forked from jseidl/bifrost
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathbifrost.conf
More file actions
64 lines (59 loc) · 1.47 KB
/
bifrost.conf
File metadata and controls
64 lines (59 loc) · 1.47 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
[general]
listen_port = 80
# backend (final webserver) settings
backend_ip = 10.1.1.100
backend_port = 80
# modes: operational, training, bypass
mode = operational
#mode = bypass
#mode = training
# what to do with urls not in database? drop, pass
unknown_urls = drop
[analyzer]
# type of limiting: range, avg
# range: min <= value <= max
# avg: same as above but with min and max
# derived from tolerance (see enforcer below)
# req
request_content_size = range
# resp
response_content_size = range
response_header_size = range
response_header_qty = range
# @TODO requests must comply with rfc
strict_rfc = 1
# restrict cookies and headers to known ones
request_cookies = 1
request_headers = 0
response_cookies = 1
response_headers = 1
# restrict post fields to known ones
request_postdata = 1
# restrict uploaded file's mime types to known ones
upload_filetype = 1
[scorer]
request_content_size = 8
response_content_size = 8
response_header_size = 5
response_header_qty = 5
request_cookies = 100
request_headers = 0
response_cookies = 100
response_headers = 100
request_postdata = 30
upload_filetype = 30
[tolerance]
# tolerance the range/avg metric should consider
request_content_size = 0.05
response_content_size = 0.2
response_header_size = 0.1
response_header_qty = 0.1
[enforcer]
# threshold = score sum which request or response will be
# flagged as malicious
response_threshold = 15
request_threshold = 15
# drop the malicious requests?
action = drop
# @TODO alerting
alert = 1