lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add DDOS protection

Browse Source
This commit is contained in:
Laurent Destailleur 2022-01-30 01:03:07 +01:00
parent a182cee8b0
commit 5942bc57e6
3 changed files with 100 additions and 58 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

145
dev/setup/apache/virtualhost
View File

@ -1,62 +1,93 @@
<VirtualHost *:80>
#php_admin_value sendmail_path "/usr/sbin/sendmail -t -i"
#php_admin_value mail.force_extra_parameters "-f postmaster@mydomain.com"
php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f postmaster@mydomain.com"
php_admin_value open_basedir /tmp/:/home/../htdocs
#php_admin_value sendmail_path "/usr/sbin/sendmail -t -i"
#php_admin_value mail.force_extra_parameters "-f postmaster@mydomain.com"
php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f postmaster@mydomain.com"
php_admin_value open_basedir /tmp/:/home/.../htdocs:/home/.../dolibarr_documents:
ServerName myvirtualalias
ServerAlias myvirtualalias
UseCanonicalName On
KeepAlive On
KeepAliveTimeout 5
MaxKeepAliveRequests 20
AddDefaultCharset UTF-8
DocumentRoot "/home/.../htdocs"
<Directory /home/.../htdocs/>
AllowOverride None
Options -Indexes -MultiViews +FollowSymLinks -ExecCGI
Require all granted
ServerName myvirtualalias
ServerAlias myvirtualalias
# To restrict access by a HTTP basic auth
#AuthType Basic
#AuthName "Authenticate to backoffice"
#AuthUserFile /etc/apache2/.htpasswd
#require valid-user
</Directory>
# Leaving /public and /api, /dav, .well_known but also wrappers for document and viewimage accessible to everyone
<Directory /home/admin/wwwroot/dolibarr/htdocs/public/>
AuthType None
Require all granted
Satisfy any
</Directory>
<Directory /home/admin/wwwroot/dolibarr/htdocs/api/>
AuthType None
Require all granted
Satisfy any
</Directory>
<Directory /home/admin/wwwroot/dolibarr/htdocs/dav/>
AuthType None
Require all granted
Satisfy any
</Directory>
<Directory /home/admin/wwwroot/dolibarr/htdocs/.well-known/>
AuthType None
Require all granted
Satisfy any
</Directory>
<Files ~ "(document\.php|viewimage\.php|\.js\.php|\.json\.php|\.js|\.css\.php|\.css|\.gif|\.png|\.svg|\.woff2|favicon\.ico)$">
AuthType None
Require all granted
Satisfy any
</Files>
UseCanonicalName On
AddDefaultCharset UTF-8
DocumentRoot "/home/.../htdocs"
<Directory /home/.../htdocs/>
AllowOverride None
Options -Indexes -MultiViews +FollowSymLinks -ExecCGI
Require all granted
</Directory>
<Directory "/home/../htdocs/cache">
Deny from all
RemoveHandler .phtml .php .php3 .php4 .php5 .php6 .phps .cgi .exe .pl .asp .aspx .shtml .shtm .fcgi .fpl .jsp .htm .html .wml
AddType application/x-httpd-php-source .phtml .php .php3 .php4 .php5 .php6 .phps .cgi .exe .pl .asp .aspx .shtml .shtm .fcgi .fpl .jsp .htm .html .wml
</Directory>
ErrorLog /var/log/apache2/myvirtualalias_error_log
TransferLog /var/log/apache2/myvirtualalias_access_log
# Compress returned resources of type php pages, text file export, css and javascript
AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/javascript application/x-javascript
AddType text/javascript .jgz
AddEncoding gzip .jgz
ExpiresActive On
ExpiresByType image/x-icon A2592000
ExpiresByType image/gif A2592000
ExpiresByType image/png A2592000
ExpiresByType image/jpeg A2592000
ExpiresByType text/css A2592000
ExpiresByType text/javascript A2592000
ExpiresByType application/x-javascript A2592000
ExpiresByType application/javascript A2592000
SSLEngine On
# A self-signed (snakeoil) certificate can be created by installing
# the ssl-cert package. See
# /usr/share/doc/apache2.2-common/README.Debian.gz for more info.
# If both key and certificate are stored in the same file, only the
# SSLCertificateFile directive is needed.
SSLCertificateFile /etc/letsencrypt/live/www.mydomain.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/www.mydomain.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/www.mydomain.com/chain.pem
#RewriteEngine on
#RewriteCond %{SERVER_PORT} ^80$
#RewriteRule ^(.*)$ https://%{SERVER_NAME}$1 [L,R]
ErrorLog /var/log/apache2/myvirtualalias_error_log
TransferLog /var/log/apache2/myvirtualalias_access_log
# Compress returned resources of type php pages, text file export, css and javascript
AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/javascript application/x-javascript
AddType text/javascript .jgz
AddEncoding gzip .jgz
ExpiresActive On
ExpiresByType image/x-icon A2592000
ExpiresByType image/gif A2592000
ExpiresByType image/png A2592000
ExpiresByType image/jpeg A2592000
ExpiresByType text/css A2592000
ExpiresByType text/javascript A2592000
ExpiresByType application/x-javascript A2592000
ExpiresByType application/javascript A2592000
SSLEngine On
# A self-signed (snakeoil) certificate can be created by installing
# the ssl-cert package. See
# /usr/share/doc/apache2.2-common/README.Debian.gz for more info.
# If both key and certificate are stored in the same file, only the
# SSLCertificateFile directive is needed.
SSLCertificateFile /etc/letsencrypt/live/www.mydomain.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/www.mydomain.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/www.mydomain.com/chain.pem
#RewriteEngine on
#RewriteCond %{SERVER_PORT} ^80$
#RewriteRule ^(.*)$ https://%{SERVER_NAME}$1 [L,R]
</VirtualHost>

7
htdocs/core/tpl/login.tpl.php
View File

@ -30,11 +30,16 @@ if (empty($conf) || !is_object($conf)) {
exit;
}
// DDOS protection
$size = (int) $_SERVER['CONTENT_LENGTH'];
if ($size > 10000) {
http_response_code(413);
exit;
}
require_once DOL_DOCUMENT_ROOT.'/core/lib/functions2.lib.php';
header('Cache-Control: Public, must-revalidate');
header("Content-type: text/html; charset=".$conf->file->character_set_client);

6
htdocs/core/tpl/passwordforgotten.tpl.php
View File

@ -27,6 +27,12 @@ if (empty($conf) || !is_object($conf)) {
exit;
}
// DDOS protection
$size = (int) $_SERVER['CONTENT_LENGTH'];
if ($size > 10000) {
http_response_code(413);
exit;
}
require_once DOL_DOCUMENT_ROOT.'/core/lib/functions2.lib.php';