[general]
; Human readable file for logging all blocked access attempts. Specify a
; filename, or leave blank to disable.
logfile=''
; Apache-style file for logging all blocked access attempts. Specify a
; filename, or leave blank to disable.
logfileApache=''
; Serialised file for logging all blocked access attempts. Specify a filename,
; or leave blank to disable.
logfileSerialized=''
; Truncate logfiles when they reach a certain size? Value is the maximum size
; in B/KB/MB/GB/TB that a logfile may grow to before being truncated. The
; default value of 0KB disables truncation (logfiles can grow indefinitely).
; Note: Applies to individual logfiles! The size of logfiles is not considered
; collectively.
truncate='0KB'
; Log rotation limits the number of logfiles that should exist at any one time.
; When new logfiles are created, if the total number of logfiles exceeds the
; specified limit, the specified action will be performed. You can specify the
; desired limit here. A value of 0 will disable log rotation.
log_rotation_limit=0
; Log rotation limits the number of logfiles that should exist at any one time.
; When new logfiles are created, if the total number of logfiles exceeds the
; specified limit, the specified action will be performed. You can specify the
; desired action here. Delete = Delete the oldest logfiles, until the limit is
; no longer exceeded. Archive = Firstly archive, and then delete the oldest
; logfiles, until the limit is no longer exceeded.
log_rotation_action='Delete'
; Your timezone.
timezone='SYSTEM'
; Timezone offset in minutes.
timeOffset=0
; The date/time notation format used by CIDRAM. Additional options may be added
; upon request.
timeFormat='{Day}, {dd} {Mon} {yyyy} {hh}:{ii}:{ss} {tz}'
; Where to find the IP address of connecting requests? (Useful for services
; such as Cloudflare and the likes). Default = REMOTE_ADDR. WARNING: Don't
; change this unless you know what you're doing!
ipaddr='REMOTE_ADDR'
; Which HTTP status message should CIDRAM send when blocking requests? (Refer
; to the documentation for more information).
forbid_on_block=200
; Should CIDRAM silently redirect blocked access attempts instead of displaying
; the "Access Denied" page? If yes, specify the location to redirect blocked
; access attempts to. If no, leave this variable blank.
silent_mode=''
; Specify the default language for CIDRAM.
lang='en'
; How do you prefer numbers to be displayed? Select the example that looks the
; most correct to you.
numbers='Latin-1'
; If you wish, you can supply an email address here to be given to users when
; they're blocked, for them to use as a point of contact for support and/or
; assistance for in the event of them being blocked mistakenly or in error.
; WARNING: Whatever email address you supply here will most certainly be
; acquired by spambots and scrapers during the course of its being used here,
; and so, it's strongly recommended that if you choose to supply an email
; address here, that you ensure that the email address you supply here is a
; disposable address and/or an address that you don't mind being spammed (in
; other words, you probably don't want to use your primary personal or primary
; business email addresses).
emailaddr=''
; How would you prefer the email address to be presented to users?
emailaddr_display_style='default'
; Disable CLI mode? CLI mode is enabled by default, but can sometimes interfere
; with certain testing tools (such as PHPUnit, for example) and other CLI-based
; applications. If you don't need to disable CLI mode, you should ignore this
; directive. False = Enable CLI mode [Default]; True = Disable CLI mode.
disable_cli=false
; Disable front-end access? Front-end access can make CIDRAM more manageable,
; but can also be a potential security risk, too. It's recommended to manage
; CIDRAM via the back-end whenever possible, but front-end access is provided
; for when it isn't possible. Keep it disabled unless you need it. False =
; Enable front-end access; True = Disable front-end access [Default].
disable_frontend=true
; Maximum number of login attempts.
max_login_attempts=5
; File for logging front-end login attempts. Specify a filename, or leave blank
; to disable.
FrontEndLog=''
; Override "forbid_on_block" when "infraction_limit" is exceeded? When
; overriding: Blocked requests return a blank page (template files aren't
; used). 200 = Don't override [Default]. Other values are the same as the
; available values for "forbid_on_block".
ban_override=200
; Include blocked requests from banned IPs in the logfiles? True = Yes
; [Default]; False = No.
log_banned_ips=true
; A comma delimited list of DNS servers to use for hostname lookups. Default =
; "8.8.8.8,8.8.4.4" (Google DNS). WARNING: Don't change this unless you know
; what you're doing!
default_dns='8.8.8.8,8.8.4.4'
; Attempt to verify requests from search engines? Verifying search engines
; ensures that they won't be banned as a result of exceeding the infraction
; limit (banning search engines from your website will usually have a negative
; effect upon your search engine ranking, SEO, etc). When verified, search
; engines can be blocked as per normal, but won't be banned. When not verified,
; it's possible for them to be banned as a result of exceeding the infraction
; limit. Additionally, search engine verification provides protection against
; fake search engine requests and against potentially malicious entities
; masquerading as search engines (such requests will be blocked when search
; engine verification is enabled). True = Enable search engine verification
; [Default]; False = Disable search engine verification.
search_engine_verification=true
; Attempt to verify social media requests? Social media verification provides
; protection against fake social media requests (such requests will be
; blocked). True = Enable social media verification [Default]; False = Disable
; social media verification.
social_media_verification=true
; Specifies whether the protections normally provided by CIDRAM should be
; applied to the front-end. True = Yes [Default]; False = No.
protect_frontend=true
; Disable webfonts? True = Yes [Default]; False = No.
disable_webfonts=true
; Enable maintenance mode? True = Yes; False = No [Default]. Disables
; everything other than the front-end. Sometimes useful for when updating your
; CMS, frameworks, etc.
maintenance_mode=false
; Defines which algorithm to use for all future passwords and sessions.
; Options: PASSWORD_DEFAULT (default), PASSWORD_BCRYPT, PASSWORD_ARGON2I
; (requires PHP >= 7.2.0).
default_algo='PASSWORD_DEFAULT'
; Track CIDRAM usage statistics? True = Yes; False = No [Default].
statistics=false
; Force hostname lookups? True = Yes; False = No [Default]. Hostname lookups
; are normally performed on an "as needed" basis, but can be forced for all
; requests. Doing so may be useful as a means of providing more detailed
; information in the logfiles, but may also have a slightly negative effect on
; performance.
force_hostname_lookup=false
; Allow gethostbyaddr lookups when UDP is unavailable? True = Yes [Default];
; False = No.
allow_gethostbyaddr_lookup=true
; Hide version information from logs and page output? True = Yes; False = No
; [Default].
hide_version=false
; How should CIDRAM handle empty fields when logging and displaying block event
; information? "include" = Include empty fields. "omit" = Omit empty fields
; [default].
empty_fields='omit'
; When using the front-end logs page to view log data, CIDRAM sanitises the log
; data before displaying it, to protect users from XSS attacks and other
; potential threats that log data could contain. However, by default, data
; isn't sanitised during logging. This is to ensure that log data is preserved
; accurately, to aid any heuristic or forensic analysis that might be necessary
; in the future. However, in the event that a user attempts to read log data
; using external tools, and if those external tools don't perform their own
; sanitation process, the user could be exposed to XSS attacks. If necessary,
; you can change the default behaviour using this configuration directive. True
; = Sanitise data when logging it (data is preserved less accurately, but XSS
; risk is lower). False = Don't sanitise data when logging it (data is
; preserved more accurately, but XSS risk is higher) [Default].
log_sanitation=false
[signatures]
; A list of the IPv4 signature files that CIDRAM should attempt to parse,
; delimited by commas.
ipv4='ipv4.dat,ipv4_bogons.dat,ipv4_custom.dat,ipv4_isps.dat,ipv4_other.dat'
; A list of the IPv6 signature files that CIDRAM should attempt to parse,
; delimited by commas.
ipv6='ipv6.dat,ipv6_bogons.dat,ipv6_custom.dat,ipv6_isps.dat,ipv6_other.dat'
; Block CIDRs identified as belonging to webhosting/cloud services? If you
; operate an API service from your website or if you expect other websites to
; connect to your website, this should be set to false. If you don't, then,
; this directive should be set to true.
block_cloud=true
; Block bogon/martian CIDRs? If you expect connections to your website from
; within your local network, from localhost, or from your LAN, this directive
; should be set to false. If you don't expect these such connections, this
; directive should be set to true.
block_bogons=false
; Block CIDRs generally recommended for blacklisting? This covers any
; signatures that aren't marked as being part of any of the other more specific
; signature categories.
block_generic=true
; Block CIDRs in response to legal obligations? This directive shouldn't
; normally have any effect, because CIDRAM doesn't associate any CIDRs with
; "legal obligations" by default, but it exists nonetheless as an additional
; control measure for the benefit of any custom signature files or modules that
; might exist for legal reasons.
block_legal=true
; Block IPs associated with malware? This includes C&C servers, infected
; machines, machines involved in malware distribution, etc.
block_malware=true
; Block CIDRs identified as belonging to proxy services or VPNs? If you require
; that users be able to access your website from proxy services and VPNs, this
; directive should be set to false. Otherwise, if you don't require proxy
; services or VPNs, this directive should be set to true as a means of
; improving security.
block_proxies=false
; Block CIDRs identified as being high-risk for spam? Unless you experience
; problems when doing so, generally, this should always be set to true.
block_spam=true
; A list of module files to load after checking the IPv4/IPv6 signatures,
; delimited by commas.
modules=''
; How many seconds to track IPs banned by modules. Default = 604800 (1 week).
default_tracktime=604800
; Maximum number of infractions an IP is allowed to incur before it is banned
; by IP tracking. Default = 10.
infraction_limit=10
; When should infractions be counted? False = When IPs are blocked by modules.
; True = When IPs are blocked for any reason. Default = False.
track_mode=false
[recaptcha]
; Defines how CIDRAM should use reCAPTCHA (see documentation).
usemode=0
; Lock reCAPTCHA to IPs?
lockip=false
; Lock reCAPTCHA to users?
lockuser=true
; This value should correspond to the "site key" for your reCAPTCHA, which can
; be found within the reCAPTCHA dashboard.
sitekey=''
; This value should correspond to the "secret key" for your reCAPTCHA, which
; can be found within the reCAPTCHA dashboard.
secret=''
; Number of hours to remember reCAPTCHA instances.
expiry=720
; Log all reCAPTCHA attempts? If yes, specify the name to use for the logfile.
; If no, leave this variable blank.
logfile=''
; Maximum number of signatures allowed to be triggered when a reCAPTCHA
; instance is to be offered. Default = 1. If this number is exceeded for any
; particular request, a reCAPTCHA instance won't be offered.
signature_limit=1
; Which API to use? V2 or Invisible?
api='V2'
[legal]
; Pseudonymise IP addresses when logging? True = Yes [Default]; False = No.
pseudonymise_ip_addresses=true
; Omit IP addresses from logs? True = Yes; False = No [Default]. Note:
; "pseudonymise_ip_addresses" becomes redundant when "omit_ip" is "true".
omit_ip=false
; Omit hostnames from logs? True = Yes; False = No [Default].
omit_hostname=false
; Omit user agents from logs? True = Yes; False = No [Default].
omit_ua=false
; The address of a relevant privacy policy to be displayed in the footer of any
; generated pages. Specify a URL, or leave blank to disable.
privacy_policy=''
[template_data]
; Default theme to use for CIDRAM.
theme='default'
; Font magnification. Default = 1.
Magnification=1
; CSS file URL for custom themes.
css_url=''
[PHPMailer]
; A file for logging all events in relation to PHPMailer. Specify a filename,
; or leave blank to disable.
EventLog=''
; Setting this directive to `true` instructs PHPMailer to skip the normal
; authentication process that normally occurs when sending email via SMTP. This
; should be avoided, because skipping this process may expose outbound email to
; MITM attacks, but may be necessary in cases where this process prevents
; PHPMailer from connecting to an SMTP server.
SkipAuthProcess=false
; This directive determines whether to use 2FA for front-end accounts.
Enable2FA=false
; The SMTP host to use for outbound email.
Host=''
; The port number to use for outbound email. Default = 587.
Port=587
; The protocol to use when sending email via SMTP (TLS or SSL).
SMTPSecure='-'
; This directive determines whether to authenticate SMTP sessions (should
; usually be left alone).
SMTPAuth=true
; The username to use when sending email via SMTP.
Username=''
; The password to use when sending email via SMTP.
Password=''
; The sender address to cite when sending email via SMTP.
setFromAddress=''
; The sender name to cite when sending email via SMTP.
setFromName=''
; The reply address to cite when sending email via SMTP.
addReplyToAddress=''
; The reply name to cite when sending email via SMTP.
addReplyToName=''
[rate_limiting]
; The maximum amount of bandwidth allowed within the allowance period before
; rate limiting future requests. A value of 0 disables this type of rate
; limiting. Default = 0KB.
max_bandwidth='0KB'
; The maximum number of requests allowed within the allowance period before
; rate limiting future requests. A value of 0 disables this type of rate
; limiting. Default = 0.
max_requests=0
; The precision to use for tracking IPv4 usage. Value mirrors CIDR block size.
; Set to 32 for best precision. Default = 32.
precision_ipv4=32
; The precision to use for tracking IPv6 usage. Value mirrors CIDR block size.
; Set to 128 for best precision. Default = 128.
precision_ipv6=128
; The number of hours to track usage. Default = 0.
allowance_period=0
[supplementary_cache_options]
; Unstable/Experimental! Specifies whether to try using APCu for caching.
; Default = False.
enable_apcu=false
; Unstable/Experimental! Specifies whether to try using Memcached for caching.
; Default = False.
enable_memcached=false
; Unstable/Experimental! Specifies whether to try using Redis for caching.
; Default = False.
enable_redis=false
; Unstable/Experimental! Specifies whether to try using PDO for caching.
; Default = False.
enable_pdo=false
; Unstable/Experimental! Memcached host value. Default = "localhost".
memcached_host='localhost'
; Unstable/Experimental! Memcached port value. Default = "11211".
memcached_port=11211
; Unstable/Experimental! Redis host value. Default = "localhost".
redis_host='localhost'
; Unstable/Experimental! Redis port value. Default = "6379".
redis_port=6379
; Unstable/Experimental! Redis timeout value. Default = "2.5".
redis_timeout=2.5
; Unstable/Experimental! PDO DSN value. Default =
; "mysql:dbname=cidram;host=localhost;port=3306".
pdo_dsn='mysql:dbname=cidram;host=localhost;port=3306'
; Unstable/Experimental! PDO username.
pdo_username=''
; Unstable/Experimental! PDO password.
pdo_password=''
|
Download
