "List of file extensions that should be cached.",
"help": "List of file extensions, separated with pipes that should be cached.",
"id": "client-cache-extensions",
"label": "Extensions that should be cached by the client",
"regex": "^.*$",
"regex": "^(?!\\|)(\\|?([a-z0-9]+)(?!.*\\2(?!.)))+$",
"type": "text"
},
"CLIENT_CACHE_ETAG": {

10
src/common/core/cors/plugin.json
View File

@ -20,7 +20,7 @@
"help": "Value of the Access-Control-Allow-Origin header.",
"id": "cors-allow-origin",
"label": "Access-Control-Allow-Origin value",
"regex": "^.*$",
"regex": "^(\\*|https?:\\/\\/[-\\w@:%.+~#=]+[-\\w()!@:%+.~#?&\\/=$]*|null)$",
"type": "text"
},
"CORS_EXPOSE_HEADERS": {
@ -29,7 +29,7 @@
"help": "Value of the Access-Control-Expose-Headers header.",
"id": "cors-expose-headers",
"label": "Access-Control-Expose-Headers value",
"regex": "^.*$",
"regex": "^(\\*|(?![, ]+)(,? ?([\\w-]+)(?!.*\\3(?!.)))*)?$",
"type": "text"
},
"CORS_MAX_AGE": {
@ -38,7 +38,7 @@
"help": "Value of the Access-Control-Max-Age header.",
"id": "cors-max-age",
"label": "Access-Control-Max-Age value",
"regex": "^[0-9]+$",
"regex": "^\\d+$",
"type": "text"
},
"CORS_ALLOW_CREDENTIALS": {
@ -56,7 +56,7 @@
"help": "Value of the Access-Control-Allow-Methods header.",
"id": "cors-allow-methods",
"label": "Access-Control-Allow-Methods value",
"regex": "^.*$",
"regex": "^(\\*|(?![, ])(,? ?(GET|HEAD|POST|PUT|DELETE|CONNECT|OPTIONS|TRACE|PATCH)(?!.*\\3))*)?$",
"type": "text"
},
"CORS_ALLOW_HEADERS": {
@ -65,7 +65,7 @@
"help": "Value of the Access-Control-Allow-Headers header.",
"id": "cors-allow-headers",
"label": "Access-Control-Allow-Headers value",
"regex": "^.*$",
"regex": "^(\\*|(?![, ])(,? ?([\\w-]+)(?!.*\\3(?!.)))*)?$",
"type": "text"
}
}

4
src/common/core/country/plugin.json
View File

@ -11,7 +11,7 @@
"help": "Deny access if the country of the client is in the list (2 letters code).",
"id": "country-blacklist",
"label": "Country blacklist",
"regex": "^.*$",
"regex": "^(?! )( *([A-Z]{2})(?!.*\\2) *)*$",
"type": "text"
},
"WHITELIST_COUNTRY": {
@ -20,7 +20,7 @@
"help": "Deny access if the country of the client is not in the list (2 letters code).",
"id": "country-whitelist",
"label": "Country whitelist",
"regex": "^.*$",
"regex": "^(?! )( *([A-Z]{2})(?!.*\\2) *)*$",
"type": "text"
}
}

4
src/common/core/customcert/plugin.json
View File

@ -20,7 +20,7 @@
"help": "Full path of the certificate or bundle file.",
"id": "custom-https-cert",
"label": "Certificate path",
"regex": "^.*$",
"regex": "^(/[\\w. -]+)*/?$",
"type": "text"
},
"CUSTOM_HTTPS_KEY": {
@ -29,7 +29,7 @@
"help": "Full path of the key file.",
"id": "custom-https-key",
"label": "Key path",
"regex": "^.*$",
"regex": "^(/[\\w. -]+)*/?$",
"type": "text"
}
},

2
src/common/core/db/plugin.json
View File

@ -11,7 +11,7 @@
"help": "The database URI, following the sqlalchemy format.",
"id": "database-uri",
"label": "The database URI",
"regex": "^.*$",
"regex": "^(postgresql|mysql|mariadb|sqlite|oracle)(\\+[\\w-]+)?:.+$",
"type": "text"
}
}

2
src/common/core/dnsbl/plugin.json
View File

@ -20,7 +20,7 @@
"help": "List of DNSBL servers.",
"id": "dnsbl-list",
"label": "DNSBL list",
"regex": "^.*$",
"regex": "^(?! )( ?((?!\\.)[\\w.]+)(?!.*\\2(?!.)))+$",
"type": "text"
}
}

4
src/common/core/errors/plugin.json
View File

@ -8,10 +8,10 @@
"ERRORS": {
"context": "multisite",
"default": "",
"help": "List of HTTP error code and corresponding error pages (404=/my404.html 403=/errors/403.html ...).",
"help": "List of HTTP error code and corresponding error pages, separated with spaces (404=/my404.html 403=/errors/403.html ...).",
"id": "errors",
"label": "Errors",
"regex": "^.*$",
"regex": "^(?! )( ?([1-5]\\d{2})(?!.*\\2(?![^=]))=(/[\\w\\].~:/?#[@!$&'()*+,;=-]*)(?!.*\\3(?!.)))*$",
"type": "text"
}
}

60
src/common/core/greylist/plugin.json
View File

@ -14,40 +14,22 @@
"regex": "^(yes|no)$",
"type": "check"
},
"GREYLIST_IP_URLS": {
"context": "global",
"default": "",
"help": "List of URLs, separated with spaces, containing good IP/network to put into the greylist.",
"id": "greylist-ip-urls",
"label": "Greylist IP/network URLs",
"regex": "^.*$",
"type": "text"
},
"GREYLIST_IP": {
"context": "multisite",
"default": "",
"help": "List of IP/network, separated with spaces, to put into the greylist.",
"id": "greylist-ip",
"label": "Greylist IP/network",
"regex": "^.*$",
"regex": "^( *(((\\b25[0-5]|\\b2[0-4]\\d|\\b[01]?\\d\\d?)(\\.(25[0-5]|2[0-4]\\d|[01]?\\d\\d?)){3})(\\/([1-2][0-9]?|3[0-2]?|[04-9]))?|(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]Z0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}\\d){0,1}\\d)\\.){3,3}(25[0-5]|(2[0-4]|1{0,1}\\d){0,1}\\d)|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}\\d){0,1}\\d)\\.){3,3}(25[0-5]|(2[0-4]|1{0,1}\\d){0,1}\\d))(\\/(12[0-8]|1[01][0-9]|[0-9][0-9]?))?)(?!.*\\D\\2([^\\d\\/]|$)) *)*$",
"type": "text"
},
"GREYLIST_RDNS": {
"context": "multisite",
"default": "",
"help": "List of reverse DNS suffixes, separated with spaces, to put into the greylist.",
"id": "greylist-rdns",
"label": "Greylist reverse DNS",
"regex": "^.*$",
"type": "text"
},
"GREYLIST_RDNS_URLS": {
"GREYLIST_IP_URLS": {
"context": "global",
"default": "",
"help": "List of URLs, separated with spaces, containing reverse DNS suffixes to put into the greylist.",
"id": "greylist-rdns-urls",
"label": "Greylist reverse DNS URLs",
"regex": "^.*$",
"help": "List of URLs, separated with spaces, containing good IP/network to put into the greylist.",
"id": "greylist-ip-urls",
"label": "Greylist IP/network URLs",
"regex": "^( *(https?:\\/\\/[-\\w@:%.+~#=]+[-\\w()!@:%+.~#?&\\/=$]*)(?!.*\\2(?!.)) *)*$",
"type": "text"
},
"GREYLIST_RDNS_GLOBAL": {
@ -56,7 +38,25 @@
"help": "Only perform RDNS greylist checks on global IP addresses.",
"id": "greylist-rdns-global",
"label": "Greylist reverse DNS global IPs",
"regex": "^.*$",
"regex": "^(yes|no)$",
"type": "check"
},
"GREYLIST_RDNS": {
"context": "multisite",
"default": "",
"help": "List of reverse DNS suffixes, separated with spaces, to put into the greylist.",
"id": "greylist-rdns",
"label": "Greylist reverse DNS",
"regex": "^( *((\\.([a-zA-Z0-9-]+\\.)+[a-zA-Z]{2,})(?!.* \\3( |$))) *)*$",
"type": "text"
},
"GREYLIST_RDNS_URLS": {
"context": "global",
"default": "",
"help": "List of URLs, separated with spaces, containing reverse DNS suffixes to put into the greylist.",
"id": "greylist-rdns-urls",
"label": "Greylist reverse DNS URLs",
"regex": "^( *(https?:\\/\\/[-\\w@:%.+~#=]+[-\\w()!@:%+.~#?&\\/=$]*)(?!.*\\2(?!.)) *)*$",
"type": "text"
},
"GREYLIST_ASN": {
@ -65,7 +65,7 @@
"help": "List of ASN numbers, separated with spaces, to put into the greylist.",
"id": "greylist-asn",
"label": "Greylist ASN",
"regex": "^.*$",
"regex": "^^( *((ASN?)?(\\d+)\\b(?!.*[SN ]\\4\\b)) *)*$",
"type": "text"
},
"GREYLIST_ASN_URLS": {
@ -74,7 +74,7 @@
"help": "List of URLs, separated with spaces, containing ASN to put into the greylist.",
"id": "greylist-asn-urls",
"label": "Greylist ASN URLs",
"regex": "^.*$",
"regex": "^( *(https?:\\/\\/[-\\w@:%.+~#=]+[-\\w()!@:%+.~#?&\\/=$]*)(?!.*\\2(?!.)) *)*$",
"type": "text"
},
"GREYLIST_USER_AGENT": {
@ -92,7 +92,7 @@
"help": "List of URLs, separated with spaces, containing good User-Agent to put into the greylist.",
"id": "greylist-user-agent-urls",
"label": "Greylist User-Agent URLs",
"regex": "^.*$",
"regex": "^( *(https?:\\/\\/[-\\w@:%.+~#=]+[-\\w()!@:%+.~#?&\\/=$]*)(?!.*\\2(?!.)) *)*$",
"type": "text"
},
"GREYLIST_URI": {
@ -101,7 +101,7 @@
"help": "List of URI, separated with spaces, to put into the greylist.",
"id": "greylist-uri",
"label": "Greylist URI",
"regex": "^.*$",
"regex": "^( *(/[\\w\\].~:/?#[@!$&'()*+,;=-]*)(?!.*\\2(?!.)) *)*$",
"type": "text"
},
"GREYLIST_URI_URLS": {
@ -110,7 +110,7 @@
"help": "List of URLs, separated with spaces, containing bad URI to put into the greylist.",
"id": "greylist-uri-urls",
"label": "Greylist URI URLs",
"regex": "^.*$",
"regex": "^( *(https?:\\/\\/[-\\w@:%.+~#=]+[-\\w()!@:%+.~#?&\\/=$]*)(?!.*\\2(?!.)) *)*$",
"type": "text"
}
},

4
src/common/core/gzip/plugin.json
View File

@ -20,7 +20,7 @@
"help": "List of MIME types that will be compressed with gzip.",
"id": "gzip-types",
"label": "MIME types",
"regex": "^.*$",
"regex": "^(?! )( ?([-\\w.]+/[-\\w.+]+)(?!.*\\2(?!.)))+$",
"type": "text"
},
"GZIP_MIN_LENGTH": {
@ -29,7 +29,7 @@
"help": "Minimum length for gzip compression.",
"id": "gzip-min-length",
"label": "Minimum length",
"regex": "^.*$",
"regex": "^\\d+$",
"type": "text"
},
"GZIP_COMP_LEVEL": {

14
src/common/core/headers/confs/server-http/security-headers.conf
View File

@ -2,13 +2,15 @@
more_set_headers "Strict-Transport-Security: {{ STRICT_TRANSPORT_SECURITY }}";
{% endif +%}
{% if COOKIE_FLAGS != "" +%}
{% if COOKIE_AUTO_SECURE_FLAG == "yes" and (AUTO_LETS_ENCRYPT == "yes" or USE_CUSTOM_HTTPS == "yes" or GENERATE_SELF_SIGNED_SSL == "yes") +%}
set_cookie_flag {{ COOKIE_FLAGS }} secure;
{% else +%}
set_cookie_flag {{ COOKIE_FLAGS }};
{% for k, v in all.items() %}
{% if k.startswith("COOKIE_FLAGS") and v != "" +%}
{% if COOKIE_AUTO_SECURE_FLAG == "yes" and (AUTO_LETS_ENCRYPT == "yes" or USE_CUSTOM_HTTPS == "yes" or GENERATE_SELF_SIGNED_SSL == "yes") +%}
set_cookie_flag {{ v }} secure;
{% else +%}
set_cookie_flag {{ v }};
{% endif +%}
{% endif +%}
{% endif +%}
{% endfor %}
{% if CONTENT_SECURITY_POLICY != "" +%}
more_set_headers "Content-Security-Policy: {{ CONTENT_SECURITY_POLICY }}";

44
src/common/core/headers/plugin.json
View File

@ -11,7 +11,7 @@
"help": "Custom header to add (HeaderName: HeaderValue).",
"id": "custom-header",
"label": "Custom header (HeaderName: HeaderValue)",
"regex": "^.*$",
"regex": "^([\\w-]+: .+)?$",
"type": "text",
"multiple": "custom-headers"
},
@ -21,7 +21,7 @@
"help": "Headers to remove (Header1 Header2 Header3 ...)",
"id": "remove-headers",
"label": "Remove headers",
"regex": "^.*$",
"regex": "^(?! )( ?[\\w-]+)*$",
"type": "text"
},
"STRICT_TRANSPORT_SECURITY": {
@ -30,7 +30,7 @@
"help": "Value for the Strict-Transport-Security header.",
"id": "strict-transport-security",
"label": "Strict-Transport-Security",
"regex": "^.*$",
"regex": "^max-age=\\d+(; includeSubDomains(; preload)?)?$",
"type": "text"
},
"COOKIE_FLAGS": {
@ -39,8 +39,9 @@
"help": "Cookie flags automatically added to all cookies (value accepted for nginx_cookie_flag_module).",
"id": "cookie-flags",
"label": "Cookie flags",
"regex": "^.*$",
"type": "text"
"regex": "^(\\*|\\w+)( (HttpOnly|(SameSite)(?!.*\\4)(=(Lax|Strict))?)(?!.*\\3))*$",
"type": "text",
"multiple": "cookie-flags"
},
"COOKIE_AUTO_SECURE_FLAG": {
"context": "multisite",
@ -66,8 +67,19 @@
"help": "Value for the Referrer-Policy header.",
"id": "referrer-policy",
"label": "Referrer-Policy",
"regex": "^.*$",
"type": "text"
"regex": "^(no-referrer|no-referrer-when-downgrade|origin|origin-when-cross-origin|same-origin|strict-origin|strict-origin-when-cross-origin|unsafe-url)?$",
"type": "select",
"select": [
"",
"no-referrer",
"no-referrer-when-downgrade",
"origin",
"origin-when-cross-origin",
"same-origin",
"strict-origin",
"strict-origin-when-cross-origin",
"unsafe-url"
]
},
"PERMISSIONS_POLICY": {
"context": "multisite",
@ -75,16 +87,16 @@
"help": "Value for the Permissions-Policy header.",
"id": "permissions-policy",
"label": "Permissions-Policy",
"regex": "^.*$",
"regex": "^(?![, ])(,? ?([a-z-]+)(?!.*[^-]\\2=)=(\\*|\\(( ?(self|\\u0022https?:\\/\\/[-\\w@:%.+~#=]+[-\\w()!@:%+.~#?&\\/=$]*\\u0022))*\\)))*$",
"type": "text"
},
"FEATURE_POLICY": {
"context": "multisite",
"default": "accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; battery 'none'; camera 'none'; display-capture 'none'; document-domain 'none'; encrypted-media 'none'; execution-while-not-rendered 'none'; execution-while-out-of-viewport 'none'; fullscreen 'none'; 'none'; geolocation 'none'; gyroscope 'none'; layout-animation 'none'; legacy-image-formats 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; navigation-override 'none'; payment 'none'; picture-in-picture 'none'; publickey-credentials-get 'none'; speaker-selection 'none'; sync-xhr 'none'; unoptimized-images 'none'; unsized-media 'none'; usb 'none'; screen-wake-lock 'none'; web-share 'none'; xr-spatial-tracking 'none';",
"default": "accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; battery 'none'; camera 'none'; display-capture 'none'; document-domain 'none'; encrypted-media 'none'; execution-while-not-rendered 'none'; execution-while-out-of-viewport 'none'; fullscreen 'none'; geolocation 'none'; gyroscope 'none'; layout-animation 'none'; legacy-image-formats 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; navigation-override 'none'; payment 'none'; picture-in-picture 'none'; publickey-credentials-get 'none'; speaker-selection 'none'; sync-xhr 'none'; unoptimized-images 'none'; unsized-media 'none'; usb 'none'; screen-wake-lock 'none'; web-share 'none'; xr-spatial-tracking 'none';",
"help": "Value for the Feature-Policy header.",
"id": "feature-policy",
"label": "Feature-Policy",
"regex": "^.*$",
"regex": "^(?![; ])( ?([\\w-]+)(?!.*[^-]\\2 )( ('(none|self|strict-dynamic|report-sample|unsafe-inline|unsafe-eval|unsafe-hashes|unsafe-allow-redirects)'|https?://[\\w@:%.+~#=-]+[\\w()!@:%+.~#?&/=$-]*))+;)*$",
"type": "text"
},
"X_FRAME_OPTIONS": {
@ -93,8 +105,9 @@
"help": "Value for the X-Frame-Options header.",
"id": "x-frame-options",
"label": "X-Frame-Options",
"regex": "^.*$",
"type": "text"
"regex": "^(DENY|SAMEORIGIN)?$",
"type": "select",
"select": ["", "DENY", "SAMEORIGIN"]
},
"X_CONTENT_TYPE_OPTIONS": {
"context": "multisite",
@ -102,8 +115,9 @@
"help": "Value for the X-Content-Type-Options header.",
"id": "x-content-type-options",
"label": "X-Content-Type-Options",
"regex": "^.*$",
"type": "text"
"regex": "^(nosniff)?$",
"type": "select",
"select": ["", "nosniff"]
},
"X_XSS_PROTECTION": {
"context": "multisite",
@ -111,7 +125,7 @@
"help": "Value for the X-XSS-Protection header.",
"id": "x-xss-protection",
"label": "X-XSS-Protection",
"regex": "^.*$",
"regex": "^0|1(; (mode=block|report=https?:\\/\\/[-\\w@:%.+~#=]+[-\\w()!@:%+.~#?&\\/=$]*))?$",
"type": "text"
}
}

2
src/common/core/letsencrypt/plugin.json
View File

@ -20,7 +20,7 @@
"help": "Email used for Let's Encrypt notification and in certificate.",
"id": "email-lets-encrypt",
"label": "Email Let's Encrypt",
"regex": "^.*$",
"regex": "^([\\w.-]+@[a-zA-Z0-9.-]+\\.[a-z]{2,})?$",
"type": "text"
},
"USE_LETS_ENCRYPT_STAGING": {

12
src/common/core/limit/plugin.json
View File

@ -19,8 +19,8 @@
"default": "/",
"help": "URL where the limit request will be applied.",
"id": "limit-req-url",
"label": "URL",
"regex": "^.*$",
"label": "Limit request URL",
"regex": "^[\\w\\].~:/^%?#[@!$&'()*+,;=-]+$",
"type": "text",
"multiple": "limit-req"
},
@ -29,8 +29,8 @@
"default": "2r/s",
"help": "Rate to apply to the URL (s for second, m for minute, h for hour and d for day).",
"id": "limit-req-rate",
"label": "Rate",
"regex": "^.*$",
"label": "Limit request Rate",
"regex": "^\\d+r/[smhd]$",
"type": "text",
"multiple": "limit-req"
},
@ -49,7 +49,7 @@
"help": "Maximum number of connections per IP when using HTTP/1.X protocol.",
"id": "limit-conn-max-http1",
"label": "Maximum number of HTTP/1.X connections",
"regex": "^.*$",
"regex": "^\\d+$",
"type": "text"
},
"LIMIT_CONN_MAX_HTTP2": {
@ -58,7 +58,7 @@
"help": "Maximum number of streams per IP when using HTTP/2 protocol.",
"id": "limit-conn-max-http2",
"label": "Maximum number of HTTP/2 streams",
"regex": "^.*$",
"regex": "^\\d+$",
"type": "text"
}
}

30
src/common/core/misc/plugin.json
View File

@ -20,8 +20,8 @@
"help": "Redirect all HTTP request to HTTPS.",
"id": "redirect-http-to-https",
"label": "Redirect HTTP to HTTPS",
"regex": ".*",
"type": "text"
"regex": "^(yes|no)$",
"type": "check"
},
"AUTO_REDIRECT_HTTP_TO_HTTPS": {
"context": "multisite",
@ -29,16 +29,16 @@
"help": "Try to detect if HTTPS is used and activate HTTP to HTTPS redirection if that's the case.",
"id": "auto-redirect-http-to-https",
"label": "Auto redirect HTTP to HTTPS",
"regex": ".*",
"type": "text"
"regex": "^(yes|no)$",
"type": "check"
},
"ALLOWED_METHODS": {
"context": "multisite",
"default": "GET|POST|HEAD",
"help": "Allowed HTTP methods to be sent by clients.",
"help": "Allowed HTTP methods, separated with pipes to be sent by clients.",
"id": "allowed-methods",
"label": "Allowed methods",
"regex": ".*",
"regex": "^(?!\\|)(\\|?(GET|HEAD|POST|PUT|DELETE|CONNECT|OPTIONS|TRACE|PATCH)(?!.*\\2))+$",
"type": "text"
},
"MAX_CLIENT_SIZE": {
@ -47,7 +47,7 @@
"help": "Maximum body size (0 for infinite).",
"id": "max-client-size",
"label": "Maximum body size",
"regex": ".*",
"regex": "^\\d+[kKmMgG]?$",
"type": "text"
},
"SERVE_FILES": {
@ -65,7 +65,7 @@
"help": "Root folder containing files to serve (/var/www/html/{server_name} if unset).",
"id": "root-folder",
"label": "Root folder",
"regex": "^.*$",
"regex": "^(/[\\w. -]+)*/?$",
"type": "text"
},
"HTTPS_PROTOCOLS": {
@ -74,7 +74,7 @@
"help": "The supported version of TLS. We recommend the default value TLSv1.2 TLSv1.3 for compatibility reasons.",
"id": "https-protocols",
"label": "HTTPS protocols",
"regex": ".*",
"regex": "^(?! )( ?TLSv1\\.[0-3])*$",
"type": "text"
},
"HTTP2": {
@ -83,7 +83,7 @@
"help": "Support HTTP2 protocol when HTTPS is enabled.",
"id": "http2",
"label": "HTTP2",
"regex": ".*",
"regex": "^(yes|no)$",
"type": "check"
},
"LISTEN_HTTP": {
@ -110,7 +110,7 @@
"help": "Open file cache directive",
"id": "open-file-cache",
"label": "Use open file cache",
"regex": "^.*$",
"regex": "^(off|max=\\d+( inactive=\\d+(ms?|[shdwMy]))?)$",
"type": "text"
},
"OPEN_FILE_CACHE_ERRORS": {
@ -120,7 +120,7 @@
"id": "open-file-cache-errors",
"label": "Open file cache errors",
"regex": "^(yes|no)$",
"type": "text"
"type": "check"
},
"OPEN_FILE_CACHE_MIN_USES": {
"context": "multisite",
@ -128,7 +128,7 @@
"help": "Enable open file cache minimum uses",
"id": "open-file-cache-min-uses",
"label": "Open file cache min uses",
"regex": "^([1-9]+)$",
"regex": "^[1-9]\\d*$",
"type": "text"
},
"OPEN_FILE_CACHE_VALID": {
@ -137,7 +137,7 @@
"help": "Open file cache valid time",
"id": "open-file-cache-valid",
"label": "Open file cache valid time",
"regex": "^\\d+(ms|s|m|h|d|w|M|y)$",
"regex": "^\\d+(ms?|[shdwMy])$",
"type": "text"
},
"EXTERNAL_PLUGIN_URLS": {
@ -146,7 +146,7 @@
"help": "List of external plugins URLs (direct download to .zip file) to download and install (URLs are separated with space).",
"id": "external-plugin-urls",
"label": "External plugin URLs",
"regex": "^.*$",
"regex": "^( *(https?:\\/\\/[-\\w@:%.+~#=]+[-\\w()!@:%+.~#?&\\/=$]*)(?!.*\\2(?!.)) *)*$",
"type": "text"
},
"DENY_HTTP_STATUS": {

10
src/common/core/modsecurity/plugin.json
View File

@ -29,8 +29,9 @@
"help": "SecAuditEngine directive of ModSecurity.",
"id": "modsecurity-sec-audit-engine",
"label": "SecAuditEngine",
"regex": "^.*$",
"type": "text"
"regex": "^(On|RelevantOnly|Off)$",
"type": "select",
"select": ["On", "RelevantOnly", "Off"]
},
"MODSECURITY_SEC_RULE_ENGINE": {
"context": "multisite",
@ -39,7 +40,8 @@
"id": "modsecurity-sec-rule-engine",
"label": "SecRuleEngine",
"regex": "^(On|DetectionOnly|Off)$",
"type": "text"
"type": "select",
"select": ["On", "DetectionOnly", "Off"]
},
"MODSECURITY_SEC_AUDIT_LOG_PARTS": {
"context": "multisite",
@ -47,7 +49,7 @@
"help": "SecAuditLogParts directive of ModSecurity.",
"id": "modsecurity-sec-audit-log-parts",
"label": "SecAuditLogParts",
"regex": "^([A-Z]*)$",
"regex": "^A(([B-K])(?!.*\\2))+Z$",
"type": "text"
}
}

8
src/common/core/php/plugin.json
View File

@ -11,7 +11,7 @@
"help": "Hostname of the remote PHP-FPM instance.",
"id": "remote-php",
"label": "Remote PHP",
"regex": "^.*$",
"regex": "^((?=.{1,255}$)[0-9A-Za-z](?:(?:[0-9A-Za-z]|-){0,61}[0-9A-Za-z])?(?:\\.[0-9A-Za-z](?:(?:[0-9A-Za-z]|-){0,61}[0-9A-Za-z])?)*\\.?)?$",
"type": "text"
},
"REMOTE_PHP_PATH": {
@ -20,7 +20,7 @@
"help": "Root folder containing files in the remote PHP-FPM instance.",
"id": "remote-php-path",
"label": "Remote PHP path",
"regex": "^.*$",
"regex": "^(/[\\w. -]+)*/?$",
"type": "text"
},
"LOCAL_PHP": {
@ -29,7 +29,7 @@
"help": "Path to the PHP-FPM socket file.",
"id": "local",
"label": "Local PHP",
"regex": "^.*$",
"regex": "^(/[\\w. -]+)*/?$",
"type": "text"
},
"LOCAL_PHP_PATH": {
@ -38,7 +38,7 @@
"help": "Root folder containing files in the local PHP-FPM instance.",
"id": "local-php-path",
"label": "Local PHP path",
"regex": "^.*$",
"regex": "^(/[\\w. -]+)*/?$",
"type": "text"
}
}

10
src/common/core/realip/plugin.json
View File

@ -26,19 +26,19 @@
"REAL_IP_FROM": {
"context": "multisite",
"default": "192.168.0.0/16 172.16.0.0/12 10.0.0.0/8",
"help": "List of trusted IPs / networks where proxied requests come from.",
"help": "List of trusted IPs / networks, separated with spaces, where proxied requests come from.",
"id": "real-ip-from",
"label": "Real IP from",
"regex": "^.*$",
"regex": "^(?! )( *(((\\b25[0-5]|\\b2[0-4]\\d|\\b[01]?\\d\\d?)(\\.(25[0-5]|2[0-4]\\d|[01]?\\d\\d?)){3})(\\/([1-2][0-9]?|3[0-2]?|[04-9]))?|(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]Z0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}\\d){0,1}\\d)\\.){3,3}(25[0-5]|(2[0-4]|1{0,1}\\d){0,1}\\d)|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}\\d){0,1}\\d)\\.){3,3}(25[0-5]|(2[0-4]|1{0,1}\\d){0,1}\\d))(\\/(12[0-8]|1[01][0-9]|[0-9][0-9]?))?)(?!.*\\D\\2([^\\d\\/]|$)) *)*$",
"type": "text"
},
"REAL_IP_FROM_URLS": {
"context": "global",
"default": "",
"help": "List of URLs containing trusted IPs / networks where proxied requests come from.",
"help": "List of URLs containing trusted IPs / networks, separated with spaces, where proxied requests come from.",
"id": "real-ip-from-urls",
"label": "Real IP from URLs",
"regex": "^.*$",
"regex": "^(?! )( *(https?:\\/\\/[-\\w@:%.+~#=]+[-\\w()!@:%+.~#?&\\/=$]*)(?!.*\\2(?!.)) *)*$",
"type": "text"
},
"REAL_IP_HEADER": {
@ -47,7 +47,7 @@
"help": "HTTP header containing the real IP or special value proxy_protocol for PROXY protocol.",
"id": "real-ip-header",
"label": "Real IP header",
"regex": "^.*$",
"regex": "^(?! )(( ?(?!proxy_protocol)[\\w-]+)*|proxy_protocol)$",
"type": "text"
},
"REAL_IP_RECURSIVE": {

2
src/common/core/redirect/plugin.json
View File

@ -11,7 +11,7 @@
"help": "Redirect a whole site to another one.",
"id": "redirect-to",
"label": "Redirect to",
"regex": "^.*$",
"regex": "^(https?:\\/\\/[-\\w@:%.+~#=]+[-\\w()!@:%+.~#?&\\/=$]*)?$",
"type": "text"
},
"REDIRECT_TO_REQUEST_URI": {

40
src/common/core/reverseproxy/plugin.json
View File

@ -29,7 +29,7 @@
"help": "Full URL of the proxied resource (proxy_pass).",
"id": "reverse-proxy-host",
"label": "Reverse proxy host",
"regex": "^.*$",
"regex": "^(https?:\\/\\/[-\\w@:%.+~#=]+[-\\w()!@:%+.~#?&\\/=$]*)?$",
"type": "text",
"multiple": "reverse-proxy"
},
@ -39,7 +39,7 @@
"help": "Location URL that will be proxied.",
"id": "reverse-proxy-url",
"label": "Reverse proxy url",
"regex": "^.*$",
"regex": "^(/[\\w\\].~:/?#[@!$&'()*+,;=-]*)?$",
"type": "text",
"multiple": "reverse-proxy"
},
@ -56,20 +56,20 @@
"REVERSE_PROXY_HEADERS": {
"context": "multisite",
"default": "",
"help": "List of HTTP headers to send to proxied resource separated with ; (values for proxy_set_header directive).",
"help": "List of HTTP headers to send to proxied resource separated with semicolons (values for proxy_set_header directive).",
"id": "reverse-proxy-headers",
"label": "Reverse proxy headers",
"regex": "^.*$",
"regex": "^(?![; ])(;? ?([\\w-]+)(?!.*\\2 ) [^;]+)*$",
"type": "text",
"multiple": "reverse-proxy"
},
"REVERSE_PROXY_HEADERS_CLIENT": {
"context": "multisite",
"default": "",
"help": "List of HTTP headers to send to client separated with ; (values for add_header directive).",
"help": "List of HTTP headers to send to client separated with semicolons (values for add_header directive).",
"id": "reverse-proxy-headers-client",
"label": "Reverse proxy headers-client",
"regex": "^.*$",
"regex": "^(?![; ])(;? ?([\\w-]+)(?!.*\\2 ) [^;]+)*$",
"type": "text",
"multiple": "reverse-proxy"
},
@ -99,7 +99,7 @@
"help": "Enable authentication using an external provider (value of auth_request directive).",
"id": "reverse-proxy-auth-request",
"label": "Reverse proxy auth request",
"regex": "^.*$",
"regex": "^(/[\\w\\].~:/?#[@!$&'()*+,;=-]*|off)?$",
"type": "text",
"multiple": "reverse-proxy"
},
@ -109,17 +109,17 @@
"help": "Redirect clients to sign-in URL when using REVERSE_PROXY_AUTH_REQUEST (used when auth_request call returned 401).",
"id": "reverse-proxy-auth-request-signin-url",
"label": "Auth request signin URL",
"regex": "^.*$",
"regex": "^(https?:\\/\\/[-\\w@:%.+~#=]+[-\\w()!@:%+.~#?&\\/=$]*)?$",
"type": "text",
"multiple": "reverse-proxy"
},
"REVERSE_PROXY_AUTH_REQUEST_SET": {
"context": "multisite",
"default": "",
"help": "List of variables to set from the authentication provider, separated with ; (values of auth_request_set directives).",
"help": "List of variables to set from the authentication provider, separated with semicolons (values of auth_request_set directives).",
"id": "reverse-proxy-auth-request-set",
"label": "Reverse proxy auth request set",
"regex": "^.*$",
"regex": "^(?! ;)(;? ?(\\$[a-z_-]+)(?!.*\\2 ) [^;]+)*$",
"type": "text",
"multiple": "reverse-proxy"
},
@ -138,7 +138,7 @@
"help": "Hierarchy levels of the cache.",
"id": "proxy-cache-path-levels",
"label": "Hierarchy levels",
"regex": "^.*$",
"regex": "^(:?[12]){1,3}$",
"type": "text"
},
"PROXY_CACHE_PATH_ZONE_SIZE": {
@ -147,7 +147,7 @@
"help": "Maximum size of cached metadata when caching proxied resources.",
"id": "proxy-cache-path-zone-size",
"label": "Reverse proxy cache zone size",
"regex": "^.*$",
"regex": "^\\d+[kKmMgG]?$",
"type": "text"
},
"PROXY_CACHE_PATH_PARAMS": {
@ -165,7 +165,7 @@
"help": "HTTP methods that should trigger a cache operation.",
"id": "proxy-cache-methods",
"label": "Reverse proxy cache methods",
"regex": "^.*$",
"regex": "^(?! )( ?(GET|HEAD|POST|PUT|DELETE|CONNECT|OPTIONS|TRACE|PATCH)(?!.*\\2))+$",
"type": "text"
},
"PROXY_CACHE_MIN_USES": {
@ -174,7 +174,7 @@
"help": "The minimum number of requests before a response is cached.",
"id": "proxy-cache-min-uses",
"label": "Reverse proxy cache minimum uses",
"regex": "^.*$",
"regex": "^[1-9]\\d*$",
"type": "text"
},
"PROXY_CACHE_KEY": {
@ -183,16 +183,16 @@
"help": "The key used to uniquely identify a cached response.",
"id": "proxy-cache-key",
"label": "Reverse proxy cache key",
"regex": "^.*$",
"regex": "^(?! )( ?(\\$[a-z_]+)(?!.*\\2))+$",
"type": "text"
},
"PROXY_CACHE_VALID": {
"context": "multisite",
"default": "200=24h 301=1h 302=24h",
"help": "Define the caching time depending on the HTTP status code (list of status=time).",
"help": "Define the caching time depending on the HTTP status code (list of status=time), separated with spaces.",
"id": "proxy-cache-valid",
"label": "Reverse proxy cache valid",
"regex": "^.*$",
"regex": "^(?! )( ?([1-5]\\d{2})(?!.*\\2=)=\\d+(ms?|[shdwMy]))*$",
"type": "text"
},
"PROXY_NO_CACHE": {
@ -219,7 +219,7 @@
"help": "Timeout when connecting to the proxied resource.",
"id": "reverse-proxy-connect-timeout",
"label": "Reverse proxy connect timeout",
"regex": "^.*$",
"regex": "^\\d+(ms?|[shdwMy])$",
"type": "text",
"multiple": "reverse-proxy"
},
@ -229,7 +229,7 @@
"help": "Timeout when reading from the proxied resource.",
"id": "reverse-proxy-read-timeout",
"label": "Reverse proxy read timeout",
"regex": "^.*$",
"regex": "^\\d+(ms?|[shdwMy])$",
"type": "text",
"multiple": "reverse-proxy"
},
@ -239,7 +239,7 @@
"help": "Timeout when sending to the proxied resource.",
"id": "reverse-proxy-send-timeout",
"label": "Reverse proxy send timeout",
"regex": "^.*$",
"regex": "^\\d+(ms?|[shdwMy])$",
"type": "text",
"multiple": "reverse-proxy"
}

6
src/common/core/selfsigned/plugin.json
View File

@ -17,10 +17,10 @@
"SELF_SIGNED_SSL_EXPIRY": {
"context": "multisite",
"default": "365",
"help": "Self-signed certificate expiry.",
"help": "Self-signed certificate expiry in days.",
"id": "self-signed-ssl-expiry",
"label": "Certificate expiry",
"regex": "^.*$",
"regex": "^\\d+$",
"type": "text"
},
"SELF_SIGNED_SSL_SUBJ": {
@ -29,7 +29,7 @@
"help": "Self-signed certificate subject.",
"id": "self-signed-ssl-subj",
"label": "Certificate subject",
"regex": "^.*$",
"regex": "^/CN=[^,]+$",
"type": "text"
}
},

68
src/common/core/whitelist/plugin.json
View File

@ -14,40 +14,22 @@
"regex": "^(yes|no)$",
"type": "check"
},
"WHITELIST_IP": {
"context": "multisite",
"default": "20.191.45.212 40.88.21.235 40.76.173.151 40.76.163.7 20.185.79.47 52.142.26.175 20.185.79.15 52.142.24.149 40.76.162.208 40.76.163.23 40.76.162.191 40.76.162.247 54.208.102.37 107.21.1.8",
"help": "List of IP/network, separated with spaces, to put into the whitelist.",
"id": "whitelist-ip",
"label": "Whitelist IP/network",
"regex": "^( *(((\\b25[0-5]|\\b2[0-4]\\d|\\b[01]?\\d\\d?)(\\.(25[0-5]|2[0-4]\\d|[01]?\\d\\d?)){3})(\\/([1-2][0-9]?|3[0-2]?|[04-9]))?|(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]Z0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}\\d){0,1}\\d)\\.){3,3}(25[0-5]|(2[0-4]|1{0,1}\\d){0,1}\\d)|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}\\d){0,1}\\d)\\.){3,3}(25[0-5]|(2[0-4]|1{0,1}\\d){0,1}\\d))(\\/(12[0-8]|1[01][0-9]|[0-9][0-9]?))?)(?!.*\\D\\2([^\\d\\/]|$)) *)*$",
"type": "text"
},
"WHITELIST_IP_URLS": {
"context": "global",
"default": "",
"help": "List of URLs, separated with spaces, containing good IP/network to whitelist.",
"id": "whitelist-ip-urls",
"label": "Whitelist IP/network URLs",
"regex": "^.*$",
"type": "text"
},
"WHITELIST_IP": {
"context": "multisite",
"default": "20.191.45.212 40.88.21.235 40.76.173.151 40.76.163.7 20.185.79.47 52.142.26.175 20.185.79.15 52.142.24.149 40.76.162.208 40.76.163.23 40.76.162.191 40.76.162.247 54.208.102.37 107.21.1.8",
"help": "List of IP/network, separated with spaces, to whitelist.",
"id": "whitelist-ip",
"label": "Whitelist IP/network",
"regex": "^.*$",
"type": "text"
},
"WHITELIST_RDNS": {
"context": "multisite",
"default": ".google.com .googlebot.com .yandex.ru .yandex.net .yandex.com .search.msn.com .baidu.com .baidu.jp .crawl.yahoo.net .fwd.linkedin.com .twitter.com .twttr.com .discord.com",
"help": "List of reverse DNS suffixes, separated with spaces, to whitelist.",
"id": "whitelist-rdns",
"label": "Whitelist reverse DNS",
"regex": "^.*$",
"type": "text"
},
"WHITELIST_RDNS_URLS": {
"context": "global",
"default": "",
"help": "List of URLs, separated with spaces, containing reverse DNS suffixes to whitelist.",
"id": "whitelist-rdns-urls",
"label": "Whitelist reverse DNS URLs",
"regex": "^.*$",
"regex": "^( *(https?:\\/\\/[-\\w@:%.+~#=]+[-\\w()!@:%+.~#?&\\/=$]*)(?!.*\\2(?!.)) *)*$",
"type": "text"
},
"WHITELIST_RDNS_GLOBAL": {
@ -56,7 +38,25 @@
"help": "Only perform RDNS whitelist checks on global IP addresses.",
"id": "whitelist-rdns-global",
"label": "Whitelist reverse DNS global IPs",
"regex": "^.*$",
"regex": "^(yes|no)$",
"type": "check"
},
"WHITELIST_RDNS": {
"context": "multisite",
"default": ".google.com .googlebot.com .yandex.ru .yandex.net .yandex.com .search.msn.com .baidu.com .baidu.jp .crawl.yahoo.net .fwd.linkedin.com .twitter.com .twttr.com .discord.com",
"help": "List of reverse DNS suffixes, separated with spaces, to whitelist.",
"id": "whitelist-rdns",
"label": "Whitelist reverse DNS",
"regex": "^( *((\\.([a-zA-Z0-9-]+\\.)+[a-zA-Z]{2,})(?!.* \\3( |$))) *)*$",
"type": "text"
},
"WHITELIST_RDNS_URLS": {
"context": "global",
"default": "",
"help": "List of URLs, separated with spaces, containing reverse DNS suffixes to whitelist.",
"id": "whitelist-rdns-urls",
"label": "Whitelist reverse DNS URLs",
"regex": "^( *(https?:\\/\\/[-\\w@:%.+~#=]+[-\\w()!@:%+.~#?&\\/=$]*)(?!.*\\2(?!.)) *)*$",
"type": "text"
},
"WHITELIST_ASN": {
@ -65,7 +65,7 @@
"help": "List of ASN numbers, separated with spaces, to whitelist.",
"id": "whitelist-asn",
"label": "Whitelist ASN",
"regex": "^.*$",
"regex": "^^( *((ASN?)?(\\d+)\\b(?!.*[SN ]\\4\\b)) *)*$",
"type": "text"
},
"WHITELIST_ASN_URLS": {
@ -74,7 +74,7 @@
"help": "List of URLs, separated with spaces, containing ASN to whitelist.",
"id": "whitelist-asn-urls",
"label": "Whitelist ASN URLs",
"regex": "^.*$",
"regex": "^( *(https?:\\/\\/[-\\w@:%.+~#=]+[-\\w()!@:%+.~#?&\\/=$]*)(?!.*\\2(?!.)) *)*$",
"type": "text"
},
"WHITELIST_USER_AGENT": {
@ -92,7 +92,7 @@
"help": "List of URLs, separated with spaces, containing good User-Agent to whitelist.",
"id": "whitelist-user-agent-urls",
"label": "Whitelist User-Agent URLs",
"regex": "^.*$",
"regex": "^( *(https?:\\/\\/[-\\w@:%.+~#=]+[-\\w()!@:%+.~#?&\\/=$]*)(?!.*\\2(?!.)) *)*$",
"type": "text"
},
"WHITELIST_URI": {
@ -101,7 +101,7 @@
"help": "List of URI, separated with spaces, to whitelist.",
"id": "whitelist-uri",
"label": "Whitelist URI",
"regex": "^.*$",
"regex": "^( *(/[\\w\\].~:/?#[@!$&'()*+,;=-]*)(?!.*\\2(?!.)) *)*$",
"type": "text"
},
"WHITELIST_URI_URLS": {
@ -110,7 +110,7 @@
"help": "List of URLs, separated with spaces, containing bad URI to whitelist.",
"id": "whitelist-uri-urls",
"label": "Whitelist URI URLs",
"regex": "^.*$",
"regex": "^( *(https?:\\/\\/[-\\w@:%.+~#=]+[-\\w()!@:%+.~#?&\\/=$]*)(?!.*\\2(?!.)) *)*$",
"type": "text"
}
},

42
src/common/db/model.py
View File

@ -57,7 +57,7 @@ class Plugins(Base):
id = Column(String(64), primary_key=True)
order = Column(Integer, nullable=False)
name = Column(String(128), nullable=False)
description = Column(String(255), nullable=False)
description = Column(String(256), nullable=False)
version = Column(String(32), nullable=False)
external = Column(Boolean, default=False, nullable=False)
@ -78,20 +78,20 @@ class Settings(Base):
UniqueConstraint("name"),
)
id = Column(String(255), primary_key=True)
name = Column(String(255), primary_key=True)
id = Column(String(256), primary_key=True)
name = Column(String(256), primary_key=True)
plugin_id = Column(
String(64),
ForeignKey("plugins.id", onupdate="CASCADE", ondelete="CASCADE"),
nullable=False,
)
context = Column(CONTEXTS_ENUM, nullable=False)
default = Column(String(1023), nullable=True, default="")
help = Column(String(255), nullable=False)
label = Column(String(255), nullable=True)
regex = Column(String(255), nullable=False)
default = Column(String(4096), nullable=True, default="")
help = Column(String(512), nullable=False)
label = Column(String(256), nullable=True)
regex = Column(String(1024), nullable=False)
type = Column(SETTINGS_TYPES_ENUM, nullable=False)
multiple = Column(String(255), nullable=True)
multiple = Column(String(128), nullable=True)
selects = relationship("Selects", back_populates="setting", cascade="all, delete")
services = relationship(
@ -107,11 +107,11 @@ class Global_values(Base):
__tablename__ = "global_values"
setting_id = Column(
String(255),
String(256),
ForeignKey("settings.id", onupdate="CASCADE", ondelete="CASCADE"),
primary_key=True,
)
value = Column(String(1023), nullable=False)
value = Column(String(4096), nullable=False)
suffix = Column(SmallInteger, primary_key=True, nullable=True, default=0)
method = Column(METHODS_ENUM, nullable=False)
@ -144,11 +144,11 @@ class Services_settings(Base):
primary_key=True,
)
setting_id = Column(
String(255),
String(256),
ForeignKey("settings.id", onupdate="CASCADE", ondelete="CASCADE"),
primary_key=True,
)
value = Column(String(1023), nullable=False)
value = Column(String(4096), nullable=False)
suffix = Column(SmallInteger, primary_key=True, nullable=True, default=0)
method = Column(METHODS_ENUM, nullable=False)
@ -165,7 +165,7 @@ class Jobs(Base):
String(64),
ForeignKey("plugins.id", onupdate="CASCADE", ondelete="CASCADE"),
)
file_name = Column(String(255), nullable=False)
file_name = Column(String(256), nullable=False)
every = Column(SCHEDULES_ENUM, nullable=False)
reload = Column(Boolean, nullable=False)
success = Column(Boolean, nullable=True)
@ -216,7 +216,7 @@ class Jobs_cache(Base):
nullable=True,
)
file_name = Column(
String(255),
String(256),
nullable=False,
)
data = Column(LargeBinary(length=(2**32) - 1), nullable=True)
@ -242,7 +242,7 @@ class Custom_configs(Base):
nullable=True,
)
type = Column(CUSTOM_CONFIGS_TYPES_ENUM, nullable=False)
name = Column(String(255), nullable=False)
name = Column(String(256), nullable=False)
data = Column(LargeBinary(length=(2**32) - 1), nullable=False)
checksum = Column(String(128), nullable=False)
method = Column(METHODS_ENUM, nullable=False)
@ -254,11 +254,11 @@ class Selects(Base):
__tablename__ = "selects"
setting_id = Column(
String(255),
String(256),
ForeignKey("settings.id", onupdate="CASCADE", ondelete="CASCADE"),
primary_key=True,
)
value = Column(String(255), primary_key=True)
value = Column(String(256), primary_key=True)
setting = relationship("Settings", back_populates="selects")
@ -267,17 +267,17 @@ class Logs(Base):
__tablename__ = "logs"
id = Column(TIMESTAMP, primary_key=True)
message = Column(String(1023), nullable=False)
message = Column(String(2048), nullable=False)
level = Column(LOG_LEVELS_ENUM, nullable=False)
component = Column(String(255), nullable=False)
component = Column(String(256), nullable=False)
class Instances(Base):
__tablename__ = "instances"
hostname = Column(String(255), primary_key=True)
hostname = Column(String(256), primary_key=True)
port = Column(Integer, nullable=False)
server_name = Column(String(255), nullable=False)
server_name = Column(String(256), nullable=False)
class Metadata(Base):