Data hosted with ♥ by Pastebin.com - Download Raw - See Original
  1. # Hiawatha main configuration file
  2. #
  3.  
  4.  
  5. # GENERAL SETTINGS
  6. #
  7. ServerId = www-data
  8. ConnectionsTotal = 1000
  9. ConnectionsPerIP = 35
  10. SystemLogfile = /var/log/hiawatha/system.log
  11. GarbageLogfile = /var/log/hiawatha/garbage.log
  12. ExploitLogfile = /var/log/hiawatha/exploit.log
  13.  
  14. LogFormat = extended
  15. ServerString = SimpleHTTPserver
  16. CGIwrapper = /usr/sbin/cgi-wrapper
  17.  
  18. # BINDING SETTINGS
  19. # A binding is where a client can connect to.
  20. #
  21. Binding {
  22. Port = 80
  23. # Interface = 127.0.0.1
  24. MaxKeepAlive = 50
  25. TimeForRequest = 12,50
  26. }
  27. #
  28. #Binding {
  29. # Port = 443
  30. # Interface = ::1
  31. # MaxKeepAlive = 30
  32. # TimeForRequest = 3,20
  33. # SSLcertFile = hiawatha.pem
  34. #}
  35.  
  36.  
  37. # BANNING SETTINGS
  38. # Deny service to clients who misbehave.
  39. #
  40. #BanOnGarbage = 300
  41. #BanOnMaxPerIP = 60
  42. #BanOnMaxReqSize = 300
  43. #KickOnBan = yes
  44. #RebanDuringBan = yes
  45.  
  46. BanOnGarbage = 300
  47. BanOnMaxPerIP = 300
  48. BanOnMaxReqSize = 300
  49. BanOnTimeout = 300
  50. KickOnBan = yes
  51. RebanDuringBan = yes
  52.  
  53. BanOnDeniedBody = 300
  54. BanOnSQLi = 300
  55. BanOnFlooding = 90/1:300
  56. BanlistMask = deny 127.0.0.1
  57. BanOnInvalidURL = 300
  58.  
  59. BanOnWrongPassword = 3:300
  60.  
  61. # COMMON GATEWAY INTERFACE (CGI) SETTINGS
  62. # These settings can be used to run CGI applications.
  63. #
  64. CGIhandler = /usr/bin/perl:pl
  65. CGIhandler = /usr/bin/php5-cgi:php
  66. CGIhandler = /usr/bin/python:py
  67. CGIhandler = /usr/bin/ruby:rb
  68. CGIhandler = /usr/bin/ssi-cgi:shtml
  69. CGIextension = cgi
  70. #
  71. FastCGIserver {
  72. FastCGIid = PHP5
  73. # ConnectTo = 127.0.0.1:2005
  74. ConnectTo = 127.0.0.1:9000
  75. Extension = php
  76. SessionTimeout = 600
  77. }
  78.  
  79.  
  80. # URL TOOLKIT
  81. # This URL toolkit rule was made for the Banshee PHP framework, which
  82. # can be downloaded from http://www.hiawatha-webserver.org/banshee
  83. #
  84. UrlToolkit {
  85. ToolkitID = banshee
  86. RequestURI isfile Return
  87. Call scannerblocker
  88. Match ^/(css|files|images|js|slimstat)($|/) Return
  89. Match ^/(favicon.ico|robots.txt|sitemap.xml)$ Return
  90. Match ^/(crawler)($|/) Return
  91. Match .*\?(.*) Rewrite /index.php?$1
  92. Match .* Rewrite /index.php
  93. }
  94.  
  95. UrlToolkit {
  96. ToolkitID = scannerblocker
  97. Header User-Agent ^w3af.sourceforge.net DenyAccess
  98. Header User-Agent ^dirbuster DenyAccess
  99. Header User-Agent ^nikto DenyAccess
  100. Header User-Agent ^sqlmap DenyAccess
  101. Header User-Agent ^fimap DenyAccess
  102. Header User-Agent ^nessus DenyAccess
  103. Header User-Agent ^Nessus DenyAccess
  104. Header User-Agent ^whatweb DenyAccess
  105. Header User-Agent ^Openvas DenyAccess
  106. Header User-Agent ^jbrofuzz DenyAccess
  107. Header User-Agent ^libwhisker DenyAccess
  108. Header User-Agent ^webshag DenyAccess
  109. Header User-Agent ^WVS DenyAccess
  110. Header User-Agent ^Morfeus DenyAccess
  111. Header User-Agent ^Fucking DenyAccess
  112. Header User-Agent ^Scanner DenyAccess
  113. Header User-Agent ^Aboundex DenyAccess
  114. Header User-Agent ^AlphaServer DenyAccess
  115. Header User-Agent ^Indy DenyAccess
  116. Header User-Agent ^ZmEu DenyAccess
  117. Header User-Agent ^social DenyAccess
  118. Header User-Agent ^Zollard DenyAccess
  119. Header User-Agent ^CLR DenyAccess
  120. Header User-Agent ^Camino DenyAccess
  121. Header User-Agent ^Nmap DenyAccess
  122. Header HTTP:Acunetix-Product ^WVS DenyAccess
  123. Header User-Agent ^WVS DenyAccess
  124. Header User-Agent ^Python-httplib DenyAccess
  125. Header User-Agent ^Python-requests DenyAccess
  126. Header User-Agent ^masscan DenyAccess
  127. Header User-Agent ^Java DenyAccess
  128. Header User-Agent ^Nutch DenyAccess
  129. Header User-Agent ^Who.is DenyAccess
  130. Header User-Agent ^immoral DenyAccess
  131. Header User-Agent ^crawler DenyAccess
  132. Header User-Agent ^NetShelter DenyAccess
  133. Header User-Agent ^Application DenyAccess
  134. Header User-Agent ^Validator.nu/LV DenyAccess
  135. }
  136.  
  137.  
  138. # DEFAULT WEBSITE
  139. # It is wise to use your IP address as the hostname of the default website
  140. # and give it a blank webpage. By doing so, automated webscanners won't find
  141. # your possible vulnerable website.
  142. #
  143. Hostname = 98.139.183.24
  144. WebsiteRoot = /var/www/hiawatha
  145. StartFile = index.html
  146. AccessLogfile = /var/log/hiawatha/access.log
  147. ErrorLogfile = /var/log/hiawatha/error.log
  148. #ErrorHandler = 404:/error.cgi
  149. ReverseProxy ^/.* http://www.example.com:80/
  150.  
  151. Include /etc/hiawatha/enable-sites/
  152.  
  153. # VIRTUAL HOSTS
  154. # Use a VirtualHost section to declare the websites you want to host.
  155. #
  156. #VirtualHost {
  157. # Hostname = www.my-domain.com
  158. # WebsiteRoot = /var/www/my-domain/public
  159. # StartFile = index.php
  160. # AccessLogfile = /var/www/my-domain/log/access.log
  161. # ErrorLogfile = /var/www/my-domain/log/error.log
  162. # TimeForCGI = 5
  163. # UseFastCGI = PHP5
  164. # UseToolkit = banshee
  165. #}
  166.  
  167.  
  168. # DIRECTORY SETTINGS
  169. # You can specify some settings per directory.
  170. #
  171. #Directory {
  172. # Path = /home/baduser
  173. # ExecuteCGI = no
  174. # UploadSpeed = 10,2
  175. #}