Tripwire

Appearance

Rfi

Goal

Prevent remote file inclusion

Enabled

Enable or disable this wire

Methods

The methods specifies which methods should be inspected

Options:

  • 'post'
  • 'put'
  • 'patch'
  • 'get'
  • 'all' or '*'

The 'all' or '*' is a alias to inspect all methods

php
    ->methods(['post', 'put']) // only post and put method
php
    ->methods(['*']) // all methods

Attack score

This is this wire severity, the higher the number the more severe. All attackScores will be summarized and if it exceeds the PunishScore the block will be activated. Set this to a number that reflects the severity.

  • A very high number will immediately block the user/ip
  • A low number will only block if there are many requests

TIP

sqli and xss are very common attack vectors with high confidence detection. You should set those to a very high number

Tripwires

Specify the list of tokens that identify the remote file inclusion malicious request

WARNING

This will block all links in the request too, so users will not be able to enter any url

Example

php
WireDetailsConfig::make()
    ->enabled(true)
    ->methods(['*'])
    ->attackScore(500)
    ->tripwires([
        '#(http|ftp){1,1}(s){0,1}://.*#i',
    ]);
    
    //... optional overrides

optional global overriders

Released under the MIT License.

Copyright © 2022 to present Yormy