Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # Hiawatha main configuration file
- #
- # GENERAL SETTINGS
- #
- ServerId = www-data
- ConnectionsTotal = 1000
- ConnectionsPerIP = 35
- SystemLogfile = /var/log/hiawatha/system.log
- GarbageLogfile = /var/log/hiawatha/garbage.log
- ExploitLogfile = /var/log/hiawatha/exploit.log
- LogFormat = extended
- ServerString = SimpleHTTPserver
- CGIwrapper = /usr/sbin/cgi-wrapper
- # BINDING SETTINGS
- # A binding is where a client can connect to.
- #
- Binding {
- Port = 80
- # Interface = 127.0.0.1
- MaxKeepAlive = 50
- TimeForRequest = 12,50
- }
- #
- #Binding {
- # Port = 443
- # Interface = ::1
- # MaxKeepAlive = 30
- # TimeForRequest = 3,20
- # SSLcertFile = hiawatha.pem
- #}
- # BANNING SETTINGS
- # Deny service to clients who misbehave.
- #
- #BanOnGarbage = 300
- #BanOnMaxPerIP = 60
- #BanOnMaxReqSize = 300
- #KickOnBan = yes
- #RebanDuringBan = yes
- BanOnGarbage = 300
- BanOnMaxPerIP = 300
- BanOnMaxReqSize = 300
- BanOnTimeout = 300
- KickOnBan = yes
- RebanDuringBan = yes
- BanOnDeniedBody = 300
- BanOnSQLi = 300
- BanOnFlooding = 90/1:300
- BanlistMask = deny 127.0.0.1
- BanOnInvalidURL = 300
- BanOnWrongPassword = 3:300
- ChallengeClient = 70,httpheader,300
- # COMMON GATEWAY INTERFACE (CGI) SETTINGS
- # These settings can be used to run CGI applications.
- #
- CGIhandler = /usr/bin/perl:pl
- #CGIhandler = /usr/bin/php5-cgi:php
- CGIhandler = /usr/sbin/php5-fpm:php
- CGIhandler = /usr/bin/python:py
- CGIhandler = /usr/bin/ruby:rb
- CGIhandler = /usr/bin/ssi-cgi:shtml
- CGIextension = cgi
- #
- FastCGIserver {
- FastCGIid = PHP5
- # ConnectTo = 127.0.0.1:9000
- ConnectTo = /var/run/php5-fpm.sock
- Extension = php
- SessionTimeout = 600
- }
- # URL TOOLKIT
- # This URL toolkit rule was made for the Banshee PHP framework, which
- # can be downloaded from http://www.hiawatha-webserver.org/banshee
- #
- UrlToolkit {
- ToolkitID = banshee
- Do Call scannerblocker
- Do Call vulnerabilityblocker
- RequestURI isfile Return
- Match ^/(css|files|images|js|slimstat)($|/) Return
- Match ^/(favicon.ico|robots.txt|sitemap.xml)$ Return
- Match ^/(crawler)($|/) Return
- Match .*\?(.*) Rewrite /index.php?$1
- Match .* Rewrite /index.php
- }
- UrlToolkit {
- ToolkitID = vulnerabilityblocker
- Header * \(\)\s*\{ DenyAccess # Shellshock
- MatchCI ^/(crawler|pma|myadmin|phpmyadmin|cgi-bin)($|/) Ban 900 # phpmyadmin & cgi-bin
- MatchCI ^/(xmlrpc.php|phpinfo.php)$ Ban 900 # wordpress, drupal & phpinfo
- }
- UrlToolkit {
- ToolkitID = scannerblocker
- Header User-Agent ^w3af.sourceforge.net DenyAccess
- Header User-Agent ^dirbuster DenyAccess
- Header User-Agent ^nikto DenyAccess
- Header User-Agent ^sqlmap DenyAccess
- Header User-Agent ^fimap DenyAccess
- Header User-Agent ^nessus DenyAccess
- Header User-Agent ^Nessus DenyAccess
- Header User-Agent ^whatweb DenyAccess
- Header User-Agent ^Openvas DenyAccess
- Header User-Agent ^jbrofuzz DenyAccess
- Header User-Agent ^libwhisker DenyAccess
- Header User-Agent ^webshag DenyAccess
- Header User-Agent ^Morfeus DenyAccess
- Header User-Agent ^Fucking DenyAccess
- Header User-Agent ^Scanner DenyAccess
- Header User-Agent ^Aboundex DenyAccess
- Header User-Agent ^AlphaServer DenyAccess
- Header User-Agent ^Indy DenyAccess
- Header User-Agent ^ZmEu DenyAccess
- Header User-Agent ^social DenyAccess
- Header User-Agent ^Zollard DenyAccess
- Header User-Agent ^CLR DenyAccess
- Header User-Agent ^Camino DenyAccess
- Header User-Agent ^Nmap DenyAccess
- Header * ^WVS DenyAccess
- Header User-Agent ^Python-httplib DenyAccess
- Header User-Agent ^Python-requests DenyAccess
- Header User-Agent ^masscan DenyAccess
- Header User-Agent ^Java DenyAccess
- Header User-Agent ^Nutch DenyAccess
- Header User-Agent ^Who.is DenyAccess
- Header User-Agent ^immoral DenyAccess
- Header User-Agent ^crawler DenyAccess
- Header User-Agent ^NetShelter DenyAccess
- Header User-Agent ^Application DenyAccess
- Header User-Agent ^Validator.nu/LV DenyAccess
- Header * ^ssdp DenyAccess
- Header User-Agent ^Arachni DenyAccess
- Header User-Agent ^Spider-Pig DenyAccess
- Header User-Agent ^tinfoilsecurity DenyAccess
- Header User-Agent ^@ DenyAccess
- Header User-Agent ^shellshock-scan DenyAccess
- Header User-Agent ^Vega DenyAccess
- Header * ^\(\)\s*\{ DenyAccess
- Header * ^uname DenyAccess
- Header * ^whoami DenyAccess
- Header User-Agent ^friendly-scanner DenyAccess
- Header * ^mxmail.netease.com DenyAccess
- Header * ^muieblackcat DenyAccess
- Header User-Agent ^BOT\sfor\sJCE DenyAccess
- }
- # DEFAULT WEBSITE
- # It is wise to use your IP address as the hostname of the default website
- # and give it a blank webpage. By doing so, automated webscanners won't find
- # your possible vulnerable website.
- #
- Hostname = 98.139.183.24
- WebsiteRoot = /var/www/hiawatha
- StartFile = index.html
- AccessLogfile = /var/log/hiawatha/access.log
- ErrorLogfile = /var/log/hiawatha/error.log
- #ErrorHandler = 404:/error.cgi
- ReverseProxy ^/.* http://www.example.com:80/
- Include /etc/hiawatha/enable-sites/
- # VIRTUAL HOSTS
- # Use a VirtualHost section to declare the websites you want to host.
- #
- #VirtualHost {
- # Hostname = www.my-domain.com
- # WebsiteRoot = /var/www/my-domain/public
- # StartFile = index.php
- # AccessLogfile = /var/www/my-domain/log/access.log
- # ErrorLogfile = /var/www/my-domain/log/error.log
- # TimeForCGI = 5
- # UseFastCGI = PHP5
- # UseToolkit = banshee
- #}
- # DIRECTORY SETTINGS
- # You can specify some settings per directory.
- #
- #Directory {
- # Path = /home/baduser
- # ExecuteCGI = no
- # UploadSpeed = 10,2
- #}
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement