Data hosted with ♥ by Pastebin.com - Download Raw - See Original
  1. # Hiawatha main configuration file
  2. #
  3.  
  4.  
  5. # GENERAL SETTINGS
  6. #
  7. #ServerId = www-data
  8. ServerId = www-data
  9. #ConnectionsTotal = 150
  10. #ConnectionsPerIP = 10
  11. ConnectionsTotal = 1000
  12. # This setting is proofed to be working for IE, firefox and chrome on Banshee 3.5, 3.7
  13. # Other than the above mentioned, you may need to change the value
  14. ConnectionsPerIP = 35
  15. SystemLogfile = /var/log/hiawatha/system.log
  16. GarbageLogfile = /var/log/hiawatha/garbage.log
  17. ExploitLogfile = /var/log/hiawatha/exploit.log
  18.  
  19. LogFormat = extended
  20. ServerString = SimpleHTTPserver
  21. CGIwrapper = /usr/sbin/cgi-wrapper
  22.  
  23. # BINDING SETTINGS
  24. # A binding is where a client can connect to.
  25. #
  26. Binding {
  27. Port = 80
  28. # Interface = 127.0.0.1
  29. # MaxKeepAlive = 30
  30. MaxKeepAlive = 50
  31. # TimeForRequest = 5,30
  32. # This settings is proofed to be working on IE, firefox and chrome on Banshee 3.5, 3.7
  33. # for slower internet connection, such as 2.5G mobile network
  34. # Other than the above mentioned, you may need to change the value
  35. TimeForRequest = 12,50
  36. }
  37. #
  38. #Binding {
  39. # Port = 443
  40. # Interface = ::1
  41. # MaxKeepAlive = 30
  42. # TimeForRequest = 3,20
  43. # SSLcertFile = hiawatha.pem
  44. #}
  45.  
  46.  
  47. # BANNING SETTINGS
  48. # Deny service to clients who misbehave.
  49. #
  50. #BanOnGarbage = 300
  51. #BanOnMaxPerIP = 60
  52. #BanOnMaxReqSize = 300
  53. #KickOnBan = yes
  54. #RebanDuringBan = yes
  55.  
  56. BanOnGarbage = 300
  57. BanOnMaxPerIP = 300
  58. BanOnMaxReqSize = 300
  59. BanOnTimeout = 300
  60. KickOnBan = yes
  61. RebanDuringBan = yes
  62.  
  63. BanOnDeniedBody = 300
  64. BanOnSQLi = 300
  65. # This settings is proofed to be working on IE, firefox and chrome on Banshee 3.5, 3.7
  66. # Other than the above mentioned, you may need to change the value
  67. BanOnFlooding = 90/1:300
  68. #BanlistMask = deny 192.168.20.0/24, deny 127.0.0.1
  69. BanlistMask = deny 127.0.0.1
  70. BanOnInvalidURL = 300
  71.  
  72. BanOnWrongPassword = 3:300
  73.  
  74. # COMMON GATEWAY INTERFACE (CGI) SETTINGS
  75. # These settings can be used to run CGI applications. Use the 'php-fcgi'
  76. # tool to start PHP as a FastCGI daemon.
  77. #
  78. #CGIhandler = /usr/bin/perl:pl
  79. #CGIhandler = /usr/bin/php-cgi:php
  80. #CGIhandler = /usr/bin/python:py
  81. #CGIhandler = /usr/bin/ruby:rb
  82. #CGIhandler = /usr/bin/ssi-cgi:shtml
  83. #CGIextension = cgi
  84. #
  85. #FastCGIserver {
  86. # FastCGIid = PHP5
  87. # ConnectTo = 127.0.0.1
  88. # Extension = php
  89. #}
  90.  
  91. CGIhandler = /usr/bin/perl:pl
  92. CGIhandler = /usr/bin/php5-cgi:php
  93. CGIhandler = /usr/bin/python:py
  94. CGIhandler = /usr/bin/ruby:rb
  95. CGIhandler = /usr/bin/ssi-cgi:shtml
  96. CGIextension = cgi
  97.  
  98. FastCGIserver {
  99. FastCGIid = PHP5
  100. # ConnectTo = 127.0.0.1:2005
  101. # ConnectTo = /var/lib/hiawatha/php-fcgi.sock
  102. ConnectTo = 127.0.0.1:9000
  103. Extension = php
  104. SessionTimeout = 600
  105. }
  106.  
  107.  
  108. # URL TOOLKIT
  109. # This URL toolkit rule was made for the Banshee PHP framework, which
  110. # can be downloaded from http://www.hiawatha-webserver.org/banshee
  111. #
  112.  
  113. # The scannerblocker will ban some common scanners which with their default settings
  114. UrlToolkit {
  115. ToolkitID = scannerblocker
  116. Header User-Agent ^w3af.sourceforge.net Return
  117. Header User-Agent ^dirbuster Return
  118. Header User-Agent ^nikto Return
  119. Header User-Agent ^sqlmap Return
  120. Header User-Agent ^fimap Return
  121. Header User-Agent ^nessus Return
  122. Header User-Agent ^whatweb Return
  123. Header User-Agent ^Openvas Return
  124. Header User-Agent ^jbrofuzz Return
  125. Header User-Agent ^libwhisker Return
  126. Header User-Agent ^webshag Return
  127. Header User-Agent ^WVS Return
  128. Header User-Agent ^Morfeus Return
  129. Header User-Agent ^Fucking Return
  130. Header User-Agent ^Scanner Return
  131. Header User-Agent ^Aboundex Return
  132. Header User-Agent ^AlphaServer Return
  133. Header User-Agent ^Indy Return
  134. Header User-Agent ^ZmEu Return
  135. Header User-Agent ^social Return
  136. Header User-Agent ^Zollard Return
  137. Header User-Agent ^CLR Return
  138. Header User-Agent ^Camino Return
  139. Header User-Agent ^Nmap Return
  140. Header HTTP:Acunetix-Product ^WVS Return
  141. }
  142.  
  143. UrlToolkit {
  144. ToolkitID = banshee
  145. RequestURI isfile Return
  146. Call scannerblocker
  147. Match ^/(css|files|images|js|slimstat)($|/) Return
  148. Match ^/(favicon.ico|robots.txt|sitemap.xml)$ Return
  149. Match .*\?(.*) Rewrite /index.php?$1
  150. Match .* Rewrite /index.php
  151. }
  152.  
  153. UrlToolkit {
  154. ToolkitID = monitor
  155. RequestURI isfile Return
  156. Match ^/(css|files|images|js|slimstat)($|/) Return
  157. Match ^/(favicon.ico|robots.txt|sitemap.xml)$ Return
  158. Match .*\?(.*) Rewrite /index.php?$1
  159. Match .* Rewrite /index.php
  160. }
  161.  
  162. # DEFAULT WEBSITE
  163. # It is wise to use your IP address as the hostname of the default website
  164. # and give it a blank webpage. By doing so, automated webscanners won't find
  165. # your possible vulnerable website.
  166. #
  167. # Make sure to change the IP address of the Hostname below with your webserver IP address.
  168. # This setting will cause anyone visit to your webserver with your IP address to be redirected to www.example.com.
  169. # So that, your webserver is under some protection of the attacks.
  170. Hostname = 98.139.183.24
  171. WebsiteRoot = /var/www/hiawatha
  172. #StartFile = index.html
  173. StartFile = index.html
  174. AccessLogfile = /var/log/hiawatha/access.log
  175. ErrorLogfile = /var/log/hiawatha/error.log
  176. #ErrorHandler = 404:/error.cgi
  177. ReverseProxy ^/.* http://www.example.com:80/
  178.  
  179. Include /etc/hiawatha/enable-sites/
  180.  
  181. # VIRTUAL HOSTS
  182. # Use a VirtualHost section to declare the websites you want to host.
  183. #
  184. #VirtualHost {
  185. # Hostname = www.my-domain.com
  186. # WebsiteRoot = /var/www/my-domain/public
  187. # StartFile = index.php
  188. # AccessLogfile = /var/www/my-domain/log/access.log
  189. # ErrorLogfile = /var/www/my-domain/log/error.log
  190. # TimeForCGI = 5
  191. # UseFastCGI = PHP5
  192. # UseToolkit = banshee
  193. #}
  194.  
  195.  
  196. # DIRECTORY SETTINGS
  197. # You can specify some settings per directory.
  198. #
  199. #Directory {
  200. # Path = /home/baduser
  201. # ExecuteCGI = no
  202. # UploadSpeed = 10,2
  203. #}