gcch/haiku-atelier-2024
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: gcch:cfde45aa5e5beedabb01d58bb9870bcfd8b1b851
Branches Tags
gcch:principale
gcch:wip-effect
gcch:production
gcch:gleam
..
compare: gcch:bcdfc346d61901fd4c0a4e4adb9fb2bd30e27ad2
Branches Tags
gcch:wip-effect
gcch:production
gcch:principale
gcch:gleam

63 commits
cfde45aa5e ... bcdfc346d6

Author SHA1 Message Date
gcch
bcdfc346d6 corvée(images) optimise les derniers téléversements 2026-05-03 15:30:47 +02:00
gcch
96039f25e9 corvée(images) ajoute les derniers téléversements 2026-05-03 15:30:47 +02:00
gcch
f6d1d09357 ref(script) essaye du parallélisme pour la conversion d'images 2026-05-03 15:30:47 +02:00
gcch
3645930147 fix(produit) tri les attributs/variations par nom 2026-05-03 14:52:53 +02:00
gcch
d5da972aec corvée(playwright) met à jour la configuration playwright 
- créé une tâche justfile pour lancer le mode UI de Playwright.
 2026-05-03 14:52:53 +02:00
gcch
a109caa5e0 corvée(phpantom) installe le LSP phpantom 2026-05-03 14:52:53 +02:00
gcch
b14921b493 corvée(phpactor) met à jour phpactor 2026-05-03 14:52:53 +02:00
gcch
bf2c7edd1a fix(sitemaps) désactive la génération WP des Sitemaps 2026-05-03 14:52:53 +02:00
gcch
8e0ec560fd corvée(formatage) màj de la configuration Mago 2026-05-03 14:52:53 +02:00
gcch
730184704e ref(env) wip 2026-05-03 14:52:53 +02:00
gcch
5529e91915 ref(justfile) utilise watchexec pour la tâche de compilation JS à la màj des fichiers 2026-05-03 14:52:19 +02:00
gcch
94a9a6773d ref(styles) wip harmonisation des Boutons 2026-05-03 14:52:19 +02:00
gcch
740caa46a6 corvée(deps) installe html-template-tag 2026-05-03 13:11:08 +02:00
gcch
2aa8d6880c corvée(deps) met à jour les dépendances 2026-05-03 13:11:08 +02:00
gcch
56af75707f ref(boutique) wip scripts sous forme Effect 2026-05-03 13:11:08 +02:00
gcch
498ae877a1 corvée(lint) applique des suggestions de lint Oxlint 2026-04-30 11:02:17 +02:00
gcch
c66cf7faba ref(effect) supprime une ancienne version de service API 2026-04-30 11:02:17 +02:00
gcch
4b5cadbc6e ref(boutique) injecte les états dans la page sous forme de JSON 2026-04-30 11:02:17 +02:00
gcch
3e8982f11b corvée(formatage) corrige un mauvais formatage 2026-04-30 11:02:17 +02:00
gcch
0083e94084 fix(oxlint) désactive la configuration Astro 2026-04-30 11:02:17 +02:00
gcch
f0d1b4a3be ref(justfile) ajoute une commande pour formater uniquement via treefmt 2026-04-30 11:02:17 +02:00
gcch
8027006fde corvée(deps) met à jour les dépendances 2026-04-30 11:02:17 +02:00
gcch
7f6f40cda4 corvée(lsp) installe lsp-variables 2026-04-30 11:02:17 +02:00
gcch
869f8aeac4 corvée(outillage) passe de Bun à Aube pour la gestion de dépendances 2026-04-30 11:02:17 +02:00
gcch
7bb792ac18 wip 2026-04-28 13:30:37 +02:00
gcch
44c5f1fb4d corvée(images) optimise les images 2026-04-28 12:34:49 +02:00
gcch
0478744a71 wip 2026-04-28 11:48:33 +02:00
gcch
2d4caefd26 wip 2026-04-28 11:47:57 +02:00
gcch
03af121e92 corvé(images) foutoir avec téléversements 2026-04-28 11:47:46 +02:00
gcch
690e763317 corvée: exporte la BDD de production 2026-04-27 14:01:22 +02:00
gcch
e98417ab36 corvée: optimise les images, nettoie les miniatures, màj le script de conversion 2026-04-27 13:57:06 +02:00
gcch
0b0c7f3dcc corvée: nettoie les téléversements et ajoute les derniers 2026-04-27 13:29:03 +02:00
gcch
7fcc90f052 wip 2026-04-27 11:50:08 +02:00
gcch
095ac520a9 corvée: optimise les images 2026-04-25 10:36:29 +02:00
gcch
480cd30eef fix(accueil) affiche les petites vidéos à partir d'une plus grande taille d'écran 
- n'utilise que des vidéos en MP4 x264
 2026-04-24 17:26:52 +02:00
gcch
2fbff76c0f corvée: exporte la BDD + ajoute les dernières images 2026-04-24 16:38:41 +02:00
gcch
e9f5df223e wip 2026-04-24 16:16:38 +02:00
gcch
ff90b05977 ref: remplace l'animation de l'Accueil par une vidéo et la déplace dans A propos 2026-04-24 16:16:04 +02:00
gcch
8bd25821c0 corvée: met à jour les dépendances 2026-04-24 16:14:27 +02:00
gcch
f61ec51d43 ref: continue le travail sur la page Produit 2026-04-22 15:22:43 +02:00
gcch
922a66d5bc ref: désactive le linte d'Oxlint dans Zed 2026-04-19 15:55:36 +02:00
gcch
4fe1056eab ref: refactorise les scripts de la page Produit 2026-04-19 15:17:23 +02:00
gcch
2d7ee36398 fix: retourne un tableau pour les Options d'un Attribut 2026-04-19 15:17:23 +02:00
gcch
19181afe00 corvée: met à jour Mago 2026-04-19 15:16:11 +02:00
gcch
673b1d7d20 fix: linte avec oxc seulement à la sauvegarde du fichier 
Un passage de lint peut prendre jusqu'à 100% du CPU.
 2026-04-19 15:16:11 +02:00
gcch
8d61dbba4d fonc: déplace l'injection de données du Produit dans un script JSON 2026-04-19 15:16:11 +02:00
gcch
7b5a595d58 corvée: met à jour les dépendances 
- applique effect-ts go
 2026-04-19 15:16:04 +02:00
gcch
5e97b6dcbc fonc: travail en cours sur scripts page Produit 2026-04-14 11:02:10 +02:00
gcch
08ad871e0c 2026-04-13 2026-04-13 11:29:31 +02:00
gcch
d50de6d534 2026-04-10 
- corvée: met à jour les deps
- corvée: formate
 2026-04-10 23:54:12 +02:00
gcch
00f87fedcd 2026-04-08 2026-04-08 17:47:21 +02:00
gcch
c255798aab 2026-04-07 2026-04-07 16:12:13 +02:00
gcch
7baeb28fc1 2026-04-06 2026-04-06 17:34:29 +02:00
gcch
2971f5516d 2026-04-05 2026-04-05 16:49:20 +02:00
gcch
5f835ca4e6 2026-04-03 2026-04-03 17:00:01 +02:00
gcch
15371d2469 2026-04-02 2026-04-02 19:01:16 +02:00
gcch
5f332f4068 2026-04-01 2026-04-01 18:31:43 +02:00
gcch
ef19ba2b72 wip avec résolution de conflits 2026-04-01 17:00:10 +02:00
gcch
63b2d2b256 wip + convertis images 2026-04-01 16:50:01 +02:00
gcch
809061c551 temp: transfert entre ordinateurs 2026-04-01 16:44:16 +02:00
gcch
ffeb40aa92 tests: ébauche des tests d'intégration via Playwright 2026-03-30 17:18:19 +02:00
gcch
8db24151b1 corvée(deps) met à jour les dépendances 2026-03-30 17:18:19 +02:00
gcch
42e141679e fix(lsp) rafraîchis les diagnostiques phpactor à la màj d'un fichier 2026-03-30 17:18:19 +02:00
1032 changed files with 284989 additions and 190933 deletions
Download patch file Download diff file Expand all files Collapse all files

1
.gitignore vendored
View file

@ -60,6 +60,7 @@ containers/conf/angie/modules-available
containers/conf/angie/modules-enabled containers/conf/angie/modules-enabled
containers/conf/angie/scripts containers/conf/angie/scripts
containers/conf/angie/snippets containers/conf/angie/snippets
containers/conf/angie/http-waf
# Formateurs # Formateurs
.php-cs-fixer.cache .php-cs-fixer.cache

2
.npmrc
View file

@ -1,2 +0,0 @@
# Nécessaire pour better-typescript-lib
public-hoist-pattern[]=@typescript/*

38
.oxlintrc.json
View file

@ -1,38 +0,0 @@
{
"$schema": "./node_modules/oxlint/configuration_schema.json",
"env": { "browser": true, "es2020": true, "es2022": true },
"categories": {
"correctness": "error",
"nursery": "error",
"pedantic": "error",
"perf": "warn",
"restriction": "error",
"style": "warn",
"suspicious": "error"
},
"plugins": ["jsdoc", "promise", "unicorn", "jsdoc", "oxc", "promise", "typescript", "unicorn"],
"rules": {
"import/export": "error",
"no-array-for-each": "off",
"no-async-await": "off",
"no-console": "off",
"no-magic-numbers": "warn",
"no-map-spread": "off",
"no-misused-promises": "off",
"no-optional-chaining": "off",
"no-rest-spread-properties": "off",
"no-ternary": "off",
"no-undefined": "off",
"no-unused-expressions": "off",
"no-void": "off",
"prefer-await-to-then": "off",
"promise/prefer-await-to-callbacks": "off",
"sort-imports": "off",
"typescript/array-type": ["error", { "default": "generic", "readonly": "generic" }],
"typescript/consistent-indexed-object-style": ["error", "record"],
"typescript/consistent-type-imports": "error",
"typescript/explicit-function-return-type": "warn",
"unicorn/prefer-dom-node-dataset": "off",
"yoda": ["error", "never"]
}
}

10
.php-cs-fixer.dist.php
View file

@ -1,4 +1,6 @@
<?php declare(strict_types=1); <?php
declare(strict_types=1);
use PhpCsFixer\Config; use PhpCsFixer\Config;
use PhpCsFixer\Finder; use PhpCsFixer\Finder;
@ -52,7 +54,11 @@ return new Config()
'full_opening_tag' => true, 'full_opening_tag' => true,
'fully_qualified_strict_types' => ['import_symbols' => true], 'fully_qualified_strict_types' => ['import_symbols' => true],
'function_to_constant' => true, 'function_to_constant' => true,
'global_namespace_import' => ['import_classes' => true, 'import_constants' => true, 'import_functions' => true], 'global_namespace_import' => [
'import_classes' => true,
'import_constants' => true,
'import_functions' => true,
],
'heredoc_to_nowdoc' => true, 'heredoc_to_nowdoc' => true,
'integer_literal_case' => true, 'integer_literal_case' => true,
'lambda_not_used_import' => true, 'lambda_not_used_import' => true,

10
.phpactor.json
View file

@ -1,16 +1,10 @@
{ {
"$schema": "./phpactor.schema.json", "$schema": "./phpactor.schema.json",
"indexer.exclude_patterns": [
"/vendor/**/Tests/**/*",
"/vendor/**/tests/**/*",
"/var/cache/**/*",
"/vendor/composer/**/*"
],
"language_server.diagnostic_outsource_timeout": 5, "language_server.diagnostic_outsource_timeout": 5,
"language_server.diagnostics_on_update": false,
"language_server.diagnostics_on_save": true, "language_server.diagnostics_on_save": true,
"language_server.diagnostics_on_update": true,
"language_server_highlight.enabled": true, "language_server_highlight.enabled": true,
"language_server_php_cs_fixer.enabled": true, "language_server_php_cs_fixer.enabled": false,
"language_server_phpstan.config": "phpstan.neon", "language_server_phpstan.config": "phpstan.neon",
"language_server_phpstan.enabled": true, "language_server_phpstan.enabled": true,
"language_server_psalm.enabled": false, "language_server_psalm.enabled": false,

19
.phpantom.toml Normal file
View file

@ -0,0 +1,19 @@
# :schema: https://github.com/AJenbo/phpantom_lsp/raw/main/config-schema.json
[php]
# Override the detected PHP version (default: inferred from composer.json, or 8.5).
# version = "8.5"
#
[diagnostics]
extra-arguments = true
# Report member access on subjects whose type could not be resolved.
# Useful for discovering gaps in type coverage. Off by default.
unresolved-member-access = false
[indexing]
# How PHPantom discovers classes across the workspace.
# "composer" (default) - use Composer classmap, self-scan on fallback
# "self" - always self-scan, ignore Composer classmap
# "none" - no proactive scanning, Composer classmap only
strategy = "composer"

29
.prettierignore
View file

@ -1,29 +0,0 @@
# Tout ce qui est traité par dprint
*.css
*.html
*.js
*.json
!package.json
*.jsonc
*.md
*.scss
*.ts
*.twig
*.yml
*.yaml
# Tout sauf le thème
.ddev
web/app/*
!web/app/themes
web/app/themes/haiku-atelier-2024/assets
web/app/languages
web/app/plugins
web/vendor
# Dépendances
composer.lock
pnpm-lock.yaml
# Jujutsu
.jj

31
.swcrc
View file

@ -1,31 +0,0 @@
{
"$schema": "https://swc.rs/schema.json",
"jsc": {
"externalHelpers": false,
"keepClassNames": false,
"loose": false,
"minify": {
"compress": true,
"mangle": true
},
"parser": {
"decorators": false,
"decoratorsBeforeExport": false,
"dynamicImport": false,
"exportDefaultFrom": false,
"exportNamespaceFrom": false,
"functionBind": false,
"importMeta": false,
"jsx": false,
"privateMethod": false,
"syntax": "typescript",
"topLevelAwait": false,
"tsx": false
},
"preserveAllComments": false,
"target": "es2020",
"transform": null
},
"minify": true,
"sourceMaps": true
}

17
.zed/haa.txt
View file

@ -1,17 +0,0 @@
// {
// "languages": {
// "PHP": {
// "format_on_save": "on",
// "formatter": {
// "external": {
// "command": "mago",
// "arguments": ["format", "--stdin-input"] // "command": "bash",
// // "arguments": [
// // "-c",
// // "cat > /tmp/zed_php_cs_fixer && ./vendor/bin/php-cs-fixer fix --using-cache=no --quiet /tmp/zed_php_cs_fixer && cat /tmp/zed_php_cs_fixer"
// // ]
// }
// }
// }
// }
// }

38
.zed/settings.json
View file

@ -1,17 +1,47 @@
{ {
"language_servers": [ "language_servers": [
"!biome", "!biome",
"!cspell",
"!deno", "!deno",
"!eslint",
"!harper-ls",
"!intelephense", "!intelephense",
"!oxc",
"!oxfmt",
"!oxlint",
"!phptools",
"!prettier", "!prettier",
"!tailwindcss-language-server", "!tailwindcss-language-server",
"!tsgo",
"!vtsls", "!vtsls",
"..." "..."
], ],
"languages": { "lsp": {
"PHP": { "css-variables": {
"format_on_save": "on", "settings": {
"formatter": { "external": { "command": "mago", "arguments": ["format", "--stdin-input"] } } "cssVariables": {
"blacklistFolders": [
"**/*.min.css",
"**/dist/**",
"**/node_modules/**"
],
"lookupFiles": [
"**/*.scss"
],
"undefinedVarFallback": "info"
}
}
},
"oxlint": {
"initialization_options": {
"settings": {
"configPath": "cfg/oxlint.config.ts",
"disableNestedConfig": false,
"fixKind": "safe_fix",
"run": "onSave",
"unusedDisableDirectives": "deny"
}
}
} }
} }
} }

17
README.md
View file

@ -2,6 +2,23 @@
## Dépendances ## Dépendances
### JavaScript et TypeScript
#### Dépendances
- Effect
- a11y-dialog
- lit-html
#### Dépendances de développement
- ESLint
- Oxlint
- Prettier
- SASS
- Stylelint
- Vite
### PHP ### PHP
#### Dépendances #### Dépendances

6454
aube-lock.yaml Normal file
View file

File diff suppressed because it is too large Load diff

6
aube-workspace.yaml Normal file
View file

@ -0,0 +1,6 @@
jailBuilds: false
nodeLinker: isolated
packageManagerStrict: true
packageManagerStrictVersion: true
trustPolicy: off
useBetaCli: true

48
biome.json
View file

@ -1,48 +0,0 @@
{
"$schema": "https://biomejs.dev/schemas/2.0.4/schema.json",
"assist": { "enabled": false },
"css": { "formatter": { "enabled": false }, "linter": { "enabled": true } },
"files": {
"experimentalScannerIgnores": [
"*.min.js",
"vendor",
"web/app/plugins",
"web/app/themes/haiku-atelier-2024/assets",
"web/wp"
],
"ignoreUnknown": true,
"maxSize": 100000000
},
"formatter": { "enabled": false },
"graphql": { "formatter": { "enabled": false }, "linter": { "enabled": true } },
"json": { "formatter": { "enabled": false }, "linter": { "enabled": true } },
"linter": {
"enabled": false,
"rules": {
"complexity": { "noForEach": "off" },
"nursery": {
"recommended": true,
"useSortedClasses": {
"fix": "unsafe",
"level": "error",
"options": { "attributes": ["class"], "functions": [""] }
}
},
"recommended": true,
"style": {
"noInferrableTypes": "error",
"noNonNullAssertion": "off",
"noParameterAssign": "error",
"noUnusedTemplateLiteral": "error",
"noUselessElse": "error",
"recommended": true,
"useAsConstAssertion": "error",
"useDefaultParameterLast": "error",
"useEnumInitializers": "error",
"useNumberNamespace": "error",
"useSelfClosingElements": "error",
"useSingleVarDeclarator": "error"
}
}
}
}

1593
bun.lock
View file

File diff suppressed because it is too large Load diff

16
cfg/eslint.config.ts Executable file
View file

@ -0,0 +1,16 @@
import type { Config } from "eslint/config";
import { configTypescriptNavigateur } from "@gcch/configuration-eslint";
import { defineConfig } from "eslint/config";
const esLintConfig: ReadonlyArray<Config> = defineConfig(
{
ignores: [".cache", "web/app/plugins", "**/*.js"],
},
[...configTypescriptNavigateur],
{
files: ["*.ts", "web/app/themes/haiku-atelier-2024/src/**/*.ts"],
},
);
export default esLintConfig;

13
cfg/oxlint.config.ts Normal file
View file

@ -0,0 +1,13 @@
import gcchConfig from "@gcch/configuration-oxlint";
import type { OxlintConfig } from "oxlint";
const config: OxlintConfig = {
...gcchConfig,
// Désactive la configuration liée à Astro.
overrides: [],
globals: {
Bun: "readonly",
},
};
export default config;

50
cfg/playwright.config.ts Normal file
View file

@ -0,0 +1,50 @@
import { defineConfig, devices, PlaywrightTestConfig } from "@playwright/test";
const playwrightConfig: PlaywrightTestConfig = defineConfig({
fullyParallel: true,
projects: [
{
name: "desktop-chromium-1920",
use: { ...devices["Desktop Chrome"], viewport: { height: 1080, width: 1920 } },
},
{
name: "desktop-firefox-1920",
use: { ...devices["Desktop Firefox"], viewport: { height: 1080, width: 1920 } },
},
// {
// name: "tablet-chromium-portrait",
// use: { ...devices["Galaxy Tab S9"] },
// },
// {
// name: "tablet-chromium-landscape",
// use: { ...devices["Galaxy Tab S9 landscape"] },
// },
// {
// name: "mobile-chromium-portrait",
// use: { ...devices["Pixel 7"] },
// },
// {
// name: "mobile-chromium-landscape",
// use: { ...devices["Pixel 7 landscape"] },
// },
],
reporter: "list",
retries: 1,
testDir: "../tests",
timeout: 10_000,
use: {
baseURL: "https://haikuatelier.gcch.local",
clientCertificates: [
{
origin: "https://haikuatelier.gcch.local",
certPath: "../containers/data/certs/_wildcard.gcch.local.pem",
keyPath: "../containers/data/certs/_wildcard.gcch.local-key.pem",
},
],
ignoreHTTPSErrors: true,
trace: "retry-with-trace",
},
workers: "50%",
});
export default playwrightConfig;

7
cfg/prettier.config.ts Executable file
View file

@ -0,0 +1,7 @@
import { configClassique } from "@gcch/configuration-prettier";
const config = {
...configClassique,
};
export default config;

39
cfg/prettierignore Executable file
View file

@ -0,0 +1,39 @@
# Tout ce qui est traité par treefmt
*.css
*.html
*.js
*.json
*.md
*.mjs
*.mts
*.php
*.scss
*.sh
*.ts
*.xml
*.yaml
*.yml
!package.json
# Cache
.cache
# Tout sauf le thème
**/vendor
**/web/app/languages
**/web/app/mu-plugins
**/web/app/plugins
**/web/app/themes/haiku-atelier-2024/assets
**/web/app/themes/twentytwentyfour
**/web/app/uploads
**/web/wp
# Dépendances
composer.lock
bun.lock
# Jujutsu
.jj/
# Zed
.zed/

63
cfg/stylelint.config.ts Executable file
View file

@ -0,0 +1,63 @@
import { Array as FxArray, pipe } from "effect";
import type stylelint from "stylelint";
import { propertyGroups } from "stylelint-config-clean-order";
/**
* Définition d'un groupe de Propriétés _CSS_ du plugin `stylelint-config-clean-order` pour _Stylelint_.
*/
type StylelintConfigCleanOrderPropertyGroup = {
emptyLineBefore: "never" | "threshold";
noEmptyLineBetween: boolean;
properties: ReadonlyArray<string> | string;
};
const ordreProprietes: ReadonlyArray<StylelintConfigCleanOrderPropertyGroup> = pipe(
Array.from(propertyGroups),
FxArray.map((properties: ReadonlyArray<string>) => ({
emptyLineBefore: "never",
noEmptyLineBetween: true,
properties,
})),
);
const stylelintConfig: stylelint.Config = {
extends: ["stylelint-config-standard-scss", "stylelint-config-sass-guidelines", "stylelint-config-clean-order"],
plugins: ["stylelint-declaration-block-no-ignored-properties"],
rules: {
"@stylistic/function-parentheses-space-inside": undefined,
"@stylistic/selector-list-comma-newline-after": undefined,
"@stylistic/string-quotes": undefined,
"alpha-value-notation": ["percentage"],
"color-function-notation": "modern",
"color-no-hex": true,
"custom-property-pattern": undefined,
"declaration-block-no-duplicate-custom-properties": true,
"declaration-block-no-duplicate-properties": true,
"declaration-block-no-redundant-longhand-properties": true,
"declaration-block-no-shorthand-property-overrides": true,
"function-disallowed-list": ["rgba", "hsla", "rgb", "hsl"],
"max-nesting-depth": undefined,
"no-descending-specificity": undefined,
"no-duplicate-selectors": [
true,
{
disallowInList: false,
},
],
"order/properties-order": [
ordreProprietes,
{
severity: "error",
unspecified: "bottomAlphabetical",
},
],
"plugin/declaration-block-no-ignored-properties": true,
"selector-class-pattern": undefined,
"selector-id-pattern": undefined,
"selector-max-compound-selectors": undefined,
"selector-max-id": undefined,
"selector-no-qualifying-type": undefined,
},
};
export default stylelintConfig;

20
vite.config.ts → cfg/vite.config.ts
View file

@ -1,8 +1,7 @@
import { fdir, PathsOutput } from "fdir"; import type { PathsOutput } from "fdir";
import { fdir } from "fdir";
import process from "node:process"; import process from "node:process";
import * as v from "valibot";
import { defineConfig, loadEnv } from "vite"; import { defineConfig, loadEnv } from "vite";
import valibot from "vite-plugin-valibot-env";
const SLUG_THEME = "haiku-atelier-2024"; const SLUG_THEME = "haiku-atelier-2024";
const SRC_TYPESCRIPT_PATHS: Promise<PathsOutput> = new fdir() const SRC_TYPESCRIPT_PATHS: Promise<PathsOutput> = new fdir()
@ -13,21 +12,8 @@ const SRC_TYPESCRIPT_PATHS: Promise<PathsOutput> = new fdir()
.withPromise(); .withPromise();
const PATHS = await SRC_TYPESCRIPT_PATHS; const PATHS = await SRC_TYPESCRIPT_PATHS;
// Voir le fichier vite.env.d.ts.
const SCHEMA_ENVIRONNEMENT = v.object({
VITE_GLITCHTIP_NSD: v.pipe(v.string(), v.url(), v.readonly()),
VITE_MODE: v.pipe(v.string(), v.readonly()),
VITE_URL: v.pipe(v.string(), v.nonEmpty(), v.url(), v.readonly()),
});
const basePlugins = [
// Permet de valider les variables d'environnements définies à partir d'un schéma Valibot
valibot(SCHEMA_ENVIRONNEMENT),
];
export default defineConfig(({ mode }) => { export default defineConfig(({ mode }) => {
const env = loadEnv(mode, process.cwd(), "VITE"); const env = loadEnv(mode, process.cwd(), "VITE");
console.debug(env);
return { return {
base: "/", base: "/",
@ -53,11 +39,11 @@ export default defineConfig(({ mode }) => {
target: "es2020", target: "es2020",
write: true, write: true,
}, },
cacheDir: ".cache/vite",
css: { css: {
devSourcemap: true, devSourcemap: true,
transformer: "lightningcss", transformer: "lightningcss",
}, },
mode: env["VITE_MODE"] ?? "production", mode: env["VITE_MODE"] ?? "production",
plugins: [...basePlugins],
}; };
}); });

48
compose.yaml
View file

@ -25,33 +25,6 @@ services:
restart: "unless-stopped" restart: "unless-stopped"
volumes: volumes:
- "db-data:/var/lib/mysql:rw" - "db-data:/var/lib/mysql:rw"
jaeger:
container_name: "haikuatelier.fr-jaeger"
environment:
- "COLLECTOR_OTLP_ENABLED=true"
healthcheck:
interval: "5s"
retries: 3
start_period: "5s"
test:
- "CMD"
- "wget"
- "--spider"
- "http://localhost:16686"
timeout: "2s"
image: "cr.jaegertracing.io/jaegertracing/jaeger:latest"
networks:
- "haiku-network"
ports:
- "6831:6831/udp"
- "6832:6832/udp"
- "5778:5778"
- "16686:16686"
- "4317:4317"
- "4318:4318"
- "14250:14250"
- "14268:14268"
- "14269:14269"
proxy: proxy:
container_name: "haikuatelier.fr-proxy" container_name: "haikuatelier.fr-proxy"
depends_on: depends_on:
@ -72,6 +45,7 @@ services:
restart: "on-failure:3" restart: "on-failure:3"
volumes: volumes:
- "./containers/conf/angie:/etc/angie:rw" - "./containers/conf/angie:/etc/angie:rw"
# - "./containers/conf/angie-2:/etc/angie:rw"
- "./containers/data/certs:/etc/angie/ssl:ro" - "./containers/data/certs:/etc/angie/ssl:ro"
- "./containers/data/angie/logs:/var/log/angie:rw" - "./containers/data/angie/logs:/var/log/angie:rw"
- "./:/var/www/wordpress:rw" - "./:/var/www/wordpress:rw"
@ -105,30 +79,10 @@ services:
- "./containers/data/certs:/etc/certs/:ro" - "./containers/data/certs:/etc/certs/:ro"
- "./containers/data/traefik/logs:/var/log/traefik:rw" - "./containers/data/traefik/logs:/var/log/traefik:rw"
- "/var/run/user/1000/podman/podman.sock:/var/run/docker.sock:ro" - "/var/run/user/1000/podman/podman.sock:/var/run/docker.sock:ro"
valkey:
command: "valkey-server /usr/local/etc/valkey/valkey.conf"
container_name: "haikuatelier.fr-valkey"
env_file:
- path: "./.env"
required: true
healthcheck:
interval: "10s"
retries: 3
test:
- "CMD-SHELL"
- "valkey-cli ping | grep PONG"
timeout: "5s"
image: "docker.io/valkey/valkey:9-alpine"
restart: "unless-stopped"
sysctls:
- "net.core.somaxconn=512"
volumes:
- "./containers/conf/valkey.conf:/usr/local/etc/valkey/valkey.conf:ro"
wordpress: wordpress:
container_name: "haikuatelier.fr-wordpress" container_name: "haikuatelier.fr-wordpress"
depends_on: depends_on:
- "db" - "db"
- "valkey"
- "traefik" - "traefik"
env_file: env_file:
- path: "./.env" - path: "./.env"

110
composer.json
View file

@ -1,9 +1,11 @@
{ {
"autoload": { "psr-4": { "HaikuAtelier\\": "web/app/themes/haiku-atelier-2024/src/inc/" } }, "$schema": "https://getcomposer.org/schema.json",
"authors": [ "authors": [],
{ "email": "scott.walkinshaw@gmail.com", "homepage": "https://github.com/swalkinshaw", "name": "Scott Walkinshaw" }, "autoload": {
{ "email": "ben@benword.com", "homepage": "https://github.com/retlehs", "name": "Ben Word" } "psr-4": {
], "HaikuAtelier\\": "web/app/themes/haiku-atelier-2024/src/inc/"
}
},
"config": { "config": {
"allow-plugins": { "allow-plugins": {
"carthage-software/mago": true, "carthage-software/mago": true,
@ -12,75 +14,83 @@
"phpstan/extension-installer": true, "phpstan/extension-installer": true,
"roots/wordpress-core-installer": true "roots/wordpress-core-installer": true
}, },
"classmap-authoritative": true,
"optimize-autoloader": true, "optimize-autoloader": true,
"preferred-install": "dist", "preferred-install": "dist",
"sort-packages": true "sort-packages": true
}, },
"description": "WordPress boilerplate with Composer, easier configuration, and an improved folder structure", "description": "",
"extra": { "extra": {
"installer-paths": { "installer-paths": {
"web/app/mu-plugins/{$name}/": ["type:wordpress-muplugin"], "web/app/mu-plugins/{$name}/": [
"web/app/plugins/{$name}/": ["type:wordpress-plugin"], "type:wordpress-muplugin"
"web/app/themes/{$name}/": ["type:wordpress-theme"], ],
"web/vendor/{$vendor}/{$name}": ["htmlburger/carbon-fields"] "web/app/plugins/{$name}/": [
"type:wordpress-plugin"
],
"web/app/themes/{$name}/": [
"type:wordpress-theme"
],
"web/vendor/{$vendor}/{$name}": [
"htmlburger/carbon-fields"
]
}, },
"wordpress-install-dir": "web/wp" "wordpress-install-dir": "web/wp"
}, },
"homepage": "https://roots.io/bedrock/", "minimum-stability": "stable",
"keywords": ["bedrock", "composer", "roots", "wordpress", "wp", "wp-config"], "name": "gcch/haiku-atelier",
"license": "MIT",
"minimum-stability": "dev",
"name": "roots/bedrock",
"prefer-stable": true, "prefer-stable": true,
"repositories": [ "repositories": [
{ "only": ["wpackagist-plugin/*", "wpackagist-theme/*"], "type": "composer", "url": "https://wpackagist.org" } {
"only": [
"wpackagist-plugin/*",
"wpackagist-theme/*"
],
"type": "composer",
"url": "https://wpackagist.org"
}
], ],
"require": { "require": {
"php": ">=8.5",
"azjezz/psl": "^4.2",
"composer/installers": "^2.3", "composer/installers": "^2.3",
"crell/fp": "^1.0", "crell/fp": "^1.0",
"htmlburger/carbon-fields": "^3.6", "htmlburger/carbon-fields": "^3.6.9",
"illuminate/support": "^12.43", "illuminate/support": "^13.4",
"laravel/helpers": "^1.7.1", "laravel/helpers": "^1.8.3",
"log1x/wp-smtp": "^1.0.2", "log1x/wp-smtp": "^1.0.2",
"lstrojny/functional-php": "^1.17", "lstrojny/functional-php": "^1.18",
"mnsami/composer-custom-directory-installer": "^2.0", "mnsami/composer-custom-directory-installer": "^2.0",
"nesbot/carbon": "^3.8.2", "nesbot/carbon": "^3.11.4",
"oscarotero/env": "^2.1.1", "oscarotero/env": "^2.1.1",
"roots/bedrock-autoloader": "^1.0.4", "php": ">=8.5",
"roots/bedrock-disallow-indexing": "^2.0", "php-standard-library/php-standard-library": "^6.1.1",
"roots/wordpress": "^6.8.1", "roots/bedrock-autoloader": "^1.1.0",
"roots/bedrock-disallow-indexing": "^2.1",
"roots/wordpress": "^6.9.4",
"roots/wp-config": "^1.0", "roots/wp-config": "^1.0",
"stripe/stripe-php": "^16.3", "stripe/stripe-php": "^19.4.1",
"symfony/uid": "^8", "symfony/uid": "^8.0.8",
"timber/timber": "^2.3", "timber/timber": "^2.3.3",
"vlucas/phpdotenv": "^5.6.1", "vlucas/phpdotenv": "^5.6.3",
"wpackagist-plugin/falcon": "^2.8.4", "wpackagist-plugin/falcon": "^2.9.3",
"wpackagist-plugin/force-regenerate-thumbnails": "^2.2.1", "wpackagist-plugin/force-regenerate-thumbnails": "^2.3.0",
"wpackagist-plugin/query-monitor": "^3.17.0", "wpackagist-plugin/query-monitor": "^4.0.5",
"wpackagist-plugin/redis-cache": "^2.5.4", "wpackagist-plugin/redis-cache": "^2.7.0",
"wpackagist-plugin/wc-multishipping": "^3.0", "wpackagist-plugin/wc-multishipping": "^3.0.2",
"wpackagist-plugin/woo-preview-emails": "^2.2.13", "wpackagist-plugin/woo-preview-emails": "^2.2.14",
"wpackagist-plugin/woocommerce": "^10", "wpackagist-plugin/woocommerce": "^10.6.2",
"wpackagist-plugin/wp-mail-logging": "^1.13.1", "wpackagist-plugin/wp-mail-logging": "^1.16.0",
"wpackagist-plugin/wp-mail-smtp": "^4.2", "wpackagist-plugin/wp-mail-smtp": "^4.7.1",
"wpackagist-plugin/wp-openapi": "^1.0.16", "wpackagist-plugin/wp-openapi": "^1.0.27",
"wpackagist-theme/twentytwentyfour": "^1.3" "wpackagist-theme/twentytwentyfour": "^1.4"
}, },
"require-dev": { "require-dev": {
"friendsofphp/php-cs-fixer": "^3.89", "friendsofphp/php-cs-fixer": "^3.94.2",
"php-standard-library/phpstan-extension": "^2.0", "php-standard-library/phpstan-extension": "^2.1",
"phpstan/extension-installer": "^1.4.3", "phpstan/extension-installer": "^1.4.3",
"phpstan/phpstan": "^2.0.3", "phpstan/phpstan": "^2.1.46",
"rector/rector": "^2.2",
"roave/security-advisories": "dev-latest", "roave/security-advisories": "dev-latest",
"szepeviktor/phpstan-wordpress": "2.x-dev", "szepeviktor/phpstan-wordpress": "2.x-dev",
"vincentlanglet/twig-cs-fixer": "^3.10" "vincentlanglet/twig-cs-fixer": "^3.14"
},
"support": {
"forum": "https://discourse.roots.io/category/bedrock",
"issues": "https://github.com/roots/bedrock/issues"
}, },
"type": "project" "type": "project"
} }

1596
composer.lock generated
View file

File diff suppressed because it is too large Load diff

25
config/application.php
View file

@ -11,10 +11,10 @@
declare(strict_types=1); declare(strict_types=1);
use function Env\env;
use Roots\WPConfig\Config; use Roots\WPConfig\Config;
use function Env\env;
// USE_ENV_ARRAY + CONVERT_* + STRIP_QUOTES // USE_ENV_ARRAY + CONVERT_* + STRIP_QUOTES
Env\Env::$options = 31; Env\Env::$options = 31;
@ -30,17 +30,14 @@ $root_dir = dirname(__DIR__);
* *
* @var string * @var string
*/ */
$webroot_dir = $root_dir.'/web'; $webroot_dir = $root_dir . '/web';
/* /*
* Use Dotenv to set required environment variables and load .env file in root * Use Dotenv to set required environment variables and load .env file in root
* .env.local will override .env if it exists * .env.local will override .env if it exists
*/ */
if (file_exists($root_dir.'/.env')) { if (file_exists($root_dir . '/.env')) {
$env_files = file_exists($root_dir.'/.env.local') ? [ $env_files = file_exists($root_dir . '/.env.local') ? ['.env', '.env.local'] : ['.env'];
'.env',
'.env.local',
] : ['.env'];
$dotenv = Dotenv\Dotenv::createImmutable($root_dir, $env_files, false); $dotenv = Dotenv\Dotenv::createImmutable($root_dir, $env_files, false);
@ -69,8 +66,8 @@ Config::define('WP_SITEURL', env('WP_SITEURL'));
// Custom Content Directory // Custom Content Directory
Config::define('CONTENT_DIR', '/app'); Config::define('CONTENT_DIR', '/app');
Config::define('WP_CONTENT_DIR', $webroot_dir.Config::get('CONTENT_DIR')); Config::define('WP_CONTENT_DIR', $webroot_dir . Config::get('CONTENT_DIR'));
Config::define('WP_CONTENT_URL', Config::get('WP_HOME').Config::get('CONTENT_DIR')); Config::define('WP_CONTENT_URL', Config::get('WP_HOME') . Config::get('CONTENT_DIR'));
// DB settings // DB settings
if (env('DB_SSL')) { if (env('DB_SSL')) {
@ -124,8 +121,8 @@ Config::define('SCRIPT_DEBUG', false);
ini_set('display_errors', '0'); ini_set('display_errors', '0');
// Plugins // Plugins
Config::define('WPMU_PLUGIN_DIR', Config::get('WP_CONTENT_DIR').'/mu-plugins'); Config::define('WPMU_PLUGIN_DIR', Config::get('WP_CONTENT_DIR') . '/mu-plugins');
Config::define('WP_PLUGIN_DIR', Config::get('WP_CONTENT_DIR').'/plugins'); Config::define('WP_PLUGIN_DIR', Config::get('WP_CONTENT_DIR') . '/plugins');
/* /*
* Allow WordPress to detect HTTPS when used behind a reverse proxy or a load balancer * Allow WordPress to detect HTTPS when used behind a reverse proxy or a load balancer
@ -135,7 +132,7 @@ if (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && 'https' === $_SERVER['HTTP_X_FO
$_SERVER['HTTPS'] = 'on'; $_SERVER['HTTPS'] = 'on';
} }
$env_config = __DIR__.'/environments/'.WP_ENV.'.php'; $env_config = __DIR__ . '/environments/' . WP_ENV . '.php';
if (file_exists($env_config)) { if (file_exists($env_config)) {
include_once $env_config; include_once $env_config;
@ -145,5 +142,5 @@ Config::apply();
// Bootstrap WordPress // Bootstrap WordPress
if (!defined('ABSPATH')) { if (!defined('ABSPATH')) {
define('ABSPATH', $webroot_dir.'/wp/'); define('ABSPATH', $webroot_dir . '/wp/');
} }

9
config/environments/development.php
View file

@ -6,10 +6,11 @@
declare(strict_types=1); declare(strict_types=1);
use function Env\env;
use Roots\WPConfig\Config; use Roots\WPConfig\Config;
use function base64_encode;
use function Env\env;
Config::define('SAVEQUERIES', true); Config::define('SAVEQUERIES', true);
Config::define('WP_DEBUG', true); Config::define('WP_DEBUG', true);
Config::define('WP_DEBUG_DISPLAY', true); Config::define('WP_DEBUG_DISPLAY', true);
@ -25,6 +26,10 @@ Config::define('DISALLOW_FILE_MODS', false);
// WooCommerce // WooCommerce
Config::define('WOOCOMMERCE_API_CONSUMER_KEY', env('WOOCOMMERCE_API_CONSUMER_KEY')); Config::define('WOOCOMMERCE_API_CONSUMER_KEY', env('WOOCOMMERCE_API_CONSUMER_KEY'));
Config::define('WOOCOMMERCE_API_CONSUMER_SECRET', env('WOOCOMMERCE_API_CONSUMER_SECRET')); Config::define('WOOCOMMERCE_API_CONSUMER_SECRET', env('WOOCOMMERCE_API_CONSUMER_SECRET'));
Config::define(
'WOOCOMMERCE_API_AUTH_STRING',
base64_encode(env('WOOCOMMERCE_API_CONSUMER_KEY') . ':' . env('WOOCOMMERCE_API_CONSUMER_SECRET')),
);
// Stripe // Stripe
Config::define('STRIPE_API_SECRET', env('STRIPE_API_SECRET')); Config::define('STRIPE_API_SECRET', env('STRIPE_API_SECRET'));

9
config/environments/production.php
View file

@ -6,10 +6,11 @@
declare(strict_types=1); declare(strict_types=1);
use function Env\env;
use Roots\WPConfig\Config; use Roots\WPConfig\Config;
use function base64_encode;
use function Env\env;
Config::define('WP_DEBUG', true); Config::define('WP_DEBUG', true);
Config::define('WP_DEBUG_DISPLAY', false); Config::define('WP_DEBUG_DISPLAY', false);
Config::define('WP_DEBUG_LOG', env('WP_DEBUG_LOG') ?? true); Config::define('WP_DEBUG_LOG', env('WP_DEBUG_LOG') ?? true);
@ -20,6 +21,10 @@ Config::define('DISALLOW_FILE_MODS', false);
Config::define('WOOCOMMERCE_API_CONSUMER_KEY', env('WOOCOMMERCE_API_CONSUMER_KEY')); Config::define('WOOCOMMERCE_API_CONSUMER_KEY', env('WOOCOMMERCE_API_CONSUMER_KEY'));
Config::define('WOOCOMMERCE_API_CONSUMER_SECRET', env('WOOCOMMERCE_API_CONSUMER_SECRET')); Config::define('WOOCOMMERCE_API_CONSUMER_SECRET', env('WOOCOMMERCE_API_CONSUMER_SECRET'));
Config::define(
'WOOCOMMERCE_API_AUTH_STRING',
base64_encode(env('WOOCOMMERCE_API_CONSUMER_KEY') . ':' . env('WOOCOMMERCE_API_CONSUMER_SECRET')),
);
// Stripe // Stripe
Config::define('STRIPE_API_SECRET', env('STRIPE_API_SECRET')); Config::define('STRIPE_API_SECRET', env('STRIPE_API_SECRET'));

9
config/environments/staging.php
View file

@ -6,10 +6,15 @@
declare(strict_types=1); declare(strict_types=1);
use function Env\env;
use Roots\WPConfig\Config; use Roots\WPConfig\Config;
use function base64_encode;
use function Env\env;
Config::define('DISALLOW_INDEXING', true); Config::define('DISALLOW_INDEXING', true);
Config::define('WOOCOMMERCE_API_CONSUMER_KEY', env('WOOCOMMERCE_API_CONSUMER_KEY')); Config::define('WOOCOMMERCE_API_CONSUMER_KEY', env('WOOCOMMERCE_API_CONSUMER_KEY'));
Config::define('WOOCOMMERCE_API_CONSUMER_SECRET', env('WOOCOMMERCE_API_CONSUMER_SECRET')); Config::define('WOOCOMMERCE_API_CONSUMER_SECRET', env('WOOCOMMERCE_API_CONSUMER_SECRET'));
Config::define(
'WOOCOMMERCE_API_AUTH_STRING',
base64_encode(env('WOOCOMMERCE_API_CONSUMER_KEY') . ':' . env('WOOCOMMERCE_API_CONSUMER_SECRET')),
);

3
containers/Dockerfile
View file

@ -36,7 +36,8 @@ VOLUME /var/www/wordpress
WORKDIR /var/www/wordpress WORKDIR /var/www/wordpress
# Récupère les fichiers du projet. # Récupère les fichiers du projet.
COPY --from=repo --chmod=777 "/tmp/repo/" . COPY --from=repo --chmod=775 "/tmp/repo/" .
RUN chown www-data: -R .
# Installe les dépendences Composer. # Installe les dépendences Composer.
RUN composer install RUN composer install

1
containers/conf/angie/angie.conf
View file

@ -7,6 +7,7 @@ include /etc/angie/modules-enabled/*.conf;
pcre_jit on; pcre_jit on;
pid /run/angie.pid; pid /run/angie.pid;
error_log /dev/stdout info; error_log /dev/stdout info;
error_log /var/log/angie/angie.log warn;
events { events {
worker_connections 2048; worker_connections 2048;

160
containers/conf/angie/angie.conf-original
View file

@ -1,117 +1,85 @@
user www-data;
#user nobody; worker_processes auto;
worker_processes 1; pid /run/angie.pid;
include /etc/angie/modules-enabled/*.conf;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/angie.pid;
events { events {
worker_connections 1024; worker_connections 768;
# multi_accept on;
} }
http { http {
include mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" ' ##
# '$status $body_bytes_sent "$http_referer" ' # Basic Settings
# '"$http_user_agent" "$http_x_forwarded_for"'; ##
#access_log logs/access.log main;
sendfile on; sendfile on;
#tcp_nopush on; tcp_nopush on;
tcp_nodelay on;
#keepalive_timeout 0;
keepalive_timeout 65; keepalive_timeout 65;
types_hash_max_size 2048;
# server_tokens off;
#gzip on; # server_names_hash_bucket_size 64;
# server_name_in_redirect off;
server { include /etc/angie/mime.types;
listen 80; default_type application/octet-stream;
server_name localhost;
#charset koi8-r; ##
# SSL Settings
##
#access_log logs/host.access.log main; ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
location / { ##
root html; # Logging Settings
index index.html index.htm; ##
}
#error_page 404 /404.html; access_log /var/log/angie/access.log;
error_log /var/log/angie/error.log;
# redirect server error pages to the static page /50x.html ##
# # Gzip Settings
error_page 500 502 503 504 /50x.html; ##
location = /50x.html {
root html;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80 gzip on;
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 # gzip_vary on;
# # gzip_proxied any;
#location ~ \.php$ { # gzip_comp_level 6;
# root html; # gzip_buffers 16 8k;
# fastcgi_pass 127.0.0.1:9000; # gzip_http_version 1.1;
# fastcgi_index index.php; # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
# include fastcgi_params;
#}
# deny access to .htaccess files, if Apache's document root ##
# concurs with Angie's one # Virtual Host Configs
# ##
#location ~ /\.ht {
# deny all;
#}
}
# another virtual host using mix of IP-, name-, and port-based configuration
#
#server {
# listen 8000;
# listen somename:8080;
# server_name somename alias another.alias;
# location / {
# root html;
# index index.html index.htm;
# }
#}
# HTTPS server
#
#server {
# listen 443 ssl;
# server_name localhost;
# ssl_certificate cert.pem;
# ssl_certificate_key cert.key;
# ssl_session_cache shared:SSL:1m;
# ssl_session_timeout 5m;
# ssl_ciphers HIGH:!aNULL:!MD5;
# ssl_prefer_server_ciphers on;
# location / {
# root html;
# index index.html index.htm;
# }
#}
include /etc/angie/conf.d/*.conf;
include /etc/angie/sites-enabled/*;
} }
#mail {
# # See sample authentication script at:
# # http://wiki.angie.org/ImapAuthenticateWithApachePhpScript
#
# # auth_http localhost/auth.php;
# # pop3_capabilities "TOP" "USER";
# # imap_capabilities "IMAP4rev1" "UIDPLUS";
#
# server {
# listen localhost:110;
# protocol pop3;
# proxy on;
# }
#
# server {
# listen localhost:143;
# protocol imap;
# proxy on;
# }
#}

91
containers/conf/angie/angie.conf-packaged
View file

@ -1,5 +1,5 @@
### ###
## This file comes with the "Angie modules" on https://deb.paranoid.nl/angie-modules ## This file comes with the "NGINX Mainline and modules" on https://deb.paranoid.nl/nginx-modules
## It contains various optimizations, examples and tweaks. ## It contains various optimizations, examples and tweaks.
#### ####
@ -11,10 +11,8 @@ worker_rlimit_nofile 10000;
pid /run/angie.pid; pid /run/angie.pid;
include /etc/angie/modules-enabled/*.conf; include /etc/angie/modules-enabled/*.conf;
pcre_jit on;
events { events {
worker_connections 8192; # this can go as high as ulimit -n worker_connections 65535;
multi_accept on; multi_accept on;
use epoll; use epoll;
} }
@ -31,23 +29,20 @@ http {
directio 256k; directio 256k;
sendfile_max_chunk 256k; sendfile_max_chunk 256k;
tcp_nopush on; tcp_nopush off;
tcp_nodelay on; tcp_nodelay on;
types_hash_max_size 2048;
server_names_hash_bucket_size 128;
variables_hash_max_size 1024;
# server_name_in_redirect off;
include /etc/angie/mime.types; include /etc/angie/mime.types;
server_name_in_redirect off; # if off, angie will use the requested Host header default_type application/octet-stream;
source_charset utf-8; # same value as "charset"
### ###
## Enable security_headers only if you installed/enabled the module ## Enable security_headers only if you installed/enabled the module
### ###
# security_headers on; # security_headers on;
###
## Enable other security headers.
###
# hide_server_tokens on; # hide_server_tokens on;
# fastcgi_hide_header X-Powered-By; # fastcgi_hide_header X-Powered-By;
# server_tokens off; # server_tokens off;
@ -55,13 +50,15 @@ http {
## ##
# Optimizing TLS over TCP to reduce latency (Cloudflare patch) # Optimizing TLS over TCP to reduce latency (Cloudflare patch)
## ##
# ssl_dyn_rec_enable on; #ssl_dyn_rec_enable on;
## ##
# Enable HTTP2 and HTTP3 # Enable HTTP2 and HTTP3
# #
http2 on; http2 on;
#http3 on; #http3 on;
#
##
## ##
# SSL Settings # SSL Settings
@ -81,11 +78,11 @@ http {
ssl_early_data on; ssl_early_data on;
ssl_session_cache shared:SSL:10m; ssl_session_cache shared:SSL:10m;
ssl_session_cache shared:le_nginx_SSL:10m; #letsencrypt only
ssl_session_timeout 1440m; ssl_session_timeout 1440m;
# OCSP Stapling # OCSP Stapling
# fetch OCSP records from URL in ssl_certificate and cache them # fetch OCSP records from URL in ssl_certificate and cache them
# Please enter your own nameservers for security
ssl_stapling on; ssl_stapling on;
ssl_stapling_verify on; ssl_stapling_verify on;
resolver 1.1.1.1 8.8.8.8 valid=300; resolver 1.1.1.1 8.8.8.8 valid=300;
@ -103,73 +100,51 @@ http {
## ##
# Gzip Settings # Gzip Settings
## ##
gzip on; gzip on;
gzip_vary on; gzip_vary on;
gzip_proxied any; gzip_proxied any;
gzip_comp_level 6; gzip_comp_level 6;
gzip_buffers 16 8k; gzip_buffers 16 8k;
gzip_http_version 1.1; gzip_http_version 1.1;
gzip_min_length 250;
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript; gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
##
# Brotli settings (Please load module first!)
##
#brotli on;
#brotli_comp_level 4;
#brotli_buffers 32 8k;
#brotli_min_length 1000;
#brotli_static on;
#brotli_types image/svg+xml text/plain text/css application/json application/javascript application/x-javascript text/xml application/xml application/xml+rss text/javascript image/x-icon;
##
# ZSTD Settings (Please load module first!)
##
#zstd on;
#zstd_min_length 256; # no less than 256 bytes
#zstd_comp_level 3; # set the level to #
#zstd_buffers 32 8k;
#zstd_types text/plain text/css application/json application/javascript application/x-javascript text/xml application/xml application/ xml+rss text/javascript image/x-icon;
### ###
## Miscellaneous ## Miscellaneous
### ###
# cache informations about FDs, frequently accessed files keepalive_disable none; # allow all browsers to use keepalive connections
# can boost performance, but you need to test those values keepalive_requests 50; # number of requests per connection, does not affect SPDY
#open_file_cache max=200000 inactive=20s; max_ranges 1; # allow a single range header for resumed downloads and to stop large range header DoS attacks
#open_file_cache_valid 30s; msie_padding off;
#open_file_cache_min_uses 2; #open_file_cache max=10000 inactive=2h;
#open_file_cache_errors on; #open_file_cache_errors on;
#open_file_cache_min_uses 1;
server_names_hash_bucket_size 256; #open_file_cache_valid 1h;
server_names_hash_max_size 2048; output_buffers 2 512k;
variables_hash_bucket_size 256;
variables_hash_max_size 2048;
map_hash_max_size 2048;
map_hash_bucket_size 256;
#postpone_output 1440; # postpone sends to match our machine's MSS #postpone_output 1440; # postpone sends to match our machine's MSS
read_ahead 512K; # kernel read head set to the output_buffers read_ahead 512K; # kernel read head set to the output_buffers
output_buffers 4 512k; server_name_in_redirect off; # if off, angie will use the requested Host header
source_charset utf-8; # same value as "charset"
# Buffer size for POST submissions # Buffer size for POST submissions
client_body_buffer_size 80K; client_body_buffer_size 10K;
client_max_body_size 16m; client_max_body_size 16m;
# Buffer size for Headers # Buffer size for Headers
client_header_buffer_size 1k; client_header_buffer_size 1k;
# Allow the server to close the connection after a client stops
# responding.
# Frees up socket-associated memory.
#
reset_timedout_connection on;
# Timeouts, do not keep connections open longer then necessary to reduce # Timeouts, do not keep connections open longer then necessary to reduce
# resource usage and deny Slowloris type attacks. # resource usage and deny Slowloris type attacks.
client_body_timeout 12; # maximum time between packets the client can pause when sending angie any data client_body_timeout 10s; # maximum time between packets the client can pause when sending angie any data
client_header_timeout 12;# maximum time the client has to send the entire header to ngin client_header_timeout 10s; # maximum time the client has to send the entire header to angie
keepalive_timeout 15; # timeout which a single keep-alive client connection will stay open keepalive_timeout 120s; # timeout which a single keep-alive client connection will stay open
keepalive_disable none; # allow all browsers to use keepalive connections
keepalive_requests 5000; # number of requests per connection, does not affect SPDY
reset_timedout_connection on; # Allow the server to close the connection after a client stops responding.
send_timeout 12;
## ##
# Virtual Host Configs # Virtual Host Configs

78
containers/conf/angie/compression.conf
View file

@ -7,44 +7,7 @@ gzip_proxied any;
gzip_vary on; gzip_vary on;
gzip_disable "msie6"; gzip_disable "msie6";
gzip_static on; gzip_static on;
gzip_types gzip_types application/atom+xml application/geo+json application/javascript application/json application/ld+json application/manifest+json application/rdf+xml application/rss+xml application/vnd.api+json application/vnd.geo+json application/vnd.ms-fontobject application/x-font-opentype application/x-font-truetype application/x-font-ttf application/x-javascript application/x-web-app-manifest+json application/xhtml+xml application/xml font/eot font/opentype font/otf font/ttf image/bmpg image/svg+xml image/vnd.microsoft.icon image/x-icon text/cache-manifest text/css text/html text/javascript text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy text/xml;
application/atom+xml
application/geo+json
application/javascript
application/json
application/ld+json
application/manifest+json
application/rdf+xml
application/rss+xml
application/vnd.api+json
application/vnd.geo+json
application/vnd.ms-fontobject
application/x-font-opentype
application/x-font-truetype
application/x-font-ttf
application/x-javascript
application/x-web-app-manifest+json
application/xhtml+xml
application/xml
font/eot
font/opentype
font/otf
font/ttf
image/bmpg
image/svg+xml
image/vnd.microsoft.icon
image/x-icon
text/cache-manifest
text/css
text/html
text/javascript
text/plain
text/vcard
text/vnd.rim.location.xloc
text/vtt
text/x-component
text/x-cross-domain-policy
text/xml;
brotli on; brotli on;
brotli_buffers 32 4K; brotli_buffers 32 4K;
@ -62,41 +25,4 @@ zstd_buffers 32 4K;
zstd_comp_level 3; zstd_comp_level 3;
zstd_min_length 1000; zstd_min_length 1000;
zstd_static on; zstd_static on;
zstd_types zstd_types application/atom+xml application/geo+json application/javascript application/json application/ld+json application/manifest+json application/rdf+xml application/rss+xml application/vnd.api+json application/vnd.geo+json application/vnd.ms-fontobject application/x-font-opentype application/x-font-truetype application/x-font-ttf application/x-javascript application/x-web-app-manifest+json application/xhtml+xml application/xml font/eot font/opentype font/otf font/ttf image/bmpg image/svg+xml image/vnd.microsoft.icon image/x-icon text/cache-manifest text/css text/html text/javascript text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy text/xml;
application/atom+xml
application/geo+json
application/javascript
application/json
application/ld+json
application/manifest+json
application/rdf+xml
application/rss+xml
application/vnd.api+json
application/vnd.geo+json
application/vnd.ms-fontobject
application/x-font-opentype
application/x-font-truetype
application/x-font-ttf
application/x-javascript
application/x-web-app-manifest+json
application/xhtml+xml
application/xml
font/eot
font/opentype
font/otf
font/ttf
image/bmpg
image/svg+xml
image/vnd.microsoft.icon
image/x-icon
text/cache-manifest
text/css
text/html
text/javascript
text/plain
text/vcard
text/vnd.rim.location.xloc
text/vtt
text/x-component
text/x-cross-domain-policy
text/xml;

13
containers/conf/angie/dhparam.pem Normal file
View file

@ -0,0 +1,13 @@
-----BEGIN DH PARAMETERS-----
MIICCAKCAgEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz
+8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a
87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7
YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi
7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD
ssbzSibBsu/6iGtCOGEfz9zeNVs7ZRkDW7w09N75nAI4YbRvydbmyQd62R0mkff3
7lmMsPrBhtkcrv4TCYUTknC0EwyTvEN5RPT9RFLi103TZPLiHnH1S/9croKrnJ32
nuhtK8UiNjoNq8Uhl5sN6todv5pC1cRITgq80Gv6U93vPBsg7j/VnXwl5B0rZp4e
8W5vUsMWTfT7eTDp5OWIV7asfV9C1p9tGHdjzx1VA0AEh/VbpX4xzHpxNciG77Qx
iu1qHgEtnmgyqQdgCpGBMMRtx3j5ca0AOAkpmaMzy4t6Gh25PXFAADwqTs6p+Y0K
zAqCkc3OyX3Pjsm1Wn+IpGtNtahR9EGC4caKAH5eZV9q//////////8CAQI=
-----END DH PARAMETERS-----

1
containers/conf/angie/fastcgi.conf
View file

@ -17,4 +17,5 @@ fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_PROTOCOL $server_protocol; fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
fastcgi_hide_header X-Powered-By;
fastcgi_index index.php; fastcgi_index index.php;

29
containers/conf/angie/haikuatelier.conf
View file

@ -2,15 +2,12 @@ server {
listen 80; listen 80;
server_name _; server_name _;
root /var/www/wordpress/web; root /var/www/wordpress/web/;
index index.html index.php; index index.html index.php;
access_log /var/log/angie/haikuatelier-access.log; access_log /var/log/angie/haikuatelier-access.log;
error_log /var/log/angie/haikuatelier-error.log; error_log /var/log/angie/haikuatelier-error.log;
# Remove X-Powered-By, which is an information leak
fastcgi_hide_header X-Powered-By;
# Pour éviter des erreurs liés à des requêtes trop lourdes. # Pour éviter des erreurs liés à des requêtes trop lourdes.
fastcgi_buffers 16 32k; fastcgi_buffers 16 32k;
fastcgi_buffer_size 64k; fastcgi_buffer_size 64k;
@ -33,21 +30,23 @@ server {
access_log off; access_log off;
} }
location ~ \.php$ {
fastcgi_pass wordpress:9000;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
include /etc/angie/fastcgi.conf;
try_files $uri =404;
}
location ~* .(jpg|jpeg|png|gif|ico|css|js)$ {
expires 365d;
}
location / { location / {
try_files $uri $uri/ /index.php?$args; try_files $uri $uri/ /index.php?$args;
} }
location ~ \.php$ {
include /etc/angie/fastcgi.conf;
fastcgi_pass wordpress:9000;
fastcgi_intercept_errors on;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
}
location ~* \.(?:ico|svg|css|js|gif|jpe?g|png|avif|jxl|webp|avif|woff2?)$ {
access_log off;
expires max;
add_header "Cache-Control" "public, immutable";
}
location * { location * {
add_header "Access-Control-Allow-Methods" "GET, POST, OPTIONS"; add_header "Access-Control-Allow-Methods" "GET, POST, OPTIONS";
add_header "Access-Control-Allow-Origin" "*"; add_header "Access-Control-Allow-Origin" "*";

96
containers/conf/angie/naxsi_rules/blocking/10000000_scanner.rules Normal file
View file

@ -0,0 +1,96 @@
#######################################
## Scanners ids: 10000000 ##
#######################################
# http://pastebin.com/NP64hTQr
# http://blog.initiative-s.de/2013/09/kompromitierte-wordpress-blogs-werden-fuer-ddos-attacken-genutzt/
# If using wp then turn off this rule
MainRule id:10000000 "s:$UWA:8" "str:wordpress/" "mz:$HEADERS_VAR:User-Agent" "msg:Wordpress in user-agent";
# https://github.com/robertdavidgraham/masscan
MainRule id:10000001 "s:$UWA:8" "str:masscan" "mz:$HEADERS_VAR:User-Agent" "msg:masscan in user-agent";
# block acunetix scan
MainRule id:10000002 "s:$UWA:8" "str:99999999999999999999999" "mz:$HEADERS_VAR:Content-length" "msg:acunetix scan nginx buffer size";
MainRule id:10000003 "s:$UWA:8" "str:acunetix" "mz:URL|BODY|$HEADERS_VAR:Accept|$HEADERS_VAR:User-Agent" "msg:acunetix scan website";
MainRule id:10000004 "s:$UWA:8" "str:acunetix/wvs" "mz:$HEADERS_VAR:Accept" "msg:acunetix scan website";
MainRule id:10000005 "s:$UWA:8" "str:havij" "mz:$HEADERS_VAR:User-Agent" "msg:Havij in user-agent";
MainRule id:10000006 "s:$UWA:8" "str:webmole" "mz:$HEADERS_VAR:User-Agent" "msg:webmole in user-agent";
MainRule id:10000007 "s:$UWA:8" "str:nlpproject.info" "mz:$HEADERS_VAR:User-Agent" "msg:nlpproject.info in user-agent";
MainRule id:10000008 "s:$UWA:8" "str:cloudmapping" "mz:$HEADERS_VAR:User-Agent" "msg:cloudmapping in user-agent";
MainRule id:10000009 "s:$UWA:8" "str:sucuri" "mz:$HEADERS_VAR:User-Agent" "msg:Sucuri in user-agent";
MainRule id:10000010 "s:$UWA:8" "str:brutus/" "mz:$HEADERS_VAR:User-Agent" "msg:Brutus in user-agent";
MainRule id:10000011 "s:$UWA:4" "str:apachebench" "mz:$HEADERS_VAR:User-Agent" "msg:apachebench in user-agent";
MainRule id:10000012 "s:$UWA:8" "str:/netsparker" "mz:URL" "msg:netsparker in user-agent";
MainRule id:10000013 "s:$UWA:8" "str:mysqloit" "mz:$HEADERS_VAR:User-Agent" "msg:Mysqloit in user-agent";
MainRule id:10000014 "s:$UWA:8" "str:network-services-auditor" "mz:$HEADERS_VAR:User-Agent" "msg:network-services-auditor in user-agent";
MainRule id:10000015 "s:$UWA:8" "str:dav.pm" "mz:$HEADERS_VAR:User-Agent" "msg:dav.pm in user-agent";
MainRule id:10000016 "s:$UWA:8" "str:w3af" "mz:$HEADERS_VAR:User-Agent" "msg:w3af in user-agent";
MainRule id:10000017 "s:$UWA:8" "str:http_get_vars" "mz:$HEADERS_VAR:User-Agent" "msg:PHP-Injetion on UA";
MainRule id:10000018 "s:$UWA:8" "str:whisker" "mz:$HEADERS_VAR:User-Agent" "msg:whisker in user-agent";
MainRule id:10000019 "s:$UWA:8" "str:whatweb" "mz:$HEADERS_VAR:User-Agent" "msg:whatweb in user-agent";
MainRule id:10000020 "s:$UWA:8" "str:dirbuster" "mz:$HEADERS_VAR:User-Agent" "msg:DirBuster in user-agent";
# https://www.bleepingcomputer.com/news/security/phps-git-server-hacked-to-add-backdoors-to-php-source-code/
# https://github.com/php/php-src/commit/c730aa26bd52829a49f2ad284b181b7e82a68d7d#diff-a35f2ee9e1d2d3983a3270ee10ec70bf86349c53febdeabdf104f88cb2167961R370
# prevent php supply chain attack
MainRule id:10000021 "s:$UWA:8" "str:zerodium" "mz:$HEADERS_VAR:User-Agent" "msg:zerodium in user-agent";
# prevent log4j attack
# info https://www.govcert.ch/blog/zero-day-exploit-targeting-popular-java-library-log4j/
# payload check https://github.com/johto89/Some-collections-for-Security-Researcher/blob/master/log4j-all-in-one.md
MainRule id:10000022 "s:$UWA:8" "str:${" "mz:$HEADERS_VAR:User-Agent" "msg:log4j attack detection";
# Python libraries like python-requests, python-urllib, etc..
MainRule id:10000023 "s:$UWA:8" "str:python" "mz:$HEADERS_VAR:User-Agent" "msg:python in user-agent";
# Meterpreter
MainRule id:10000024 "s:$UWA:8" "str:meterpreter" "mz:$HEADERS_VAR:User-Agent" "msg:meterpreter in user-agent";
# https://github.com/zmap/zgrab2
MainRule id:10000025 "s:$UWA:8" "str:zgrab" "mz:$HEADERS_VAR:User-Agent" "msg:zgrab in user-agent";
# Known tools like nmap,curl,wget
MainRule id:10000026 "s:$UWA:8" "str:nmap" "mz:$HEADERS_VAR:User-Agent" "msg:nmap in user-agent";
MainRule id:10000027 "s:$UWA:8" "str:curl" "mz:$HEADERS_VAR:User-Agent" "msg:curl in user-agent";
MainRule id:10000028 "s:$UWA:8" "str:wget" "mz:$HEADERS_VAR:User-Agent" "msg:wget in user-agent";
MainRule id:10000029 "s:$UWA:8" "str:sqlmap" "mz:$HEADERS_VAR:User-Agent" "msg:slqmap in user-agent";
# Scan from Expense with this User-Agent:
# Expanse, a Palo Alto Networks company, searches across the global IPv4 space multiple times per day to identify customers presences on the Internet.
# If you would like to be excluded from our scans, please send IP addresses/domains to: scaninfo@paloaltonetworks.com
MainRule id:10000030 "s:$UWA:8" "str:paloaltonetworks.com" "mz:$HEADERS_VAR:User-Agent" "msg:paloaltonetworks in user-agent";
MainRule id:10000031 "s:$UWA:8" "str:palo alto network" "mz:$HEADERS_VAR:User-Agent" "msg:palo alto network in user-agent";
MainRule id:10000032 "s:$UWA:8" "str:Expense" "mz:$HEADERS_VAR:User-Agent" "msg:Expense in user-agent";
# Scan from NetSystemsResearch with this User-Agent:
# NetSystemsResearch studies the availability of various services across the internet. Our website is netsystemsresearch.com
MainRule id:10000033 "s:$UWA:8" "str:NetSystemsResearch" "mz:$HEADERS_VAR:User-Agent" "msg:NetSystemsResearch in user-agent";
# Golang default User-Agent
MainRule id:10000034 "s:$UWA:8" "str:Go-http" "mz:$HEADERS_VAR:User-Agent" "msg:Golang in user-agent";
# Perl default User-Agent
MainRule id:10000035 "s:$UWA:8" "str:libwww-perl" "mz:$HEADERS_VAR:User-Agent" "msg:libwww-perl in user-agent";
# l9tcpid in User-Agent
MainRule id:10000036 "s:$UWA:8" "str:l9tcpid" "mz:$HEADERS_VAR:User-Agent" "msg:l9tcpid in user-agent";
# l9explore in User-Agent
MainRule id:10000037 "s:$UWA:8" "str:l9explore" "mz:$HEADERS_VAR:User-Agent" "msg:l9explore in user-agent";
# WPScan in User-Agent
MainRule id:10000038 "s:$UWA:8" "str:wpscan" "mz:$HEADERS_VAR:User-Agent" "msg:WPScan in user-agent";
# WinHttpReq in User-Agent
MainRule id:10000039 "s:$UWA:8" "str:WinHttpReq" "mz:$HEADERS_VAR:User-Agent" "msg:WinHttpReq in user-agent";
# EgyScan security scanner uses AliElTop in some of the attacks
MainRule id:10000040 "s:$UWA:8" "str:AliElTop" "mz:ANY" "msg:EgyScan security scanner";
# Guzzle PHP HTTP client
MainRule id:10000041 "s:$UWA:8" "str:GuzzleHttp" "mz:$HEADERS_VAR:User-Agent" "msg:GuzzleHttp in user-agent";
# Java client
MainRule id:10000042 "s:$UWA:8" "str:AsyncHttpClient" "mz:$HEADERS_VAR:User-Agent" "msg:AsyncHttpClient in user-agent";

172
containers/conf/angie/naxsi_rules/blocking/20000000_web_security.rules Normal file
View file

@ -0,0 +1,172 @@
#######################################
## Webserver Security ids: 20000000 ##
#######################################
# webserver critical files
MainRule id:20000000 "s:$UWA:8" "str:.conf" "mz:URL" "msg:file access to .conf";
MainRule id:20000001 "s:$UWA:8" "str:.ini" "mz:URL" "msg:file access to .ini";
MainRule id:20000002 "s:$UWA:8" "str:.sql" "mz:URL" "msg:file access to .sql";
MainRule id:20000003 "s:$UWA:8" "rx:\.txt$" "mz:URL" "msg:file access to .txt";
MainRule id:20000004 "s:$UWA:8" "str:/sftp-config.json" "mz:URL|BODY" "msg:file access to sftp-config.json";
MainRule id:20000005 "s:$UWA:8" "str:/.bzr" "mz:URL" "msg:bazaar version control folder access";
MainRule id:20000006 "s:$UWA:8" "str:/.git" "mz:URL" "msg:git version control folder access";
MainRule id:20000007 "s:$UWA:8" "str:/.hg" "mz:URL" "msg:mercurial version control folder access";
MainRule id:20000008 "s:$UWA:8" "str:/.svn" "mz:URL" "msg:svn version control folder access";
MainRule id:20000009 "s:$UWA:8" "str:/bzr/" "mz:URL" "msg:bazaar version control folder access";
MainRule id:20000010 "s:$UWA:8" "str:/git/" "mz:URL" "msg:git version control folder access";
MainRule id:20000011 "s:$UWA:8" "str:/hg/" "mz:URL" "msg:mercurial version control folder access";
MainRule id:20000012 "s:$UWA:8" "str:/svn/" "mz:URL" "msg:svn version control folder access";
MainRule id:20000013 "s:$UWA:8" "str:.htpasswd" "mz:ARGS|BODY|URL|FILE_EXT" "msg:file access to .htpasswd";
MainRule id:20000014 "s:$UWA:8" "str:.htaccess" "mz:ARGS|BODY|URL|FILE_EXT" "msg:file access to .htaccess";
MainRule id:20000015 "s:$UWA:8" "str:.ds_store" "mz:URL" "msg:file access to .ds_store";
MainRule id:20000016 "s:$UWA:8" "str:changelog" "mz:URL" "msg:file access to changelog";
MainRule id:20000017 "s:$UWA:8" "rx:^/core.\d+$" "mz:URL" "msg:file access to core dumps";
MainRule id:20000018 "s:$UWA:8" "rx:\.module$" "mz:URL" "msg:file access to .module (drupal)";
MainRule id:20000019 "s:$UWA:8" "str:web.config" "mz:URL" "msg:file access to web.config (drupal)";
MainRule id:20000020 "s:$UWA:8" "rx:release[-_]notes\." "mz:URL" "msg:file access to release notes";
MainRule id:20000021 "s:$UWA:8" "rx:~$" "mz:URL" "msg:file access to cache files";
MainRule id:20000022 "s:$UWA:8" "str:web-inf" "mz:URL|BODY|ARGS" "msg:folder access to WEB-INF";
# Exposed Services
MainRule id:20000023 "s:$UWA:8" "str:/cgi-bin/luci" "mz:URL" "msg:Exposed OpenWRT";
MainRule id:20000024 "s:$UWA:8" "rx:^/cgi-bin/.+\.cgi$" "mz:URL" "msg:Exposed cgi-bin";
MainRule id:20000025 "s:$UWA:8" "str:/jenkins" "mz:URL" "msg:Exposed Jenkins";
MainRule id:20000026 "s:$UWA:8" "str:/console/login/LoginForm.jsp" "mz:URL" "msg:Exposed Oracle WebLogic Server Administration Console";
MainRule id:20000027 "s:$UWA:8" "str:/nuxeo/login.jsp" "mz:URL" "msg:Exposed Nuxeo Enterprise Platform";
MainRule id:20000028 "s:$UWA:8" "str:/zabbix/index.php" "mz:URL" "msg:Exposed Zabbix";
# Known hacking tools like burp suite, etc..
MainRule id:20000029 "s:$UWA:8" "str:burpcollaborator.net" "mz:ARGS|BODY|HEADERS" "msg:burp collaborator";
MainRule id:20000030 "s:$UWA:8" "str:/netsparker" "mz:URL" "msg:Netsparker";
# Malicious strings in request
MainRule id:20000031 "s:$UWA:8" "str:\n\r" "mz:URL" "msg:HTTP - Smuggling-Attempt (NewLine in URI)";
MainRule id:20000032 "s:$UWA:6" "rx:^[a-zA-Z\d-]+\.[a-zA-Z]+$" "mz:$HEADERS_VAR:Host" "msg:HOST-Header Injection";
MainRule id:20000033 "s:$UWA:8" "str:/bin/sh" "mz:URL|BODY|ARGS|$HEADERS_VAR:User-Agent|$HEADERS_VAR:Cookie" "msg:/bin/sh in URI";
MainRule id:20000034 "s:$UWA:8" "str:/etc/passwd" "mz:URL|BODY|ARGS|$HEADERS_VAR:User-Agent|$HEADERS_VAR:Cookie" "msg:/etc/passwd in URI";
MainRule id:20000035 "s:$UWA:8" "str:/etc/shadow" "mz:URL|BODY|ARGS|$HEADERS_VAR:User-Agent|$HEADERS_VAR:Cookie" "msg:/etc/shadow in URI";
MainRule id:20000036 "s:$UWA:8" "str:/etc/hosts" "mz:URL|BODY|ARGS|$HEADERS_VAR:User-Agent|$HEADERS_VAR:Cookie" "msg:/etc/hosts in URI";
MainRule id:20000037 "s:$UWA:8" "str:/Windows/system.ini" "mz:URL|BODY|ARGS|$HEADERS_VAR:User-Agent|$HEADERS_VAR:Cookie" "msg:/Windows/system.ini in URI";
MainRule id:20000038 "s:$UWA:8" "rx:<!DOCTYPE(\s+)(%*\s*)([{}:.a-zA-Z0-9_-]*)(\s+)SYSTEM" "mz:BODY" "msg: possible XML/XXE-Exploitation atempt (Doctype)";
MainRule id:20000039 "s:$UWA:8" "str:http://http://" "mz:HEADERS" "msg:Abnormal double http:// in HTTP header";
MainRule id:20000040 "s:$UWA:8" "str:https://http://" "mz:HEADERS" "msg:Abnormal double http:// in HTTP header";
MainRule id:20000041 "s:$UWA:8" "str:http://https://" "mz:HEADERS" "msg:Abnormal double http:// in HTTP header";
MainRule id:20000042 "s:$UWA:8" "str:https://https://" "mz:HEADERS" "msg:Abnormal double http:// in HTTP header";
# ThinkPHP Remote Code Execution CVE-2018-20062
MainRule id:20000043 "s:$UWA:8" "str:index/\think\app/invokefunction" "mz:URL" "msg:CVE-2018-20062";
# AWS related files
MainRule id:20000044 "s:$UWA:8" "str:/.aws/" "mz:URL" "msg:AWS Credential Stealer";
# dot folders and files
MainRule id:20000045 "s:$UWA:8" "rx:/\.[^.]" "mz:URL" "msg:Access to dot folder or file";
# Exposed Microsoft Exchange
MainRule id:20000046 "s:$UWA:8" "str:autodiscover/autodiscover.json" "mz:URL" "msg:Exposed Microsoft Exchange";
MainRule id:20000047 "s:$UWA:8" "str:autodiscover/autodiscover.xml" "mz:URL" "msg:Exposed Microsoft Exchange";
MainRule id:20000048 "s:$UWA:8" "str:/auth.owa" "mz:URL" "msg:Exposed Microsoft Exchange";
# Ignition 2.5.1 Remote Code Execution CVE-2021-3129
MainRule id:20000049 "s:$UWA:8" "str:/_ignition/execute-solution" "mz:URL" "msg:CVE-2021-3129";
# CVE-2018-13379 path traversal vulnerability in Fortinet's FortiGate SSL VPN
# https://x.x.x.x/remote/fgt_lang?lang=/../../../..//////////dev/cmdb/sslvpn_websession
MainRule id:20000050 "s:$UWA:8" "str:/sslvpn_websession" "mz:ARGS|BODY|HEADERS" "msg:CVE-2018-13379";
# Exposed Apache Tomcat Administration Panel
MainRule id:20000051 "s:$UWA:8" "str:/manager/html" "mz:URL" "msg:Exposed Apache Tomcat Administration Panel";
# Block NMAP enumeration
MainRule id:20000052 "s:$UWA:8" "str:/HNAP1" "mz:URL" "msg:NMAP enumeration attempt";
MainRule id:20000053 "s:$UWA:8" "rx:/default\.(asp|aspx|cfm|cgi|jsa|jsp|php|pl)$" "mz:URL" "msg:NMAP enumeration attempt";
MainRule id:20000054 "s:$UWA:8" "rx:/start\.(asp|aspx|cfm|cgi|jsa|jsp|php|pl)$" "mz:URL" "msg:NMAP enumeration attempt";
MainRule id:20000055 "s:$UWA:8" "rx:/localstart\.(asp|aspx|cfm|cgi|jsa|jsp|php|pl)$" "mz:URL" "msg:NMAP enumeration attempt";
MainRule id:20000056 "s:$UWA:8" "rx:/admin\.(asp|aspx|cfm|cgi|jsa|jsp|php|pl)$" "mz:URL" "msg:NMAP enumeration attempt";
MainRule id:20000057 "s:$UWA:8" "str:/nmaplowercheck" "mz:URL" "msg:NMAP enumeration attempt";
# Siemens PLC scan
MainRule id:20000058 "s:$UWA:8" "str:/__Additional" "mz:URL" "msg:Siemens PLC scan";
MainRule id:20000059 "s:$UWA:8" "str:/docs/cplugError.html/" "mz:URL" "msg:Siemens PLC scan";
MainRule id:20000060 "s:$UWA:8" "str:/Portal/Portal.mwsl" "mz:URL" "msg:Siemens PLC scan";
# Block Citrix XenApp
MainRule id:20000061 "s:$UWA:8" "str:/scripts/wpnbr.dll" "mz:URL" "msg:Citrix XenApp";
# Block jenkins authentication bypass CVE-2018-1000861
MainRule id:20000062 "s:$UWA:8" "str:/securityRealm/user/admin/search/index" "mz:URL" "msg:CVE-2018-1000861";
# Block jenkins RCE CVE-2019-1003029, CVE-2019-1003030
MainRule id:20000063 "s:$UWA:8" "str:/descriptorByName/org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.SecureGroovyScript/checkScript/" "mz:URL" "msg:CVE-2019-1003029, CVE-2019-1003030";
# Log4J bypass
MainRule id:20000064 "s:$UWA:8" "str:${env:NaN:-" "mz:URL|ARGS|BODY|HEADERS" "msg:Attempted Log4J Bypass";
# Windows system paths
MainRule id:20000065 "s:$UWA:8" "str:\Windows\system.ini" "mz:URL|BODY|ARGS|$HEADERS_VAR:User-Agent|$HEADERS_VAR:Cookie" "msg:\Windows\system.ini in URI";
MainRule id:20000066 "s:$UWA:8" "str:/Windows/win.ini" "mz:URL|BODY|ARGS|$HEADERS_VAR:User-Agent|$HEADERS_VAR:Cookie" "msg:/Windows/win.ini in URI";
MainRule id:20000067 "s:$UWA:8" "str:\Windows\win.ini" "mz:URL|BODY|ARGS|$HEADERS_VAR:User-Agent|$HEADERS_VAR:Cookie" "msg:\Windows\win.ini in URI";
# Exposed Apache Host Manager App
MainRule id:20000068 "s:$UWA:8" "str:/manager/text/list" "mz:URL" "msg:Exposed Apache Host Manager App";
# Spring Cloud Gateway Code Injection Vulnerability
MainRule id:20000069 "s:$UWA:8" "str:/actuator/gateway/routes" "mz:URL" "msg:CVE-2022-22947";
# Block Spring4Shell
MainRule id:20000070 "s:$UWA:8" "str:class.module.classLoader.resources." "mz:RAW_BODY" "msg:CVE-2022-22965";
MainRule id:20000071 "s:$UWA:8" "rx:<%|%>" "mz:HEADERS" "msg:CVE-2022-22965";
# Block Microsoft Exchange Server Remote Code Execution
MainRule id:20000072 "s:$UWA:8" "str:/ecp/Current/exporttool/microsoft.exchange.ediscovery.exporttool.application" "mz:URL" "msg:CVE-2021-28481";
# Prevents IndoXploit/IDX Shell dump access
# A website that has been infected will have a world-browsable folder called `idx_config`
# which contains text versions of the configuration file of every CMS installation the shell
# is able to find (impacts WordPress, Joomla and Magento).
MainRule id:20000073 "s:$UWA:8" "str:/idx_config" "mz:URL" "msg:Prevent IndoXploit/IDX Shell dump access";
# Prevents old grafana to return all folders
# https://github.com/grafana/grafana/pull/44175
MainRule id:20000074 "s:$UWA:8" "rx:^0$" "mz:$URL:/api/search|$ARGS_VAR:folderIds" "msg:Access all grafana folders";
# Block access to yaml files
MainRule id:20000075 "s:$UWA:8" "str:.yml" "mz:URL" "msg:file access to .yml";
MainRule id:20000076 "s:$UWA:8" "str:.yaml" "mz:URL" "msg:file access to .yaml";
# Block access to HashiCorp Consul/Vault template files
MainRule id:20000077 "s:$UWA:8" "rx:\.ctmpl$" "mz:URL" "msg:file access to .ctmpl";
MainRule id:20000078 "s:$UWA:8" "rx:\.hcl$" "mz:URL" "msg:file access to .hcl";
# Block access to known files used for fingerprinting
MainRule id:20000079 "s:$UWA:8" "rx:\.md$" "mz:URL" "msg:file access to .md";
MainRule id:20000080 "s:$UWA:8" "rx:read[-_]?me" "mz:URL" "msg:file access to readme";
MainRule id:20000081 "s:$UWA:8" "rx:\.toml$" "mz:URL" "msg:file access to .toml";
# AWS related files
MainRule id:20000082 "s:$UWA:8" "str:dockerrun.aws.json" "mz:URL" "msg:Exposed AWS Elastic Beanstalk configuration";
# Block access to temporary backup files like .bak,.bak.php, etc...
MainRule id:20000083 "s:$UWA:8" "str:.bak" "mz:URL" "msg:file access to temporary backup files";
# Path traversal in nuxt/framework when in dev mode
# https://huntr.dev/bounties/4849af83-450c-435e-bc0b-71705f5be440/
MainRule id:20000084 "s:$UWA:8" "str:_nuxt/@" "mz:URL" "msg:path traversal in nuxt framework";
# AWS NodeJS related files
MainRule id:20000085 "s:$UWA:8" "str:awsconfig" "mz:URL" "msg:Exposed AWS config files";
MainRule id:20000086 "s:$UWA:8" "str:aws-config" "mz:URL" "msg:Exposed AWS config files";
MainRule id:20000087 "s:$UWA:8" "str:awscred" "mz:URL" "msg:Exposed AWS config files";
MainRule id:20000088 "s:$UWA:8" "str:aws-cred" "mz:URL" "msg:Exposed AWS config files";
# Text editors temp and config files
MainRule id:20000089 "s:$UWA:8" "str:.old" "mz:URL" "msg:Exposed temp copy";
MainRule id:20000090 "s:$UWA:8" "str:.save" "mz:URL" "msg:Exposed temp copy";
MainRule id:20000091 "s:$UWA:8" "str:.DS_Store" "mz:URL" "msg:Exposed temp copy";
MainRule id:20000092 "s:$UWA:8" "str:vscode" "mz:URL" "msg:Exposed vscode directory";
# Exposed .env
MainRule id:20000093 "s:$UWA:8" "str:/.env" "mz:URL" "msg:access to .env file or dir";
# androxgh0st exploit
MainRule id:20000094 "s:$UWA:8" "str:androxgh0st" "mz:ANY" "msg:androxgh0st exploit";

16
containers/conf/angie/naxsi_rules/blocking/30000000_wordpress.rules Normal file
View file

@ -0,0 +1,16 @@
#######################################
## Wordpress ids: 30000000 ##
#######################################
MainRule id:30000000 "s:$UWA:8" "str:system.multicall" "mz:$URL:/xmlrpc.php|BODY" "msg:Wordpress XMLRPC possible Password Brute Force";
MainRule id:30000001 "s:$UWA:8" "str:system.listmethods" "mz:$URL:/xmlrpc.php|BODY" "msg:WordPress XMLRPC Enumeration system.listMethods";
MainRule id:30000002 "s:$UWA:8" "str:system.getcapabilities" "mz:$URL:/xmlrpc.php|BODY" "msg:WordPress XMLRPC Enumeration system.getCapabilities";
MainRule id:30000003 "s:$UWA:8" "str:/w3tc/dbcache" "mz:URL" "msg:WordPress TotalCache-DBCache-Access";
MainRule id:30000004 "s:$UWA:8" "str:/uploadify/uploadify.php" "mz:URL" "msg:WordPress Uploadify-Access";
MainRule id:30000005 "s:$UWA:8" "str:/wp-content/plugins/mm-forms-community/upload/temp/" "mz:URL" "msg:Access To mm-forms-community upload dir";
MainRule id:30000006 "s:$UWA:8" "str:wp-config.php" "mz:BODY|ARGS|URL" "msg:WordPress access to wp-config.php";
# block malicious access ALFA_DATA|alfacgiapi|cgialfa path
MainRule id:30000007 "s:$UWA:8" "str:ALFA_DATA" "mz:URL" "msg:WordPress malicious access to ALFA_DATA path";
MainRule id:30000008 "s:$UWA:8" "str:alfacgiapi" "mz:URL" "msg:WordPress malicious access to alfacgiapi path";
MainRule id:30000009 "s:$UWA:8" "str:cgialfa" "mz:URL" "msg:WordPress malicious access to cgialfa path";

66
containers/conf/angie/naxsi_rules/blocking/40000000_php_security.rules Normal file
View file

@ -0,0 +1,66 @@
#######################################
## PHP Security ids: 40000000 ##
#######################################
# Php Functions
MainRule id:40000000 "s:$UWA:8" "str:gzinflate(" "mz:URL|BODY|ARGS" "msg:gzinflate in URI";
MainRule id:40000001 "s:$UWA:8" "str:system(" "mz:URL|BODY|ARGS" "msg:php system called";
MainRule id:40000002 "s:$UWA:8" "str:base64_decode(" "mz:URL|BODY|ARGS" "msg:php base64_decode called";
MainRule id:40000003 "s:$UWA:8" "str:@eval" "mz:URL|BODY|ARGS" "msg:php eval called";
MainRule id:40000004 "s:$UWA:8" "rx:eval\((\s+)?\$_" "mz:URL|BODY|ARGS" "msg:php eval called";
# PhpMyAdmin
MainRule id:40000005 "s:$UWA:8" "str:/db-admin" "mz:URL" "msg:SQL Admin Interface";
MainRule id:40000006 "s:$UWA:8" "str:/dbadmin" "mz:URL" "msg:SQL Admin Interface";
MainRule id:40000007 "s:$UWA:8" "str:/myadmin" "mz:URL" "msg:SQL Admin Interface";
MainRule id:40000008 "s:$UWA:8" "str:/mysqldumper " "mz:URL" "msg:MysqlDumper";
MainRule id:40000009 "s:$UWA:8" "str:/mysqlmanager" "mz:URL" "msg:SQL Admin Interface";
MainRule id:40000010 "s:$UWA:8" "str:/p/m/a/" "mz:URL" "msg:SQL Admin Interface";
MainRule id:40000011 "s:$UWA:8" "str:/php-my-admin" "mz:URL" "msg:SQL Admin Interface";
MainRule id:40000012 "s:$UWA:8" "str:/php-myadmin" "mz:URL" "msg:SQL Admin Interface";
MainRule id:40000013 "s:$UWA:8" "str:/phpmanager" "mz:URL" "msg:SQL Admin Interface";
MainRule id:40000014 "s:$UWA:8" "str:/phpmy" "mz:URL" "msg:SQL Admin Interface";
MainRule id:40000015 "s:$UWA:8" "str:/phpmy-admin" "mz:URL" "msg:SQL Admin Interface";
MainRule id:40000016 "s:$UWA:8" "str:/phpmyadmin" "mz:URL" "msg:SQL Admin Interface";
MainRule id:40000017 "s:$UWA:8" "str:/phppgadmin " "mz:URL" "msg:SQL Admin Interface";
MainRule id:40000018 "s:$UWA:8" "str:/pma" "mz:URL" "msg:SQL Admin Interface";
MainRule id:40000019 "s:$UWA:8" "str:/sql-admin" "mz:URL" "msg:SQL Admin Interface";
MainRule id:40000020 "s:$UWA:8" "str:/sqladmin" "mz:URL" "msg:SQL Admin Interface";
MainRule id:40000021 "s:$UWA:8" "str:/sqlweb" "mz:URL" "msg:SQL Admin Interface";
MainRule id:40000022 "s:$UWA:8" "str:/sysadmin" "mz:URL" "msg:SQL Admin Interface";
MainRule id:40000023 "s:$UWA:8" "str:/webadmin" "mz:URL" "msg:SQL Admin Interface";
MainRule id:40000024 "s:$UWA:8" "str:/webdb" "mz:URL" "msg:SQL Admin Interface";
MainRule id:40000025 "s:$UWA:8" "str:/websql" "mz:URL" "msg:SQL Admin Interface";
# Block PHPUnit eval-stdin.php CVE-2017-9841
MainRule id:40000026 "s:$UWA:8" "str:eval-stdin.php" "mz:URL" "msg:CVE-2017-9841";
# Block PHP easter egg which normally can be disabled via expose_php = off
MainRule id:40000027 "s:$UWA:8" "rx:PHP[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$" "mz:URL|BODY|ARGS" "msg:PHP easter egg credits";
# Block PHP Xdebug
MainRule id:40000028 "s:$UWA:8" "str:XDEBUG_SESSION" "mz:ANY" "msg:Block PHP Xdebug";
# Block PHPinfo access
MainRule id:40000029 "s:$UWA:8" "str:phpinfo" "mz:URL|BODY|ARGS" "msg:PHPinfo access";
# Block known php installer exploit
MainRule id:40000030 "s:$UWA:8" "str:install.php" "mz:URL" "msg:Access to php install";
# Block more sql admin interface
MainRule id:40000031 "s:$UWA:8" "str:/mysql-admin" "mz:URL" "msg:SQL Admin Interface";
MainRule id:40000032 "s:$UWA:8" "str:/mysqladmin" "mz:URL" "msg:SQL Admin Interface";
MainRule id:40000033 "s:$UWA:8" "str:/sqlmanager" "mz:URL" "msg:SQL Admin Interface";
MainRule id:40000034 "s:$UWA:8" "str:/mysql/" "mz:URL" "msg:SQL Admin Interface";
# Block access to Lavarel telescope since it allows to read logs and SQL queries
MainRule id:40000035 "s:$UWA:8" "str:/telescope/" "mz:URL" "msg:Access to Lavarel telescope";
# Block access to adminer/phpMinAdmin sql admin interface
MainRule id:40000036 "s:$UWA:8" "str:adminer" "mz:URL" "msg:SQL Admin Interface";
# Block access to Symfony Web Framework dev mode.
MainRule id:40000037 "s:$UWA:8" "str:app_dev" "mz:URL" "msg:Symfony Web Framework dev mode";
# phpstorm in request
MainRule id:40000038 "s:$UWA:8" "str:phpstorm" "mz:URL|ARGS|HEADERS" "msg:phpstorm in request";

96
containers/conf/angie/naxsi_rules/blocking/blocking/10000000_scanner.rules Normal file
View file

@ -0,0 +1,96 @@
#######################################
## Scanners ids: 10000000 ##
#######################################
# http://pastebin.com/NP64hTQr
# http://blog.initiative-s.de/2013/09/kompromitierte-wordpress-blogs-werden-fuer-ddos-attacken-genutzt/
# If using wp then turn off this rule
MainRule id:10000000 "s:$UWA:8" "str:wordpress/" "mz:$HEADERS_VAR:User-Agent" "msg:Wordpress in user-agent";
# https://github.com/robertdavidgraham/masscan
MainRule id:10000001 "s:$UWA:8" "str:masscan" "mz:$HEADERS_VAR:User-Agent" "msg:masscan in user-agent";
# block acunetix scan
MainRule id:10000002 "s:$UWA:8" "str:99999999999999999999999" "mz:$HEADERS_VAR:Content-length" "msg:acunetix scan nginx buffer size";
MainRule id:10000003 "s:$UWA:8" "str:acunetix" "mz:URL|BODY|$HEADERS_VAR:Accept|$HEADERS_VAR:User-Agent" "msg:acunetix scan website";
MainRule id:10000004 "s:$UWA:8" "str:acunetix/wvs" "mz:$HEADERS_VAR:Accept" "msg:acunetix scan website";
MainRule id:10000005 "s:$UWA:8" "str:havij" "mz:$HEADERS_VAR:User-Agent" "msg:Havij in user-agent";
MainRule id:10000006 "s:$UWA:8" "str:webmole" "mz:$HEADERS_VAR:User-Agent" "msg:webmole in user-agent";
MainRule id:10000007 "s:$UWA:8" "str:nlpproject.info" "mz:$HEADERS_VAR:User-Agent" "msg:nlpproject.info in user-agent";
MainRule id:10000008 "s:$UWA:8" "str:cloudmapping" "mz:$HEADERS_VAR:User-Agent" "msg:cloudmapping in user-agent";
MainRule id:10000009 "s:$UWA:8" "str:sucuri" "mz:$HEADERS_VAR:User-Agent" "msg:Sucuri in user-agent";
MainRule id:10000010 "s:$UWA:8" "str:brutus/" "mz:$HEADERS_VAR:User-Agent" "msg:Brutus in user-agent";
MainRule id:10000011 "s:$UWA:4" "str:apachebench" "mz:$HEADERS_VAR:User-Agent" "msg:apachebench in user-agent";
MainRule id:10000012 "s:$UWA:8" "str:/netsparker" "mz:URL" "msg:netsparker in user-agent";
MainRule id:10000013 "s:$UWA:8" "str:mysqloit" "mz:$HEADERS_VAR:User-Agent" "msg:Mysqloit in user-agent";
MainRule id:10000014 "s:$UWA:8" "str:network-services-auditor" "mz:$HEADERS_VAR:User-Agent" "msg:network-services-auditor in user-agent";
MainRule id:10000015 "s:$UWA:8" "str:dav.pm" "mz:$HEADERS_VAR:User-Agent" "msg:dav.pm in user-agent";
MainRule id:10000016 "s:$UWA:8" "str:w3af" "mz:$HEADERS_VAR:User-Agent" "msg:w3af in user-agent";
MainRule id:10000017 "s:$UWA:8" "str:http_get_vars" "mz:$HEADERS_VAR:User-Agent" "msg:PHP-Injetion on UA";
MainRule id:10000018 "s:$UWA:8" "str:whisker" "mz:$HEADERS_VAR:User-Agent" "msg:whisker in user-agent";
MainRule id:10000019 "s:$UWA:8" "str:whatweb" "mz:$HEADERS_VAR:User-Agent" "msg:whatweb in user-agent";
MainRule id:10000020 "s:$UWA:8" "str:dirbuster" "mz:$HEADERS_VAR:User-Agent" "msg:DirBuster in user-agent";
# https://www.bleepingcomputer.com/news/security/phps-git-server-hacked-to-add-backdoors-to-php-source-code/
# https://github.com/php/php-src/commit/c730aa26bd52829a49f2ad284b181b7e82a68d7d#diff-a35f2ee9e1d2d3983a3270ee10ec70bf86349c53febdeabdf104f88cb2167961R370
# prevent php supply chain attack
MainRule id:10000021 "s:$UWA:8" "str:zerodium" "mz:$HEADERS_VAR:User-Agent" "msg:zerodium in user-agent";
# prevent log4j attack
# info https://www.govcert.ch/blog/zero-day-exploit-targeting-popular-java-library-log4j/
# payload check https://github.com/johto89/Some-collections-for-Security-Researcher/blob/master/log4j-all-in-one.md
MainRule id:10000022 "s:$UWA:8" "str:${" "mz:$HEADERS_VAR:User-Agent" "msg:log4j attack detection";
# Python libraries like python-requests, python-urllib, etc..
MainRule id:10000023 "s:$UWA:8" "str:python" "mz:$HEADERS_VAR:User-Agent" "msg:python in user-agent";
# Meterpreter
MainRule id:10000024 "s:$UWA:8" "str:meterpreter" "mz:$HEADERS_VAR:User-Agent" "msg:meterpreter in user-agent";
# https://github.com/zmap/zgrab2
MainRule id:10000025 "s:$UWA:8" "str:zgrab" "mz:$HEADERS_VAR:User-Agent" "msg:zgrab in user-agent";
# Known tools like nmap,curl,wget
MainRule id:10000026 "s:$UWA:8" "str:nmap" "mz:$HEADERS_VAR:User-Agent" "msg:nmap in user-agent";
MainRule id:10000027 "s:$UWA:8" "str:curl" "mz:$HEADERS_VAR:User-Agent" "msg:curl in user-agent";
MainRule id:10000028 "s:$UWA:8" "str:wget" "mz:$HEADERS_VAR:User-Agent" "msg:wget in user-agent";
MainRule id:10000029 "s:$UWA:8" "str:sqlmap" "mz:$HEADERS_VAR:User-Agent" "msg:slqmap in user-agent";
# Scan from Expense with this User-Agent:
# Expanse, a Palo Alto Networks company, searches across the global IPv4 space multiple times per day to identify customers presences on the Internet.
# If you would like to be excluded from our scans, please send IP addresses/domains to: scaninfo@paloaltonetworks.com
MainRule id:10000030 "s:$UWA:8" "str:paloaltonetworks.com" "mz:$HEADERS_VAR:User-Agent" "msg:paloaltonetworks in user-agent";
MainRule id:10000031 "s:$UWA:8" "str:palo alto network" "mz:$HEADERS_VAR:User-Agent" "msg:palo alto network in user-agent";
MainRule id:10000032 "s:$UWA:8" "str:Expense" "mz:$HEADERS_VAR:User-Agent" "msg:Expense in user-agent";
# Scan from NetSystemsResearch with this User-Agent:
# NetSystemsResearch studies the availability of various services across the internet. Our website is netsystemsresearch.com
MainRule id:10000033 "s:$UWA:8" "str:NetSystemsResearch" "mz:$HEADERS_VAR:User-Agent" "msg:NetSystemsResearch in user-agent";
# Golang default User-Agent
MainRule id:10000034 "s:$UWA:8" "str:Go-http" "mz:$HEADERS_VAR:User-Agent" "msg:Golang in user-agent";
# Perl default User-Agent
MainRule id:10000035 "s:$UWA:8" "str:libwww-perl" "mz:$HEADERS_VAR:User-Agent" "msg:libwww-perl in user-agent";
# l9tcpid in User-Agent
MainRule id:10000036 "s:$UWA:8" "str:l9tcpid" "mz:$HEADERS_VAR:User-Agent" "msg:l9tcpid in user-agent";
# l9explore in User-Agent
MainRule id:10000037 "s:$UWA:8" "str:l9explore" "mz:$HEADERS_VAR:User-Agent" "msg:l9explore in user-agent";
# WPScan in User-Agent
MainRule id:10000038 "s:$UWA:8" "str:wpscan" "mz:$HEADERS_VAR:User-Agent" "msg:WPScan in user-agent";
# WinHttpReq in User-Agent
MainRule id:10000039 "s:$UWA:8" "str:WinHttpReq" "mz:$HEADERS_VAR:User-Agent" "msg:WinHttpReq in user-agent";
# EgyScan security scanner uses AliElTop in some of the attacks
MainRule id:10000040 "s:$UWA:8" "str:AliElTop" "mz:ANY" "msg:EgyScan security scanner";
# Guzzle PHP HTTP client
MainRule id:10000041 "s:$UWA:8" "str:GuzzleHttp" "mz:$HEADERS_VAR:User-Agent" "msg:GuzzleHttp in user-agent";
# Java client
MainRule id:10000042 "s:$UWA:8" "str:AsyncHttpClient" "mz:$HEADERS_VAR:User-Agent" "msg:AsyncHttpClient in user-agent";

172
containers/conf/angie/naxsi_rules/blocking/blocking/20000000_web_security.rules Normal file
View file

@ -0,0 +1,172 @@
#######################################
## Webserver Security ids: 20000000 ##
#######################################
# webserver critical files
MainRule id:20000000 "s:$UWA:8" "str:.conf" "mz:URL" "msg:file access to .conf";
MainRule id:20000001 "s:$UWA:8" "str:.ini" "mz:URL" "msg:file access to .ini";
MainRule id:20000002 "s:$UWA:8" "str:.sql" "mz:URL" "msg:file access to .sql";
MainRule id:20000003 "s:$UWA:8" "rx:\.txt$" "mz:URL" "msg:file access to .txt";
MainRule id:20000004 "s:$UWA:8" "str:/sftp-config.json" "mz:URL|BODY" "msg:file access to sftp-config.json";
MainRule id:20000005 "s:$UWA:8" "str:/.bzr" "mz:URL" "msg:bazaar version control folder access";
MainRule id:20000006 "s:$UWA:8" "str:/.git" "mz:URL" "msg:git version control folder access";
MainRule id:20000007 "s:$UWA:8" "str:/.hg" "mz:URL" "msg:mercurial version control folder access";
MainRule id:20000008 "s:$UWA:8" "str:/.svn" "mz:URL" "msg:svn version control folder access";
MainRule id:20000009 "s:$UWA:8" "str:/bzr/" "mz:URL" "msg:bazaar version control folder access";
MainRule id:20000010 "s:$UWA:8" "str:/git/" "mz:URL" "msg:git version control folder access";
MainRule id:20000011 "s:$UWA:8" "str:/hg/" "mz:URL" "msg:mercurial version control folder access";
MainRule id:20000012 "s:$UWA:8" "str:/svn/" "mz:URL" "msg:svn version control folder access";
MainRule id:20000013 "s:$UWA:8" "str:.htpasswd" "mz:ARGS|BODY|URL|FILE_EXT" "msg:file access to .htpasswd";
MainRule id:20000014 "s:$UWA:8" "str:.htaccess" "mz:ARGS|BODY|URL|FILE_EXT" "msg:file access to .htaccess";
MainRule id:20000015 "s:$UWA:8" "str:.ds_store" "mz:URL" "msg:file access to .ds_store";
MainRule id:20000016 "s:$UWA:8" "str:changelog" "mz:URL" "msg:file access to changelog";
MainRule id:20000017 "s:$UWA:8" "rx:^/core.\d+$" "mz:URL" "msg:file access to core dumps";
MainRule id:20000018 "s:$UWA:8" "rx:\.module$" "mz:URL" "msg:file access to .module (drupal)";
MainRule id:20000019 "s:$UWA:8" "str:web.config" "mz:URL" "msg:file access to web.config (drupal)";
MainRule id:20000020 "s:$UWA:8" "rx:release[-_]notes\." "mz:URL" "msg:file access to release notes";
MainRule id:20000021 "s:$UWA:8" "rx:~$" "mz:URL" "msg:file access to cache files";
MainRule id:20000022 "s:$UWA:8" "str:web-inf" "mz:URL|BODY|ARGS" "msg:folder access to WEB-INF";
# Exposed Services
MainRule id:20000023 "s:$UWA:8" "str:/cgi-bin/luci" "mz:URL" "msg:Exposed OpenWRT";
MainRule id:20000024 "s:$UWA:8" "rx:^/cgi-bin/.+\.cgi$" "mz:URL" "msg:Exposed cgi-bin";
MainRule id:20000025 "s:$UWA:8" "str:/jenkins" "mz:URL" "msg:Exposed Jenkins";
MainRule id:20000026 "s:$UWA:8" "str:/console/login/LoginForm.jsp" "mz:URL" "msg:Exposed Oracle WebLogic Server Administration Console";
MainRule id:20000027 "s:$UWA:8" "str:/nuxeo/login.jsp" "mz:URL" "msg:Exposed Nuxeo Enterprise Platform";
MainRule id:20000028 "s:$UWA:8" "str:/zabbix/index.php" "mz:URL" "msg:Exposed Zabbix";
# Known hacking tools like burp suite, etc..
MainRule id:20000029 "s:$UWA:8" "str:burpcollaborator.net" "mz:ARGS|BODY|HEADERS" "msg:burp collaborator";
MainRule id:20000030 "s:$UWA:8" "str:/netsparker" "mz:URL" "msg:Netsparker";
# Malicious strings in request
MainRule id:20000031 "s:$UWA:8" "str:\n\r" "mz:URL" "msg:HTTP - Smuggling-Attempt (NewLine in URI)";
MainRule id:20000032 "s:$UWA:6" "rx:^[a-zA-Z\d-]+\.[a-zA-Z]+$" "mz:$HEADERS_VAR:Host" "msg:HOST-Header Injection";
MainRule id:20000033 "s:$UWA:8" "str:/bin/sh" "mz:URL|BODY|ARGS|$HEADERS_VAR:User-Agent|$HEADERS_VAR:Cookie" "msg:/bin/sh in URI";
MainRule id:20000034 "s:$UWA:8" "str:/etc/passwd" "mz:URL|BODY|ARGS|$HEADERS_VAR:User-Agent|$HEADERS_VAR:Cookie" "msg:/etc/passwd in URI";
MainRule id:20000035 "s:$UWA:8" "str:/etc/shadow" "mz:URL|BODY|ARGS|$HEADERS_VAR:User-Agent|$HEADERS_VAR:Cookie" "msg:/etc/shadow in URI";
MainRule id:20000036 "s:$UWA:8" "str:/etc/hosts" "mz:URL|BODY|ARGS|$HEADERS_VAR:User-Agent|$HEADERS_VAR:Cookie" "msg:/etc/hosts in URI";
MainRule id:20000037 "s:$UWA:8" "str:/Windows/system.ini" "mz:URL|BODY|ARGS|$HEADERS_VAR:User-Agent|$HEADERS_VAR:Cookie" "msg:/Windows/system.ini in URI";
MainRule id:20000038 "s:$UWA:8" "rx:<!DOCTYPE(\s+)(%*\s*)([{}:.a-zA-Z0-9_-]*)(\s+)SYSTEM" "mz:BODY" "msg: possible XML/XXE-Exploitation atempt (Doctype)";
MainRule id:20000039 "s:$UWA:8" "str:http://http://" "mz:HEADERS" "msg:Abnormal double http:// in HTTP header";
MainRule id:20000040 "s:$UWA:8" "str:https://http://" "mz:HEADERS" "msg:Abnormal double http:// in HTTP header";
MainRule id:20000041 "s:$UWA:8" "str:http://https://" "mz:HEADERS" "msg:Abnormal double http:// in HTTP header";
MainRule id:20000042 "s:$UWA:8" "str:https://https://" "mz:HEADERS" "msg:Abnormal double http:// in HTTP header";
# ThinkPHP Remote Code Execution CVE-2018-20062
MainRule id:20000043 "s:$UWA:8" "str:index/\think\app/invokefunction" "mz:URL" "msg:CVE-2018-20062";
# AWS related files
MainRule id:20000044 "s:$UWA:8" "str:/.aws/" "mz:URL" "msg:AWS Credential Stealer";
# dot folders and files
MainRule id:20000045 "s:$UWA:8" "rx:/\.[^.]" "mz:URL" "msg:Access to dot folder or file";
# Exposed Microsoft Exchange
MainRule id:20000046 "s:$UWA:8" "str:autodiscover/autodiscover.json" "mz:URL" "msg:Exposed Microsoft Exchange";
MainRule id:20000047 "s:$UWA:8" "str:autodiscover/autodiscover.xml" "mz:URL" "msg:Exposed Microsoft Exchange";
MainRule id:20000048 "s:$UWA:8" "str:/auth.owa" "mz:URL" "msg:Exposed Microsoft Exchange";
# Ignition 2.5.1 Remote Code Execution CVE-2021-3129
MainRule id:20000049 "s:$UWA:8" "str:/_ignition/execute-solution" "mz:URL" "msg:CVE-2021-3129";
# CVE-2018-13379 path traversal vulnerability in Fortinet's FortiGate SSL VPN
# https://x.x.x.x/remote/fgt_lang?lang=/../../../..//////////dev/cmdb/sslvpn_websession
MainRule id:20000050 "s:$UWA:8" "str:/sslvpn_websession" "mz:ARGS|BODY|HEADERS" "msg:CVE-2018-13379";
# Exposed Apache Tomcat Administration Panel
MainRule id:20000051 "s:$UWA:8" "str:/manager/html" "mz:URL" "msg:Exposed Apache Tomcat Administration Panel";
# Block NMAP enumeration
MainRule id:20000052 "s:$UWA:8" "str:/HNAP1" "mz:URL" "msg:NMAP enumeration attempt";
MainRule id:20000053 "s:$UWA:8" "rx:/default\.(asp|aspx|cfm|cgi|jsa|jsp|php|pl)$" "mz:URL" "msg:NMAP enumeration attempt";
MainRule id:20000054 "s:$UWA:8" "rx:/start\.(asp|aspx|cfm|cgi|jsa|jsp|php|pl)$" "mz:URL" "msg:NMAP enumeration attempt";
MainRule id:20000055 "s:$UWA:8" "rx:/localstart\.(asp|aspx|cfm|cgi|jsa|jsp|php|pl)$" "mz:URL" "msg:NMAP enumeration attempt";
MainRule id:20000056 "s:$UWA:8" "rx:/admin\.(asp|aspx|cfm|cgi|jsa|jsp|php|pl)$" "mz:URL" "msg:NMAP enumeration attempt";
MainRule id:20000057 "s:$UWA:8" "str:/nmaplowercheck" "mz:URL" "msg:NMAP enumeration attempt";
# Siemens PLC scan
MainRule id:20000058 "s:$UWA:8" "str:/__Additional" "mz:URL" "msg:Siemens PLC scan";
MainRule id:20000059 "s:$UWA:8" "str:/docs/cplugError.html/" "mz:URL" "msg:Siemens PLC scan";
MainRule id:20000060 "s:$UWA:8" "str:/Portal/Portal.mwsl" "mz:URL" "msg:Siemens PLC scan";
# Block Citrix XenApp
MainRule id:20000061 "s:$UWA:8" "str:/scripts/wpnbr.dll" "mz:URL" "msg:Citrix XenApp";
# Block jenkins authentication bypass CVE-2018-1000861
MainRule id:20000062 "s:$UWA:8" "str:/securityRealm/user/admin/search/index" "mz:URL" "msg:CVE-2018-1000861";
# Block jenkins RCE CVE-2019-1003029, CVE-2019-1003030
MainRule id:20000063 "s:$UWA:8" "str:/descriptorByName/org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.SecureGroovyScript/checkScript/" "mz:URL" "msg:CVE-2019-1003029, CVE-2019-1003030";
# Log4J bypass
MainRule id:20000064 "s:$UWA:8" "str:${env:NaN:-" "mz:URL|ARGS|BODY|HEADERS" "msg:Attempted Log4J Bypass";
# Windows system paths
MainRule id:20000065 "s:$UWA:8" "str:\Windows\system.ini" "mz:URL|BODY|ARGS|$HEADERS_VAR:User-Agent|$HEADERS_VAR:Cookie" "msg:\Windows\system.ini in URI";
MainRule id:20000066 "s:$UWA:8" "str:/Windows/win.ini" "mz:URL|BODY|ARGS|$HEADERS_VAR:User-Agent|$HEADERS_VAR:Cookie" "msg:/Windows/win.ini in URI";
MainRule id:20000067 "s:$UWA:8" "str:\Windows\win.ini" "mz:URL|BODY|ARGS|$HEADERS_VAR:User-Agent|$HEADERS_VAR:Cookie" "msg:\Windows\win.ini in URI";
# Exposed Apache Host Manager App
MainRule id:20000068 "s:$UWA:8" "str:/manager/text/list" "mz:URL" "msg:Exposed Apache Host Manager App";
# Spring Cloud Gateway Code Injection Vulnerability
MainRule id:20000069 "s:$UWA:8" "str:/actuator/gateway/routes" "mz:URL" "msg:CVE-2022-22947";
# Block Spring4Shell
MainRule id:20000070 "s:$UWA:8" "str:class.module.classLoader.resources." "mz:RAW_BODY" "msg:CVE-2022-22965";
MainRule id:20000071 "s:$UWA:8" "rx:<%|%>" "mz:HEADERS" "msg:CVE-2022-22965";
# Block Microsoft Exchange Server Remote Code Execution
MainRule id:20000072 "s:$UWA:8" "str:/ecp/Current/exporttool/microsoft.exchange.ediscovery.exporttool.application" "mz:URL" "msg:CVE-2021-28481";
# Prevents IndoXploit/IDX Shell dump access
# A website that has been infected will have a world-browsable folder called `idx_config`
# which contains text versions of the configuration file of every CMS installation the shell
# is able to find (impacts WordPress, Joomla and Magento).
MainRule id:20000073 "s:$UWA:8" "str:/idx_config" "mz:URL" "msg:Prevent IndoXploit/IDX Shell dump access";
# Prevents old grafana to return all folders
# https://github.com/grafana/grafana/pull/44175
MainRule id:20000074 "s:$UWA:8" "rx:^0$" "mz:$URL:/api/search|$ARGS_VAR:folderIds" "msg:Access all grafana folders";
# Block access to yaml files
MainRule id:20000075 "s:$UWA:8" "str:.yml" "mz:URL" "msg:file access to .yml";
MainRule id:20000076 "s:$UWA:8" "str:.yaml" "mz:URL" "msg:file access to .yaml";
# Block access to HashiCorp Consul/Vault template files
MainRule id:20000077 "s:$UWA:8" "rx:\.ctmpl$" "mz:URL" "msg:file access to .ctmpl";
MainRule id:20000078 "s:$UWA:8" "rx:\.hcl$" "mz:URL" "msg:file access to .hcl";
# Block access to known files used for fingerprinting
MainRule id:20000079 "s:$UWA:8" "rx:\.md$" "mz:URL" "msg:file access to .md";
MainRule id:20000080 "s:$UWA:8" "rx:read[-_]?me" "mz:URL" "msg:file access to readme";
MainRule id:20000081 "s:$UWA:8" "rx:\.toml$" "mz:URL" "msg:file access to .toml";
# AWS related files
MainRule id:20000082 "s:$UWA:8" "str:dockerrun.aws.json" "mz:URL" "msg:Exposed AWS Elastic Beanstalk configuration";
# Block access to temporary backup files like .bak,.bak.php, etc...
MainRule id:20000083 "s:$UWA:8" "str:.bak" "mz:URL" "msg:file access to temporary backup files";
# Path traversal in nuxt/framework when in dev mode
# https://huntr.dev/bounties/4849af83-450c-435e-bc0b-71705f5be440/
MainRule id:20000084 "s:$UWA:8" "str:_nuxt/@" "mz:URL" "msg:path traversal in nuxt framework";
# AWS NodeJS related files
MainRule id:20000085 "s:$UWA:8" "str:awsconfig" "mz:URL" "msg:Exposed AWS config files";
MainRule id:20000086 "s:$UWA:8" "str:aws-config" "mz:URL" "msg:Exposed AWS config files";
MainRule id:20000087 "s:$UWA:8" "str:awscred" "mz:URL" "msg:Exposed AWS config files";
MainRule id:20000088 "s:$UWA:8" "str:aws-cred" "mz:URL" "msg:Exposed AWS config files";
# Text editors temp and config files
MainRule id:20000089 "s:$UWA:8" "str:.old" "mz:URL" "msg:Exposed temp copy";
MainRule id:20000090 "s:$UWA:8" "str:.save" "mz:URL" "msg:Exposed temp copy";
MainRule id:20000091 "s:$UWA:8" "str:.DS_Store" "mz:URL" "msg:Exposed temp copy";
MainRule id:20000092 "s:$UWA:8" "str:vscode" "mz:URL" "msg:Exposed vscode directory";
# Exposed .env
MainRule id:20000093 "s:$UWA:8" "str:/.env" "mz:URL" "msg:access to .env file or dir";
# androxgh0st exploit
MainRule id:20000094 "s:$UWA:8" "str:androxgh0st" "mz:ANY" "msg:androxgh0st exploit";

16
containers/conf/angie/naxsi_rules/blocking/blocking/30000000_wordpress.rules Normal file
View file

@ -0,0 +1,16 @@
#######################################
## Wordpress ids: 30000000 ##
#######################################
MainRule id:30000000 "s:$UWA:8" "str:system.multicall" "mz:$URL:/xmlrpc.php|BODY" "msg:Wordpress XMLRPC possible Password Brute Force";
MainRule id:30000001 "s:$UWA:8" "str:system.listmethods" "mz:$URL:/xmlrpc.php|BODY" "msg:WordPress XMLRPC Enumeration system.listMethods";
MainRule id:30000002 "s:$UWA:8" "str:system.getcapabilities" "mz:$URL:/xmlrpc.php|BODY" "msg:WordPress XMLRPC Enumeration system.getCapabilities";
MainRule id:30000003 "s:$UWA:8" "str:/w3tc/dbcache" "mz:URL" "msg:WordPress TotalCache-DBCache-Access";
MainRule id:30000004 "s:$UWA:8" "str:/uploadify/uploadify.php" "mz:URL" "msg:WordPress Uploadify-Access";
MainRule id:30000005 "s:$UWA:8" "str:/wp-content/plugins/mm-forms-community/upload/temp/" "mz:URL" "msg:Access To mm-forms-community upload dir";
MainRule id:30000006 "s:$UWA:8" "str:wp-config.php" "mz:BODY|ARGS|URL" "msg:WordPress access to wp-config.php";
# block malicious access ALFA_DATA|alfacgiapi|cgialfa path
MainRule id:30000007 "s:$UWA:8" "str:ALFA_DATA" "mz:URL" "msg:WordPress malicious access to ALFA_DATA path";
MainRule id:30000008 "s:$UWA:8" "str:alfacgiapi" "mz:URL" "msg:WordPress malicious access to alfacgiapi path";
MainRule id:30000009 "s:$UWA:8" "str:cgialfa" "mz:URL" "msg:WordPress malicious access to cgialfa path";

66
containers/conf/angie/naxsi_rules/blocking/blocking/40000000_php_security.rules Normal file
View file

@ -0,0 +1,66 @@
#######################################
## PHP Security ids: 40000000 ##
#######################################
# Php Functions
MainRule id:40000000 "s:$UWA:8" "str:gzinflate(" "mz:URL|BODY|ARGS" "msg:gzinflate in URI";
MainRule id:40000001 "s:$UWA:8" "str:system(" "mz:URL|BODY|ARGS" "msg:php system called";
MainRule id:40000002 "s:$UWA:8" "str:base64_decode(" "mz:URL|BODY|ARGS" "msg:php base64_decode called";
MainRule id:40000003 "s:$UWA:8" "str:@eval" "mz:URL|BODY|ARGS" "msg:php eval called";
MainRule id:40000004 "s:$UWA:8" "rx:eval\((\s+)?\$_" "mz:URL|BODY|ARGS" "msg:php eval called";
# PhpMyAdmin
MainRule id:40000005 "s:$UWA:8" "str:/db-admin" "mz:URL" "msg:SQL Admin Interface";
MainRule id:40000006 "s:$UWA:8" "str:/dbadmin" "mz:URL" "msg:SQL Admin Interface";
MainRule id:40000007 "s:$UWA:8" "str:/myadmin" "mz:URL" "msg:SQL Admin Interface";
MainRule id:40000008 "s:$UWA:8" "str:/mysqldumper " "mz:URL" "msg:MysqlDumper";
MainRule id:40000009 "s:$UWA:8" "str:/mysqlmanager" "mz:URL" "msg:SQL Admin Interface";
MainRule id:40000010 "s:$UWA:8" "str:/p/m/a/" "mz:URL" "msg:SQL Admin Interface";
MainRule id:40000011 "s:$UWA:8" "str:/php-my-admin" "mz:URL" "msg:SQL Admin Interface";
MainRule id:40000012 "s:$UWA:8" "str:/php-myadmin" "mz:URL" "msg:SQL Admin Interface";
MainRule id:40000013 "s:$UWA:8" "str:/phpmanager" "mz:URL" "msg:SQL Admin Interface";
MainRule id:40000014 "s:$UWA:8" "str:/phpmy" "mz:URL" "msg:SQL Admin Interface";
MainRule id:40000015 "s:$UWA:8" "str:/phpmy-admin" "mz:URL" "msg:SQL Admin Interface";
MainRule id:40000016 "s:$UWA:8" "str:/phpmyadmin" "mz:URL" "msg:SQL Admin Interface";
MainRule id:40000017 "s:$UWA:8" "str:/phppgadmin " "mz:URL" "msg:SQL Admin Interface";
MainRule id:40000018 "s:$UWA:8" "str:/pma" "mz:URL" "msg:SQL Admin Interface";
MainRule id:40000019 "s:$UWA:8" "str:/sql-admin" "mz:URL" "msg:SQL Admin Interface";
MainRule id:40000020 "s:$UWA:8" "str:/sqladmin" "mz:URL" "msg:SQL Admin Interface";
MainRule id:40000021 "s:$UWA:8" "str:/sqlweb" "mz:URL" "msg:SQL Admin Interface";
MainRule id:40000022 "s:$UWA:8" "str:/sysadmin" "mz:URL" "msg:SQL Admin Interface";
MainRule id:40000023 "s:$UWA:8" "str:/webadmin" "mz:URL" "msg:SQL Admin Interface";
MainRule id:40000024 "s:$UWA:8" "str:/webdb" "mz:URL" "msg:SQL Admin Interface";
MainRule id:40000025 "s:$UWA:8" "str:/websql" "mz:URL" "msg:SQL Admin Interface";
# Block PHPUnit eval-stdin.php CVE-2017-9841
MainRule id:40000026 "s:$UWA:8" "str:eval-stdin.php" "mz:URL" "msg:CVE-2017-9841";
# Block PHP easter egg which normally can be disabled via expose_php = off
MainRule id:40000027 "s:$UWA:8" "rx:PHP[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$" "mz:URL|BODY|ARGS" "msg:PHP easter egg credits";
# Block PHP Xdebug
MainRule id:40000028 "s:$UWA:8" "str:XDEBUG_SESSION" "mz:ANY" "msg:Block PHP Xdebug";
# Block PHPinfo access
MainRule id:40000029 "s:$UWA:8" "str:phpinfo" "mz:URL|BODY|ARGS" "msg:PHPinfo access";
# Block known php installer exploit
MainRule id:40000030 "s:$UWA:8" "str:install.php" "mz:URL" "msg:Access to php install";
# Block more sql admin interface
MainRule id:40000031 "s:$UWA:8" "str:/mysql-admin" "mz:URL" "msg:SQL Admin Interface";
MainRule id:40000032 "s:$UWA:8" "str:/mysqladmin" "mz:URL" "msg:SQL Admin Interface";
MainRule id:40000033 "s:$UWA:8" "str:/sqlmanager" "mz:URL" "msg:SQL Admin Interface";
MainRule id:40000034 "s:$UWA:8" "str:/mysql/" "mz:URL" "msg:SQL Admin Interface";
# Block access to Lavarel telescope since it allows to read logs and SQL queries
MainRule id:40000035 "s:$UWA:8" "str:/telescope/" "mz:URL" "msg:Access to Lavarel telescope";
# Block access to adminer/phpMinAdmin sql admin interface
MainRule id:40000036 "s:$UWA:8" "str:adminer" "mz:URL" "msg:SQL Admin Interface";
# Block access to Symfony Web Framework dev mode.
MainRule id:40000037 "s:$UWA:8" "str:app_dev" "mz:URL" "msg:Symfony Web Framework dev mode";
# phpstorm in request
MainRule id:40000038 "s:$UWA:8" "str:phpstorm" "mz:URL|ARGS|HEADERS" "msg:phpstorm in request";

15
containers/conf/angie/naxsi_rules/blocking/blocking/50000000_sql_injection.rules Normal file
View file

@ -0,0 +1,15 @@
#######################################
## SQL Injection ids: 50000000 ##
#######################################
# Transact-SQL General Extended Stored Procedures
# https://docs.microsoft.com/en-us/sql/relational-databases/system-stored-procedures/general-extended-stored-procedures-transact-sql
MainRule id:50000000 "s:$SQL:8" "rx:xp_(cmdshell|enumgroups|grantlogin|logevent|loginconfig|logininfo|msver|revokelogin|sprintf|sqlmaint|sscanf)" "mz:BODY|HEADERS|ARGS|URL" "msg:Transact-SQL GESP";
# Classic SQL injection
MainRule id:50000001 "s:$SQL:8" "rx:(CHAR|CONCAT|CONCAT_WS)\([0-9a-fx,]+\)" "mz:BODY|HEADERS|ARGS|URL" "msg:SQL Injection";
MainRule id:50000002 "s:$SQL:8" "rx:SLEEP(\s+)?\(" "mz:BODY|HEADERS|ARGS|URL" "msg:SQL Injection";
MainRule id:50000003 "s:$SQL:8" "rx:\bBENCHMARK\b\([0-9,]+.+\)" "mz:BODY|HEADERS|ARGS|URL" "msg:SQL Injection";
MainRule id:50000004 "s:$SQL:8" "rx:\b(UNION|INFORMATION_SCHEMA)\b.*(#|--|\*)" "mz:BODY|HEADERS|ARGS|URL" "msg:SQL Injection";
MainRule id:50000005 "s:$SQL:8" "rx:(MD\d|SHA\d+)(\s+)?\(" "mz:BODY|HEADERS|ARGS|URL" "msg:SQL Injection";
MainRule id:50000006 "s:$SQL:8" "rx:DBMS_PIPE|RECEIVE_MESSAGE|WAITFOR|DELAY" "mz:BODY|HEADERS|ARGS|URL" "msg:SQL Injection";

95
containers/conf/angie/naxsi_rules/naxsi_core.rules Normal file
View file

@ -0,0 +1,95 @@
##################################
## INTERNAL RULES IDS:1-999 ##
##################################
#@MainRule "msg:weird request, unable to parse" id:1;
#@MainRule "msg:request too big, stored on disk and not parsed" id:2;
#@MainRule "msg:invalid hex encoding, null bytes" id:10;
#@MainRule "msg:unknown content-type" id:11;
#@MainRule "msg:invalid formatted url" id:12;
#@MainRule "msg:invalid POST format" id:13;
#@MainRule "msg:invalid POST boundary" id:14;
#@MainRule "msg:invalid JSON" id:15;
#@MainRule "msg:empty POST" id:16;
#@MainRule "msg:libinjection_sql" id:17;
#@MainRule "msg:libinjection_xss" id:18;
#@MainRule "msg:no generic rules" id:19;
#@MainRule "msg:bad utf8" id:20;
#@MainRule "msg:illegal host header" id:21;
##################################
## SQL Injections IDs:1000-1099 ##
##################################
MainRule "rx:select|union|update|delete|insert|table|from|ascii|hex|unhex|drop|load_file|substr|group_concat|dumpfile|bigint" "msg:sql keywords" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:4" id:1000;
MainRule "str:\"" "msg:double quote" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:8,$XSS:8" id:1001;
MainRule "str:0x" "msg:0x, possible hex encoding" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:2" id:1002;
## Hardcore rules
MainRule "str:/*" "msg:mysql comment (/*)" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:8" id:1003;
MainRule "str:*/" "msg:mysql comment (*/)" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:8" id:1004;
MainRule "str:|" "msg:mysql keyword (|)" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:8" id:1005;
MainRule "str:&&" "msg:mysql keyword (&&)" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:8" id:1006;
## end of hardcore rules
MainRule "str:--" "msg:mysql comment (--)" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:4" id:1007;
MainRule "str:;" "msg:semicolon" "mz:BODY|URL|ARGS" "s:$SQL:4,$XSS:8" id:1008;
MainRule "str:=" "msg:equal sign in var, probable sql/xss" "mz:ARGS|BODY" "s:$SQL:2" id:1009;
MainRule "str:(" "msg:open parenthesis, probable sql/xss" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$SQL:4,$XSS:8" id:1010;
MainRule "str:)" "msg:close parenthesis, probable sql/xss" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$SQL:4,$XSS:8" id:1011;
MainRule "str:'" "msg:simple quote" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$SQL:4,$XSS:8" id:1013;
MainRule "str:," "msg:comma" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:4" id:1015;
MainRule "str:#" "msg:mysql comment (#)" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:4" id:1016;
MainRule "str:@@" "msg:double arobase (@@)" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:4" id:1017;
MainRule "rx:::json|to_json|jsonb?_build|jsonb?_object|jsonb?_each|jsonb?_extract|jsonb?_typeof|jsonb?_array|jsonb_set|json_query|json_keys" "msg:json functions and operators" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:8" id:1018;
###############################
## OBVIOUS RFI IDs:1100-1199 ##
###############################
MainRule "str:http://" "msg:http:// scheme" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1100;
MainRule "str:https://" "msg:https:// scheme" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1101;
MainRule "str:ftp://" "msg:ftp:// scheme" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1102;
MainRule "str:php://" "msg:php:// scheme" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1103;
MainRule "str:sftp://" "msg:sftp:// scheme" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1104;
MainRule "str:zlib://" "msg:zlib:// scheme" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1105;
MainRule "str:data://" "msg:data:// scheme" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1106;
MainRule "str:glob://" "msg:glob:// scheme" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1107;
MainRule "str:phar://" "msg:phar:// scheme" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1108;
MainRule "str:file://" "msg:file:// scheme" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1109;
MainRule "str:gopher://" "msg:gopher:// scheme" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1110;
MainRule "str:zip://" "msg:zip:// scheme" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1111;
MainRule "str:expect://" "msg:expect:// scheme" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1112;
MainRule "str:input://" "msg:input:// scheme" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1113;
#######################################
## Directory traversal IDs:1200-1299 ##
#######################################
MainRule "str:.." "msg:double dot" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$TRAVERSAL:4" id:1200;
MainRule "str:/etc/passwd" "msg:obvious probe" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$TRAVERSAL:4" id:1202;
MainRule "str:c:\\" "msg:obvious windows path" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$TRAVERSAL:4" id:1203;
MainRule "str:cmd.exe" "msg:obvious probe" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$TRAVERSAL:4" id:1204;
MainRule "str:\\" "msg:backslash" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$TRAVERSAL:4" id:1205;
#MainRule "str:/" "msg:slash in args" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$TRAVERSAL:2" id:1206;
MainRule "str:/..;/" "msg:dir traversal bypass" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$TRAVERSAL:2" id:1207;
MainRule "str:/.;/" "msg:dir traversal bypass" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$TRAVERSAL:4" id:1208;
MainRule "str:/.%2e/" "msg:dir traversal bypass" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$TRAVERSAL:4" id:1209;
MainRule "str:/%2e./" "msg:dir traversal bypass" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$TRAVERSAL:4" id:1210;
########################################
## Cross Site Scripting IDs:1300-1399 ##
########################################
MainRule "str:<" "msg:html open tag" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1302;
MainRule "str:>" "msg:html close tag" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1303;
MainRule "str:[" "msg:open square backet ([), possible js" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1310;
MainRule "str:]" "msg:close square bracket (]), possible js" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311;
MainRule "str:~" "msg:tilde (~) character" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312;
MainRule "str:`" "msg:grave accent (`)" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314;
MainRule "rx:%[23]." "msg:double encoding" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
####################################
## Evading tricks IDs: 1400-1500 ##
####################################
MainRule "str:&#" "msg:utf7/8 encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400;
MainRule "str:%U" "msg:M$ encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401;
#############################
## File uploads: 1500-1600 ##
#############################
MainRule "rx:\.ph|\.asp|\.ht|\.jsp" "msg:asp/php/jsp/htaccess file upload" "mz:FILE_EXT" "s:$UPLOAD:8" id:1500;
MainRule "rx:^[\.a-z0-9_\- ]+$" negative "msg:uploaded filename contains non-printable ascii chars" "mz:FILE_EXT" "s:$UPLOAD:8" id:1501;

7
containers/conf/angie/naxsi_rules/whitelists/dokuwiki.rules Normal file
View file

@ -0,0 +1,7 @@
# DokuWiki rules
BasicRule wl:1015 "mz:$BODY_VAR:usergroups";
BasicRule wl:0 "mz:$BODY_VAR:wikitext";
BasicRule wl:0 "mz:$BODY_VAR:summary";
BasicRule wl:0 "mz:$BODY_VAR:prefix";
BasicRule wl:0 "mz:$BODY_VAR:suffix";

61
containers/conf/angie/naxsi_rules/whitelists/drupal.rules Normal file
View file

@ -0,0 +1,61 @@
####################################
## Drupal whitelists ALPHA ##
####################################
# some url patterns
BasicRule wl:1000 "mz:$URL:/modules/update/update.css|URL";
BasicRule wl:1000 "mz:$URL:/misc/tableselect.js|URL";
BasicRule wl:1000 "mz:$URL:/modules/contextual/images/gear-select.png|URL|$HEADERS_VAR:cookie";
BasicRule wl:1000 "mz:$URL:/misc/ui/jquery.ui.sortable.min.js|URL|$HEADERS_VAR:cookie";
BasicRule wl:1000 "mz:$URL:/misc/tableheader.js|URL|$HEADERS_VAR:cookie";
BasicRule wl:1000 "mz:$URL:/misc/tabledrag.js|URL|$HEADERS_VAR:cookie";
# bad keywords in posts etc (update etc)
BasicRule wl:1000 "mz:$URL:/|$BODY_VAR:comment_confirm_delete|NAME";
BasicRule wl:1000 "mz:$URL:/|$ARGS_VAR:q";
BasicRule wl:1000 "mz:$URL:/|$BODY_VAR:form_id";
BasicRule wl:1000 "mz:$URL:/|$HEADERS_VAR:cookie";
BasicRule wl:1010 "mz:$URL:/|$ARGS_VAR:date";
# XSS because of [ and ] in POST variables
BasicRule wl:1310,1311 "mz:$URL:/|$BODY_VAR_X:^body|NAME";
BasicRule wl:1310,1311 "mz:$URL:/|$BODY_VAR_X:^menu|NAME";
BasicRule wl:1310,1311 "mz:$URL:/|$BODY_VAR_X:^path|NAME";
BasicRule wl:1310,1311 "mz:$URL:/|$BODY_VAR_X:^comment_body|NAME";
BasicRule wl:1310,1311 "mz:$URL:/|$BODY_VAR_X:^field_|NAME";
BasicRule wl:1310,1311 "mz:$URL:/|$BODY_VAR_X:^type|NAME";
BasicRule wl:1310,1311 "mz:$URL:/|$BODY_VAR_X:^modules|NAME";
BasicRule wl:1310,1311 "mz:$URL:/|$BODY_VAR_X:^blocks|NAME";
BasicRule wl:1310,1311 "mz:$URL:/|$BODY_VAR_X:^palette|NAME";
BasicRule wl:1310,1311 "mz:$URL:/|$BODY_VAR_X:^regions|NAME";
BasicRule wl:1310,1311 "mz:$URL:/|$BODY_VAR_X:^roles|NAME";
BasicRule wl:1310,1311 "mz:$URL:/|$BODY_VAR_X:^fields|NAME";
BasicRule wl:1310,1311 "mz:$URL:/|$ARGS_VAR_X:^destination|NAME";
BasicRule wl:1310,1311 "mz:$URL:/|$BODY_VAR_X:^filter|NAME";
BasicRule wl:1310,1311 "mz:$URL:/|$BODY_VAR_X:^search_active_modules|NAME";
BasicRule wl:1310,1311 "mz:$URL:/|$BODY_VAR_X:^shortcuts|NAME";
BasicRule wl:1310,1311 "mz:$URL:/|$BODY_VAR_X:^formats|NAME";
BasicRule wl:1310,1311 "mz:$URL:/|$BODY_VAR:status";
BasicRule wl:1310,1311 "mz:$URL:/|$BODY_VAR:role";
BasicRule wl:1310,1311 "mz:$URL:/|$BODY_VAR:permission";
BasicRule wl:1310,1311 "mz:$URL:/|$BODY_VAR:type";
# update module
BasicRule wl:16 "mz:$URL:/|BODY";
# user mail
BasicRule wl:1007,1010,1011,1013,1015,1310,1311 "mz:$URL:/|$BODY_VAR_X:^user_mail";
# other stuff
BasicRule wl:1007 "mz:$URL:/|$BODY_VAR:form_build_id";
BasicRule wl:1007 "mz:$URL:/|$BODY_VAR:menu[parent]";
BasicRule wl:1007 "mz:$URL:/|$BODY_VAR:form_token";
BasicRule wl:1007 "mz:$URL:/|$BODY_VAR:additional_settings__active_tab";
BasicRule wl:1007 "mz:$URL:/|$BODY_VAR:date";
BasicRule wl:1302,1303 "mz:$URL:/|$BODY_VAR_X:^filters";
BasicRule wl:1010,1011 "mz:$URL:/|$BODY_VAR:actions_label";
BasicRule wl:1015 "mz:$URL:/|$BODY_VAR:date_format_long";
BasicRule wl:1009,1016 "mz:$URL:/|$ARGS_VAR:destination";
BasicRule wl:1016 "mz:$URL:/|$BODY_VAR_X:^palette";

7
containers/conf/angie/naxsi_rules/whitelists/etherpad-lite.rules Normal file
View file

@ -0,0 +1,7 @@
# Etherpad: Really real-time collaborative document editing http://etherpad.org
BasicRule wl:1001,1008,1010,1011,1013,1015,1101 "mz:$URL:/jserror|$BODY_VAR:errorinfo";
BasicRule wl:2 "mz:$URL_X:^/p/.*/import$|BODY";
BasicRule wl:1311 "mz:$URL_X:^/p/.*]$|URL";
BasicRule wl:1007 "mz:URL";
BasicRule wl:1315 "mz:$HEADERS_VAR:cookie";
BasicRule wl:11 "mz:$URL:/socket.io/|BODY";

10
containers/conf/angie/naxsi_rules/whitelists/iris.rules Normal file
View file

@ -0,0 +1,10 @@
# Web IRC client Iris for the atheme platform https://github.com/atheme-legacy/iris
### Allowed chars in the URI of WebChat Wizard "custom link" or "embed"
BasicRule wl:1000,1315 "mz:$HEADERS_VAR:cookie";
BasicRule wl:1015 "mz:$ARGS_VAR:channels";
BasicRule wl:1000,1002,1005,1007,1013,1200,1205,1310,1311,1314 "mz:$ARGS_VAR:nick";
BasicRule wl:1000,1005,1008,1013,1015,1200,1205 "mz:$URL:/|ARGS";
### Allowed chars in Chat and Private
BasicRule wl:0 "mz:$URL:/e/p|$BODY_VAR:c";
### Allowed chars in nick same as are allowed in IRCD
BasicRule wl:1000,1002,1005,1007,1205,1310,1311,1314 "mz:$URL:/e/n|$BODY_VAR:nick";

10
containers/conf/angie/naxsi_rules/whitelists/rutorrent.rules Normal file
View file

@ -0,0 +1,10 @@
BasicRule wl:1005,1010,1011,1315 "mz:$HEADERS_VAR:cookie";
BasicRule wl:1402 "mz:$HEADERS_VAR:content-type";
BasicRule wl:11 "mz:$URL:/rutorrent/php/setsettings.php|BODY";
BasicRule wl:11 "mz:$URL:/rutorrent/php/getsettings.php|BODY";
BasicRule wl:1000,1001,1015,1310,1311 "mz:$BODY_VAR:v";
BasicRule wl:1005,1008 "mz:$BODY_VAR:cookie";
BasicRule wl:1000,1100,1101,1315 "mz:$BODY_VAR:url";
BasicRule wl:1310,1311 "mz:$URL:/rutorrent/php/addtorrent.php|$ARGS_VAR:result[]|NAME";
BasicRule wl:1000,1100,1101 "mz:$ARGS_VAR:name[]";
BasicRule wl:1310,1311 "mz:$URL:/rutorrent/php/addtorrent.php|$ARGS_VAR:name[]|NAME";

7
containers/conf/angie/naxsi_rules/whitelists/whitelists/dokuwiki.rules Normal file
View file

@ -0,0 +1,7 @@
# DokuWiki rules
BasicRule wl:1015 "mz:$BODY_VAR:usergroups";
BasicRule wl:0 "mz:$BODY_VAR:wikitext";
BasicRule wl:0 "mz:$BODY_VAR:summary";
BasicRule wl:0 "mz:$BODY_VAR:prefix";
BasicRule wl:0 "mz:$BODY_VAR:suffix";

61
containers/conf/angie/naxsi_rules/whitelists/whitelists/drupal.rules Normal file
View file

@ -0,0 +1,61 @@
####################################
## Drupal whitelists ALPHA ##
####################################
# some url patterns
BasicRule wl:1000 "mz:$URL:/modules/update/update.css|URL";
BasicRule wl:1000 "mz:$URL:/misc/tableselect.js|URL";
BasicRule wl:1000 "mz:$URL:/modules/contextual/images/gear-select.png|URL|$HEADERS_VAR:cookie";
BasicRule wl:1000 "mz:$URL:/misc/ui/jquery.ui.sortable.min.js|URL|$HEADERS_VAR:cookie";
BasicRule wl:1000 "mz:$URL:/misc/tableheader.js|URL|$HEADERS_VAR:cookie";
BasicRule wl:1000 "mz:$URL:/misc/tabledrag.js|URL|$HEADERS_VAR:cookie";
# bad keywords in posts etc (update etc)
BasicRule wl:1000 "mz:$URL:/|$BODY_VAR:comment_confirm_delete|NAME";
BasicRule wl:1000 "mz:$URL:/|$ARGS_VAR:q";
BasicRule wl:1000 "mz:$URL:/|$BODY_VAR:form_id";
BasicRule wl:1000 "mz:$URL:/|$HEADERS_VAR:cookie";
BasicRule wl:1010 "mz:$URL:/|$ARGS_VAR:date";
# XSS because of [ and ] in POST variables
BasicRule wl:1310,1311 "mz:$URL:/|$BODY_VAR_X:^body|NAME";
BasicRule wl:1310,1311 "mz:$URL:/|$BODY_VAR_X:^menu|NAME";
BasicRule wl:1310,1311 "mz:$URL:/|$BODY_VAR_X:^path|NAME";
BasicRule wl:1310,1311 "mz:$URL:/|$BODY_VAR_X:^comment_body|NAME";
BasicRule wl:1310,1311 "mz:$URL:/|$BODY_VAR_X:^field_|NAME";
BasicRule wl:1310,1311 "mz:$URL:/|$BODY_VAR_X:^type|NAME";
BasicRule wl:1310,1311 "mz:$URL:/|$BODY_VAR_X:^modules|NAME";
BasicRule wl:1310,1311 "mz:$URL:/|$BODY_VAR_X:^blocks|NAME";
BasicRule wl:1310,1311 "mz:$URL:/|$BODY_VAR_X:^palette|NAME";
BasicRule wl:1310,1311 "mz:$URL:/|$BODY_VAR_X:^regions|NAME";
BasicRule wl:1310,1311 "mz:$URL:/|$BODY_VAR_X:^roles|NAME";
BasicRule wl:1310,1311 "mz:$URL:/|$BODY_VAR_X:^fields|NAME";
BasicRule wl:1310,1311 "mz:$URL:/|$ARGS_VAR_X:^destination|NAME";
BasicRule wl:1310,1311 "mz:$URL:/|$BODY_VAR_X:^filter|NAME";
BasicRule wl:1310,1311 "mz:$URL:/|$BODY_VAR_X:^search_active_modules|NAME";
BasicRule wl:1310,1311 "mz:$URL:/|$BODY_VAR_X:^shortcuts|NAME";
BasicRule wl:1310,1311 "mz:$URL:/|$BODY_VAR_X:^formats|NAME";
BasicRule wl:1310,1311 "mz:$URL:/|$BODY_VAR:status";
BasicRule wl:1310,1311 "mz:$URL:/|$BODY_VAR:role";
BasicRule wl:1310,1311 "mz:$URL:/|$BODY_VAR:permission";
BasicRule wl:1310,1311 "mz:$URL:/|$BODY_VAR:type";
# update module
BasicRule wl:16 "mz:$URL:/|BODY";
# user mail
BasicRule wl:1007,1010,1011,1013,1015,1310,1311 "mz:$URL:/|$BODY_VAR_X:^user_mail";
# other stuff
BasicRule wl:1007 "mz:$URL:/|$BODY_VAR:form_build_id";
BasicRule wl:1007 "mz:$URL:/|$BODY_VAR:menu[parent]";
BasicRule wl:1007 "mz:$URL:/|$BODY_VAR:form_token";
BasicRule wl:1007 "mz:$URL:/|$BODY_VAR:additional_settings__active_tab";
BasicRule wl:1007 "mz:$URL:/|$BODY_VAR:date";
BasicRule wl:1302,1303 "mz:$URL:/|$BODY_VAR_X:^filters";
BasicRule wl:1010,1011 "mz:$URL:/|$BODY_VAR:actions_label";
BasicRule wl:1015 "mz:$URL:/|$BODY_VAR:date_format_long";
BasicRule wl:1009,1016 "mz:$URL:/|$ARGS_VAR:destination";
BasicRule wl:1016 "mz:$URL:/|$BODY_VAR_X:^palette";

7
containers/conf/angie/naxsi_rules/whitelists/whitelists/etherpad-lite.rules Normal file
View file

@ -0,0 +1,7 @@
# Etherpad: Really real-time collaborative document editing http://etherpad.org
BasicRule wl:1001,1008,1010,1011,1013,1015,1101 "mz:$URL:/jserror|$BODY_VAR:errorinfo";
BasicRule wl:2 "mz:$URL_X:^/p/.*/import$|BODY";
BasicRule wl:1311 "mz:$URL_X:^/p/.*]$|URL";
BasicRule wl:1007 "mz:URL";
BasicRule wl:1315 "mz:$HEADERS_VAR:cookie";
BasicRule wl:11 "mz:$URL:/socket.io/|BODY";

5
containers/conf/angie/naxsi_rules/whitelists/whitelists/generic.rules Normal file
View file

@ -0,0 +1,5 @@
# whitelist robots.txt
BasicRule wl:20000003 "mz:$URL:/robots.txt|URL";
# whitelist /.well-known/security.txt
BasicRule wl:20000003,20000045 "mz:$URL:/.well-known/security.txt|URL";

10
containers/conf/angie/naxsi_rules/whitelists/whitelists/iris.rules Normal file
View file

@ -0,0 +1,10 @@
# Web IRC client Iris for the atheme platform https://github.com/atheme-legacy/iris
### Allowed chars in the URI of WebChat Wizard "custom link" or "embed"
BasicRule wl:1000,1315 "mz:$HEADERS_VAR:cookie";
BasicRule wl:1015 "mz:$ARGS_VAR:channels";
BasicRule wl:1000,1002,1005,1007,1013,1200,1205,1310,1311,1314 "mz:$ARGS_VAR:nick";
BasicRule wl:1000,1005,1008,1013,1015,1200,1205 "mz:$URL:/|ARGS";
### Allowed chars in Chat and Private
BasicRule wl:0 "mz:$URL:/e/p|$BODY_VAR:c";
### Allowed chars in nick same as are allowed in IRCD
BasicRule wl:1000,1002,1005,1007,1205,1310,1311,1314 "mz:$URL:/e/n|$BODY_VAR:nick";

124
containers/conf/angie/naxsi_rules/whitelists/whitelists/jellyfin.rules Normal file
View file

@ -0,0 +1,124 @@
# Jellyfin rules
# global
BasicRule wl:2,11 "mz:BODY";
BasicRule wl:17 "mz:$HEADERS_VAR:accept";
BasicRule wl:1000 "mz:URL";
BasicRule wl:1000,1002 "mz:$HEADERS_VAR:cookie";
# /Users.*
BasicRule wl:1000,1015 "mz:$ARGS_VAR_X:^Fields$|$URL_X:^/Users.*$";
BasicRule wl:1000,1015 "mz:$ARGS_VAR_X:^EnableImageTypes$|$URL_X:^/Users.*$";
BasicRule wl:1000 "mz:$BODY_VAR_X:^RememberAudioSelections$|NAME|$URL_X:^/Users/[0-9a-f-]*.*$";
BasicRule wl:1000 "mz:$BODY_VAR_X:^RememberSubtitleSelections$|NAME|$URL_X:^/Users/[0-9a-f-]*.*$";
BasicRule wl:1015 "mz:$ARGS_VAR_X:^SortBy$|$URL_X:^/Users.*$";
BasicRule wl:1015 "mz:$ARGS_VAR_X:^Ids$|$URL_X:^/Users.*$";
BasicRule wl:1015 "mz:$ARGS_VAR_X:^MediaTypes$|$URL_X:^/Users.*$";
BasicRule wl:1015 "mz:$ARGS_VAR_X:^SortOrder$|$URL_X:^/Users/[0-9a-f-]*/Items$";
BasicRule wl:1015 "mz:$ARGS_VAR_X:^IncludeItemTypes$|$URL_X:^/Users/[0-9a-f-]*/Items$";
# /Users/authenticatebyname
BasicRule wl:1010,1011,1012,1302 "mz:$BODY_VAR:Pw|$URL:/Users/authenticatebyname";
# /UserItems/Resume
BasicRule wl:1015 "mz:$ARGS_VAR:fields|$URL:/UserItems/Resume";
# /Shows.*
BasicRule wl:1000,1015 "mz:$ARGS_VAR_X:^Fields$|$URL_X:^/Shows/[0-9a-f-]*/Seasons$";
BasicRule wl:1000,1015 "mz:$ARGS_VAR_X:^Fields$|$URL_X:^/Shows/[0-9a-f-]*/Episodes$";
BasicRule wl:1000,1015 "mz:$ARGS_VAR_X:^EnableImageTypes$|$URL_X:^/Shows/NextUp.*$";
BasicRule wl:1000,1015 "mz:$ARGS_VAR_X:^Fields$|$URL_X:^/Shows/NextUp.*$";
BasicRule wl:1000 "mz:$ARGS_VAR_X:^NextUpDateCutoff$|$URL_X:^/Shows/NextUp.*$";
BasicRule wl:1015 "mz:$ARGS_VAR:StartIndex|$URL:/Shows/NextUp?";
# /DisplayPreferences
BasicRule wl:15,1000,1001,1015,1101,1205 "mz:BODY|$URL:/DisplayPreferences/usersettings";
BasicRule wl:1000 "mz:$BODY_VAR_X:^chromecastVersion$|$URL_X:^/DisplayPreferences/[0-9a-f-]*$";
BasicRule wl:1000 "mz:$BODY_VAR_X:^ShowBackdrop$|NAME|$URL_X:^/DisplayPreferences/[0-9a-f-]*$";
BasicRule wl:1101 "mz:BODY|NAME|$URL:/DisplayPreferences/usersettings";
# /Items.*
BasicRule wl:17 "mz:$HEADERS_VAR_X:^accept$|$URL_X:^/Items/[0-9a-f-]*/.*$";
BasicRule wl:1000 "mz:URL|$URL_X:^/Items/[0-9a-f-]*/.*$";
BasicRule wl:1000 "mz:$ARGS_VAR_X:^inheritFromParent$|NAME|$URL_X:^/Items/[0-9a-f-]*/ThemeMedia$";
BasicRule wl:1000,1015 "mz:$ARGS_VAR_X:^Fields$|$URL_X:^/Items.*$";
BasicRule wl:1005 "mz:$BODY_VAR_X:^Value$|$URL_X:^/Items/[0-9a-f-]*/PlaybackInfo$";
BasicRule wl:1013,1100 "mz:$ARGS_VAR:searchTerm|$URL:/Items";
BasicRule wl:1015 "mz:$BODY_VAR_X:^VideoCodec$|$URL_X:^/Items/[0-9a-f-]*/PlaybackInfo$";
BasicRule wl:1015 "mz:$BODY_VAR_X:^AudioCodec$|$URL_X:^/Items/[0-9a-f-]*/PlaybackInfo$";
BasicRule wl:1015 "mz:$BODY_VAR_X:^Container$|$URL_X:^/Items/[0-9a-f-]*/PlaybackInfo$";
BasicRule wl:1015 "mz:$ARGS_VAR:ExcludeLocationTypes|$URL:/Items?";
BasicRule wl:1015 "mz:$ARGS_VAR:Fields|$URL:/Items?";
BasicRule wl:1015 "mz:$ARGS_VAR:Filters|$URL:/Items?";
BasicRule wl:1015 "mz:$ARGS_VAR:ImageTypes|$URL:/Items?";
BasicRule wl:1015 "mz:$ARGS_VAR:IncludeItemTypes|$URL:/Items?";
BasicRule wl:1015 "mz:$ARGS_VAR:Recursive|$URL:/Items?";
BasicRule wl:1015 "mz:$ARGS_VAR:SortBy|$URL:/Items?";
BasicRule wl:1015 "mz:$ARGS_VAR:SortOrder|$URL:/Items?";
# /Shows/Upcoming
BasicRule wl:1000,1015 "mz:$ARGS_VAR:EnableImageTypes|$URL:/Shows/Upcoming";
# /Movies/Recommendations
BasicRule wl:1000,1015 "mz:$ARGS_VAR:Fields|$URL:/Movies/Recommendations";
BasicRule wl:1000,1015 "mz:$ARGS_VAR:EnableImageTypes|$URL:/Movies/Recommendations";
# /System/Configuration
BasicRule wl:1013,1015 "mz:$BODY_VAR:SortRemoveCharacters|$URL:/System/Configuration";
BasicRule wl:1000 "mz:$BODY_VAR:LibraryUpdateDuration|$URL:/System/Configuration";
BasicRule wl:1000 "mz:$BODY_VAR:Name|$URL:/System/Configuration";
BasicRule wl:1101 "mz:$BODY_VAR:Url|$URL:/System/Configuration";
BasicRule wl:50000006 "mz:$BODY_VAR:LibraryMonitorDelay|$URL:/System/Configuration";
BasicRule wl:50000006 "mz:$BODY_VAR:ThrottleDelaySeconds|NAME|$URL:/System/Configuration/encoding";
# /System/Configuration/branding
BasicRule wl:1000,1001,1002,1003,1004,1008,1009,1010,1011,1015,1016,1205 "mz:$BODY_VAR:CustomCss|$URL:/System/Configuration/branding";
BasicRule wl:1302 "mz:$BODY_VAR:LoginDisclaimer|$URL:/System/Configuration/branding";
# /Sessions
BasicRule wl:1000 "mz:$BODY_VAR:EventName|$URL:/Sessions/Playing/Progress";
BasicRule wl:1000 "mz:$BODY_VAR:SupportedCommands|$URL:/Sessions/Capabilities";
BasicRule wl:1000 "mz:$BODY_VAR:SupportedCommands|$URL:/Sessions/Capabilities/Full";
BasicRule wl:1015 "mz:$BODY_VAR:AudioCodec|$URL:/Sessions/Capabilities/Full";
BasicRule wl:1015 "mz:$BODY_VAR:VideoCodec|$URL:/Sessions/Capabilities/Full";
BasicRule wl:1200 "mz:$HEADERS_VAR:cookie|$URL:/Sessions/Logout";
# Branding
BasicRule wl:1015 "mz:$BODY_VAR:Splashscreen|$URL:/Branding/Splashscreen";
# /Library
BasicRule wl:1005,1008,1205 "mz:$BODY_VAR:CustomTagDelimiters|$URL:/Library/VirtualFolders/LibraryOptions";
# /Playlists
BasicRule wl:1000,1015 "mz:$ARGS_VAR_X:^EnableImageTypes$|$URL_X:^/Playlists/[0-9a-f-]*/Items$";
BasicRule wl:1015 "mz:$ARGS_VAR_X:^Fields$|$URL_X:^/Playlists/[0-9a-f-]*/Items$";
# /SyncPlay
BasicRule wl:1013 "mz:$BODY_VAR:GroupName|$URL:/SyncPlay/New";
# /Videos.*
BasicRule wl:12 "mz:ARGS|$URL_X:^/videos/.*$";
BasicRule wl:17 "mz:$HEADERS_VAR_X:^accept$|$URL_X:^/Videos/.*$";
BasicRule wl:1015 "mz:ARGS|$URL_X:^/videos/.*$";
# /LiveTv
BasicRule wl:1000,1015 "mz:$ARGS_VAR:EnableImageTypes|$URL:/LiveTv/Programs/Recommended";
BasicRule wl:1015 "mz:$ARGS_VAR:Fields|$URL:/LiveTv/Programs";
BasicRule wl:1015 "mz:$ARGS_VAR:Fields|$URL:/LiveTv/Programs/Recommended";
# Playback Reporting Plugin
# /user_usage_stats
BasicRule wl:1015 "mz:$ARGS_VAR:filter|$URL:/user_usage_stats/PlayActivity";
BasicRule wl:1015 "mz:$ARGS_VAR:filter|$URL:/user_usage_stats/HourlyReport";
BasicRule wl:1015 "mz:$ARGS_VAR:filter|$URL:/user_usage_stats/DurationHistogramReport";
# Artist
BasicRule wl:1000,1015 "mz:$ARGS_VAR:fields|$URL:/Artists";
BasicRule wl:1013,1100 "mz:$ARGS_VAR:searchTerm|$URL:/Artists";
BasicRule wl:1015 "mz:$ARGS_VAR:SortBy|$URL:/Artists";
# Persons
BasicRule wl:1000,1013 "mz:$ARGS_VAR:fields|$URL:/Persons";
BasicRule wl:1015 "mz:$ARGS_VAR:SortBy|$URL:/Persons";
BasicRule wl:1100 "mz:$ARGS_VAR:searchTerm|$URL:/Persons";

10
containers/conf/angie/naxsi_rules/whitelists/whitelists/rutorrent.rules Normal file
View file

@ -0,0 +1,10 @@
BasicRule wl:1005,1010,1011,1315 "mz:$HEADERS_VAR:cookie";
BasicRule wl:1402 "mz:$HEADERS_VAR:content-type";
BasicRule wl:11 "mz:$URL:/rutorrent/php/setsettings.php|BODY";
BasicRule wl:11 "mz:$URL:/rutorrent/php/getsettings.php|BODY";
BasicRule wl:1000,1001,1015,1310,1311 "mz:$BODY_VAR:v";
BasicRule wl:1005,1008 "mz:$BODY_VAR:cookie";
BasicRule wl:1000,1100,1101,1315 "mz:$BODY_VAR:url";
BasicRule wl:1310,1311 "mz:$URL:/rutorrent/php/addtorrent.php|$ARGS_VAR:result[]|NAME";
BasicRule wl:1000,1100,1101 "mz:$ARGS_VAR:name[]";
BasicRule wl:1310,1311 "mz:$URL:/rutorrent/php/addtorrent.php|$ARGS_VAR:name[]|NAME";

26
containers/conf/angie/naxsi_rules/whitelists/whitelists/wordpress-minimal.rules Normal file
View file

@ -0,0 +1,26 @@
######### #########
###### ######
### Because of wordpress.rules is full of wl rules even got double. ###
### Thats why I start from scratch so these rules are in BETA us on own risk. ###
### I us not that many plugins and those I use only after I checked there code. ###
###### ######
######### #########
### HEADERS
BasicRule wl:1001,1315 "mz:$HEADERS_VAR:cookie";
### Theme customize
BasicRule wl:1001,1015,1310,1311 "mz:$URL_X:^/.*$|$BODY_VAR_X:^customized$|BODY";
### Widget customize
BasicRule wl:1001,1015,1310,1311 "mz:$URL_X:^/.*$|$BODY_VAR_X:^partials$|BODY";
### oEmbed API
BasicRule wl:1000,1009,1101 "mz:$URL_X:^/.*wp-json/oembed/1.0/embed|$ARGS_VAR_X:^url$";
BasicRule wl:1009,1101 "mz:$URL_X:^/.*wp-json/oembed/1.0/embed|ARGS";
BasicRule wl:1009,1101 "mz:ARGS";
### Trackbacks
BasicRule wl:1005,1008,1010,1011,1015,1016,1100,1101,1400 "mz:$URL_X:^/.*trackback$/|BODY";
BasicRule wl:1005,1008,1010,1011,1015,1016,1100,1101,1400 "mz:BODY";
BasicRule wl:1008,1010,1011,1015,1016,1100,1101,1400 "mz:$URL_X:^/.*trackback$/|$BODY_VAR_X:^excerpt$";
BasicRule wl:1008,1010,1011,1015,1016,1100,1101,1400 "mz:$BODY_VAR:excerpt";
BasicRule wl:1101 "mz:$URL_X:^/.*trackback$/|$BODY_VAR_X:^url$";
BasicRule wl:1005 "mz:$URL_X:^/.*trackback$/|$BODY_VAR_X:^title$";
BasicRule wl:1101 "mz:$BODY_VAR:url";
BasicRule wl:1005 "mz:$BODY_VAR:title";

152
containers/conf/angie/naxsi_rules/whitelists/whitelists/wordpress.rules Normal file
View file

@ -0,0 +1,152 @@
# WordPress naxsi rules
### HEADERS
BasicRule wl:1000,1001,1005,1007,1010,1011,1013,1100,1101,1200,1308,1309,1310,1311,1315 "mz:$HEADERS_VAR:cookie";
# xmlrpc
BasicRule wl:1402 "mz:$HEADERS_VAR:content-type";
### simple BODY (POST)
BasicRule wl:1001,1009,1015,1016,1101,1310,1311 "mz:$URL:/|$BODY_VAR:customized";
# comments
BasicRule wl:1000,1010,1011,1013,1015,1200,1310,1311 "mz:$BODY_VAR:post_title";
BasicRule wl:1000 "mz:$BODY_VAR:original_publish";
BasicRule wl:1000 "mz:$BODY_VAR:save";
BasicRule wl:1008,1010,1011,1013,1015 "mz:$BODY_VAR:sk2_my_js_payload";
BasicRule wl:1001,1005,1009,1016,1100,1101,1310 "mz:$BODY_VAR:url";
BasicRule wl:1009,1100,1101 "mz:$BODY_VAR:referredby";
BasicRule wl:1009,1100,1101 "mz:$BODY_VAR:_wp_original_http_referer";
BasicRule wl:1000,1001,1005,1007,1008,1009,1010,1011,1013,1015,1016,1100,1101,1200,1302,1303,1310,1311,1315,1400 "mz:$BODY_VAR:comment";
BasicRule wl:1100,1101 "mz:$BODY_VAR:redirect_to";
BasicRule wl:1000,1009,1315 "mz:$BODY_VAR:_wp_http_referer";
BasicRule wl:1000 "mz:$BODY_VAR:action";
BasicRule wl:1001,1013 "mz:$BODY_VAR:blogname";
BasicRule wl:1013,1015 "mz:$BODY_VAR:blogdescription";
BasicRule wl:1015 "mz:$BODY_VAR:date_format_custom";
BasicRule wl:1015 "mz:$BODY_VAR:date_format";
BasicRule wl:1015 "mz:$BODY_VAR:tax_input%5bpost_tag%5d";
BasicRule wl:1015 "mz:$BODY_VAR:tax_input[post_tag]";
BasicRule wl:1100,1101 "mz:$BODY_VAR:siteurl";
BasicRule wl:1100,1101 "mz:$BODY_VAR:home";
BasicRule wl:1000,1015 "mz:$BODY_VAR:submit";
# news content matches pretty much everything
BasicRule wl:0 "mz:$BODY_VAR:content";
BasicRule wl:1000 "mz:$BODY_VAR:delete_option";
BasicRule wl:1000 "mz:$BODY_VAR:prowl-msg-message";
BasicRule wl:1100,1101 "mz:$BODY_VAR:_url";
BasicRule wl:1001,1009 "mz:$BODY_VAR:c2c_text_replace%5btext_to_replace%5d";
BasicRule wl:1200 "mz:$BODY_VAR:ppn_post_note";
BasicRule wl:1100,1101 "mz:$BODY_VAR:author";
BasicRule wl:1001,1015 "mz:$BODY_VAR:excerpt";
BasicRule wl:1015 "mz:$BODY_VAR:catslist";
BasicRule wl:1005,1008,1009,1010,1011,1015,1315 "mz:$BODY_VAR:cookie";
BasicRule wl:1101 "mz:$BODY_VAR:googleplus";
BasicRule wl:1007 "mz:$BODY_VAR:name";
BasicRule wl:1007 "mz:$BODY_VAR:action";
BasicRule wl:1100,1101 "mz:$BODY_VAR:attachment%5burl%5d";
BasicRule wl:1100,1101 "mz:$BODY_VAR:attachment_url";
BasicRule wl:1001,1009,1100,1101,1302,1303,1310,1311 "mz:$BODY_VAR:html";
BasicRule wl:1015 "mz:$BODY_VAR:title";
BasicRule wl:1001,1009,1015 "mz:$BODY_VAR:recaptcha_challenge_field";
BasicRule wl:1011 "mz:$BODY_VAR:pwd";
BasicRule wl:1000 "mz:$BODY_VAR:excerpt";
### BODY|NAME
BasicRule wl:1000 "mz:$BODY_VAR:delete_option|NAME";
BasicRule wl:1000 "mz:$BODY_VAR:from|NAME";
### Simple ARGS (GET)
# WP login screen
BasicRule wl:1100,1101 "mz:$ARGS_VAR:redirect_to";
BasicRule wl:1000,1009 "mz:$ARGS_VAR:_wp_http_referer";
BasicRule wl:1000 "mz:$ARGS_VAR:wp_http_referer";
BasicRule wl:1000 "mz:$ARGS_VAR:action";
BasicRule wl:1000 "mz:$ARGS_VAR:action2";
# load and load[] GET variable
BasicRule wl:1000,1015 "mz:$ARGS_VAR:load";
BasicRule wl:1000,1015 "mz:$ARGS_VAR:load[]";
BasicRule wl:1015 "mz:$ARGS_VAR:q";
BasicRule wl:1000,1015 "mz:$ARGS_VAR:load%5b%5d";
### URL
BasicRule wl:1000 "mz:URL|$URL:/wp-admin/update-core.php";
BasicRule wl:1000 "mz:URL|$URL:/wp-admin/update.php";
BasicRule wl:1000 "mz:$URL:/wp-includes/js/imgareaselect/imgareaselect.css|URL";
BasicRule wl:1002 "mz:$URL_X:/wp-content/uploads/[0-9]{4}/[0-9]{2}/[^/]+\.jpg$|URL";
# URL|ARGS
BasicRule wl:1015 "mz:$URL:/wp-admin/load-styles.php|$ARGS_VAR:dashicons,admin-bar,wp-admin,buttons,wp-auth-check";
BasicRule wl:1000 "mz:$URL:/wp-admin/about.php|$ARGS_VAR:updated";
BasicRule wl:1009 "mz:$URL:/wp-admin/customize.php|$ARGS_VAR:return";
# URL|BODY
BasicRule wl:1009,1100,1101 "mz:$URL:/wp-admin/post.php|$BODY_VAR:_wp_http_referer";
BasicRule wl:1016 "mz:$URL:/wp-admin/post.php|$BODY_VAR:metakeyselect";
BasicRule wl:11 "mz:$URL:/xmlrpc.php|BODY";
BasicRule wl:11,16 "mz:$URL:/wp-cron.php|BODY";
BasicRule wl:2 "mz:$URL:/wp-admin/async-upload.php|BODY";
# URL|BODY|NAME
BasicRule wl:1100,1101 "mz:$URL:/wp-admin/post.php|$BODY_VAR:_wp_original_http_referer|NAME";
BasicRule wl:1000 "mz:$URL:/wp-admin/post.php|$BODY_VAR:metakeyselect|NAME";
BasicRule wl:1000 "mz:$URL:/wp-admin/user-edit.php|$BODY_VAR:from|NAME";
BasicRule wl:1100,1101 "mz:$URL:/wp-admin/admin-ajax.php|$BODY_VAR:attachment%5burl%5d|NAME";
BasicRule wl:1100,1101 "mz:$URL:/wp-admin/post.php|$BODY_VAR:attachment_url|NAME";
BasicRule wl:1000 "mz:$URL:/wp-admin/plugins.php|$BODY_VAR:verify-delete|NAME";
BasicRule wl:1310,1311 "mz:$URL:/wp-admin/post.php|$BODY_VAR:post_category[]|NAME";
BasicRule wl:1311 "mz:$URL:/wp-admin/post.php|$BODY_VAR:post_category|NAME";
BasicRule wl:1310,1311 "mz:$URL:/wp-admin/post.php|$BODY_VAR:tax_input[post_tag]|NAME";
BasicRule wl:1310,1311 "mz:$URL:/wp-admin/post.php|$BODY_VAR:newtag[post_tag]|NAME";
BasicRule wl:1310,1311 "mz:$URL:/wp-admin/users.php|$BODY_VAR:users[]|NAME";
BasicRule wl:1000 "mz:$URL:/wp-admin/update-core.php|$BODY_VAR:Update%2BTranslations|NAME";
BasicRule wl:1000 "mz:$URL:/wp-admin/update-core.php|$BODY_VAR:Update%2BNow|NAME";
# URL|ARGS|NAME
BasicRule wl:1310,1311 "mz:$URL:/wp-admin/load-scripts.php|$ARGS_VAR:load[]|NAME";
BasicRule wl:1000 "mz:$URL:/wp-admin/users.php|$ARGS_VAR:delete_count|NAME";
BasicRule wl:1000 "mz:$URL:/wp-admin/users.php|$ARGS_VAR:update|NAME";
BasicRule wl:1310,1311 "mz:$URL:/wp-admin/customize.php|$ARGS_VAR:autofocus[control]|NAME";
# plain WP site
BasicRule wl:1000 "mz:URL|$URL:/wp-admin/update-core.php";
BasicRule wl:1000 "mz:URL|$URL:/wp-admin/update.php";
# URL|BODY
BasicRule wl:1009,1100,1101 "mz:$URL:/wp-admin/post.php|$BODY_VAR:_wp_http_referer";
BasicRule wl:1016 "mz:$URL:/wp-admin/post.php|$BODY_VAR:metakeyselect";
BasicRule wl:11 "mz:$URL:/xmlrpc.php|BODY";
BasicRule wl:11,16 "mz:$URL:/wp-cron.php|BODY";
# URL|BODY|NAME
BasicRule wl:1100,1101 "mz:$URL:/wp-admin/post.php|$BODY_VAR:_wp_original_http_referer|NAME";
BasicRule wl:1000 "mz:$URL:/wp-admin/post.php|$BODY_VAR:metakeyselect|NAME";
BasicRule wl:1000 "mz:$URL:/wp-admin/user-edit.php|$BODY_VAR:from|NAME";
BasicRule wl:1100,1101 "mz:$URL:/wp-admin/admin-ajax.php|$BODY_VAR:attachment%5burl%5d|NAME";
BasicRule wl:1310,1311 "mz:$URL:/wp-admin/admin-ajax.php|$BODY_VAR:data[wp-auth-check]|NAME";
BasicRule wl:1310,1311 "mz:$URL:/wp-admin/admin-ajax.php|$BODY_VAR:data[wp-check-locked-posts][]|NAME";
BasicRule wl:1310,1311 "mz:$URL:/wp-admin/admin-ajax.php|$BODY_VAR:data[wp-refresh-post-lock][post_id]|NAME";
BasicRule wl:1310,1311 "mz:$URL:/wp-admin/admin-ajax.php|$BODY_VAR:data[wp-refresh-post-lock][lock]|NAME";
BasicRule wl:1310,1311 "mz:$URL:/wp-admin/update-core.php|$BODY_VAR:checked[]|NAME";
# URL|ARGS|NAME
BasicRule wl:1310,1311 "mz:$URL:/wp-admin/load-scripts.php|$ARGS_VAR:load[]|NAME";
BasicRule wl:1000 "mz:$URL:/wp-admin/users.php|$ARGS_VAR:delete_count|NAME";
BasicRule wl:1000 "mz:$URL:/wp-admin/users.php|$ARGS_VAR:update|NAME";
### Plugins
#WP Minify
BasicRule wl:1015 "mz:$URL:/wp-content/plugins/bwp-minify/min/|$ARGS_VAR:f";
#Jetpack Infinite Scroll
BasicRule wl:1310,1311 "mz:$BODY_VAR:scripts[]|NAME";
BasicRule wl:1310,1311 "mz:$BODY_VAR:styles[]|NAME";
BasicRule wl:1310,1311 "mz:$BODY_VAR_X:^query_args\[.*\]|NAME";
BasicRule wl:1000 "mz:$BODY_VAR:query_args[update_post_term_cache]|NAME";
BasicRule wl:1000 "mz:$BODY_VAR:query_args[update_post_meta_cache]|NAME";
#UpdraftPlus
BasicRule wl:1000 "mz:$URL:/wp-content/plugins/updraftplus/includes/select2/select2.min.css|URL";
BasicRule wl:1000 "mz:$URL:/wp-content/plugins/updraftplus/includes/select2/select2.min.js|URL";
#WP plugin updates
BasicRule wl:1315 "mz:$ARGS_VAR:query|$URL:/wp-json/jetpack/v4/jitm";
#Jetpack Google Fonts
BasicRule wl:1001 "mz:$URL_X:^/wp-content/plugins/jetpack/css/.*|URL";
#WooCommerce
BasicRule wl:1000 "mz:$URL:/wp-content/plugins/woocommerce/assets/js/select2/select2.full.min.js|URL";
BasicRule wl:1000 "mz:$URL:/wp-content/plugins/woocommerce/assets/js/selectWoo/selectWoo.full.min.js|URL";
BasicRule wl:1000 "mz:$URL:/wp-content/plugins/woocommerce/assets/js/stupidtable/stupidtable.min.js|URL";
#WPML
BasicRule wl:1000 "mz:$URL:/wp-content/plugins/sitepress-multilingual-cms/lib/select2/select2.min.js|URL";
#Yoast SEO
BasicRule wl:1000 "mz:$URL:/wp-content/plugins/wordpress-seo/js/dist/select2/select2.full.min.js|URL";
BasicRule wl:1000 "mz:$URL:/wp-content/plugins/wordpress-seo/css/dist/select2/select2.min.css|URL";

8
containers/conf/angie/naxsi_rules/whitelists/whitelists/zerobin.rules Normal file
View file

@ -0,0 +1,8 @@
# Zerobin is here in directory /paste if diffrent change $URL:/paste/ below
BasicRule wl:1015 "mz:$URL:/paste/|$BODY_VAR:data";
BasicRule wl:1315 "mz:$URL:/paste/|$HEADERS_VAR:cookie";
BasicRule wl:1001 "mz:$URL:/paste/|$BODY_VAR:data";
BasicRule wl:1009 "mz:$URL:/paste/|$BODY_VAR:data";
BasicRule wl:1009 "mz:$URL:/paste/|$BODY_VAR:nickname";
BasicRule wl:1001 "mz:$URL:/paste/|$BODY_VAR:nickname";
BasicRule wl:1015 "mz:$URL:/paste/|$BODY_VAR:nickname";

26
containers/conf/angie/naxsi_rules/whitelists/wordpress-minimal.rules Normal file
View file

@ -0,0 +1,26 @@
######### #########
###### ######
### Because of wordpress.rules is full of wl rules even got double. ###
### Thats why I start from scratch so these rules are in BETA us on own risk. ###
### I us not that many plugins and those I use only after I checked there code. ###
###### ######
######### #########
### HEADERS
BasicRule wl:1001,1315 "mz:$HEADERS_VAR:cookie";
### Theme customize
BasicRule wl:1001,1015,1310,1311 "mz:$URL_X:^/.*$|$BODY_VAR_X:^customized$|BODY";
### Widget customize
BasicRule wl:1001,1015,1310,1311 "mz:$URL_X:^/.*$|$BODY_VAR_X:^partials$|BODY";
### oEmbed API
BasicRule wl:1000,1009,1101 "mz:$URL_X:^/.*wp-json/oembed/1.0/embed|$ARGS_VAR_X:^url$";
BasicRule wl:1009,1101 "mz:$URL_X:^/.*wp-json/oembed/1.0/embed|ARGS";
BasicRule wl:1009,1101 "mz:ARGS";
### Trackbacks
BasicRule wl:1005,1008,1010,1011,1015,1016,1100,1101,1400 "mz:$URL_X:^/.*trackback$/|BODY";
BasicRule wl:1005,1008,1010,1011,1015,1016,1100,1101,1400 "mz:BODY";
BasicRule wl:1008,1010,1011,1015,1016,1100,1101,1400 "mz:$URL_X:^/.*trackback$/|$BODY_VAR_X:^excerpt$";
BasicRule wl:1008,1010,1011,1015,1016,1100,1101,1400 "mz:$BODY_VAR:excerpt";
BasicRule wl:1101 "mz:$URL_X:^/.*trackback$/|$BODY_VAR_X:^url$";
BasicRule wl:1005 "mz:$URL_X:^/.*trackback$/|$BODY_VAR_X:^title$";
BasicRule wl:1101 "mz:$BODY_VAR:url";
BasicRule wl:1005 "mz:$BODY_VAR:title";

152
containers/conf/angie/naxsi_rules/whitelists/wordpress.rules Normal file
View file

@ -0,0 +1,152 @@
# WordPress naxsi rules
### HEADERS
BasicRule wl:1000,1001,1005,1007,1010,1011,1013,1100,1101,1200,1308,1309,1310,1311,1315 "mz:$HEADERS_VAR:cookie";
# xmlrpc
BasicRule wl:1402 "mz:$HEADERS_VAR:content-type";
### simple BODY (POST)
BasicRule wl:1001,1009,1015,1016,1101,1310,1311 "mz:$URL:/|$BODY_VAR:customized";
# comments
BasicRule wl:1000,1010,1011,1013,1015,1200,1310,1311 "mz:$BODY_VAR:post_title";
BasicRule wl:1000 "mz:$BODY_VAR:original_publish";
BasicRule wl:1000 "mz:$BODY_VAR:save";
BasicRule wl:1008,1010,1011,1013,1015 "mz:$BODY_VAR:sk2_my_js_payload";
BasicRule wl:1001,1005,1009,1016,1100,1101,1310 "mz:$BODY_VAR:url";
BasicRule wl:1009,1100,1101 "mz:$BODY_VAR:referredby";
BasicRule wl:1009,1100,1101 "mz:$BODY_VAR:_wp_original_http_referer";
BasicRule wl:1000,1001,1005,1007,1008,1009,1010,1011,1013,1015,1016,1100,1101,1200,1302,1303,1310,1311,1315,1400 "mz:$BODY_VAR:comment";
BasicRule wl:1100,1101 "mz:$BODY_VAR:redirect_to";
BasicRule wl:1000,1009,1315 "mz:$BODY_VAR:_wp_http_referer";
BasicRule wl:1000 "mz:$BODY_VAR:action";
BasicRule wl:1001,1013 "mz:$BODY_VAR:blogname";
BasicRule wl:1013,1015 "mz:$BODY_VAR:blogdescription";
BasicRule wl:1015 "mz:$BODY_VAR:date_format_custom";
BasicRule wl:1015 "mz:$BODY_VAR:date_format";
BasicRule wl:1015 "mz:$BODY_VAR:tax_input%5bpost_tag%5d";
BasicRule wl:1015 "mz:$BODY_VAR:tax_input[post_tag]";
BasicRule wl:1100,1101 "mz:$BODY_VAR:siteurl";
BasicRule wl:1100,1101 "mz:$BODY_VAR:home";
BasicRule wl:1000,1015 "mz:$BODY_VAR:submit";
# news content matches pretty much everything
BasicRule wl:0 "mz:$BODY_VAR:content";
BasicRule wl:1000 "mz:$BODY_VAR:delete_option";
BasicRule wl:1000 "mz:$BODY_VAR:prowl-msg-message";
BasicRule wl:1100,1101 "mz:$BODY_VAR:_url";
BasicRule wl:1001,1009 "mz:$BODY_VAR:c2c_text_replace%5btext_to_replace%5d";
BasicRule wl:1200 "mz:$BODY_VAR:ppn_post_note";
BasicRule wl:1100,1101 "mz:$BODY_VAR:author";
BasicRule wl:1001,1015 "mz:$BODY_VAR:excerpt";
BasicRule wl:1015 "mz:$BODY_VAR:catslist";
BasicRule wl:1005,1008,1009,1010,1011,1015,1315 "mz:$BODY_VAR:cookie";
BasicRule wl:1101 "mz:$BODY_VAR:googleplus";
BasicRule wl:1007 "mz:$BODY_VAR:name";
BasicRule wl:1007 "mz:$BODY_VAR:action";
BasicRule wl:1100,1101 "mz:$BODY_VAR:attachment%5burl%5d";
BasicRule wl:1100,1101 "mz:$BODY_VAR:attachment_url";
BasicRule wl:1001,1009,1100,1101,1302,1303,1310,1311 "mz:$BODY_VAR:html";
BasicRule wl:1015 "mz:$BODY_VAR:title";
BasicRule wl:1001,1009,1015 "mz:$BODY_VAR:recaptcha_challenge_field";
BasicRule wl:1011 "mz:$BODY_VAR:pwd";
BasicRule wl:1000 "mz:$BODY_VAR:excerpt";
### BODY|NAME
BasicRule wl:1000 "mz:$BODY_VAR:delete_option|NAME";
BasicRule wl:1000 "mz:$BODY_VAR:from|NAME";
### Simple ARGS (GET)
# WP login screen
BasicRule wl:1100,1101 "mz:$ARGS_VAR:redirect_to";
BasicRule wl:1000,1009 "mz:$ARGS_VAR:_wp_http_referer";
BasicRule wl:1000 "mz:$ARGS_VAR:wp_http_referer";
BasicRule wl:1000 "mz:$ARGS_VAR:action";
BasicRule wl:1000 "mz:$ARGS_VAR:action2";
# load and load[] GET variable
BasicRule wl:1000,1015 "mz:$ARGS_VAR:load";
BasicRule wl:1000,1015 "mz:$ARGS_VAR:load[]";
BasicRule wl:1015 "mz:$ARGS_VAR:q";
BasicRule wl:1000,1015 "mz:$ARGS_VAR:load%5b%5d";
### URL
BasicRule wl:1000 "mz:URL|$URL:/wp-admin/update-core.php";
BasicRule wl:1000 "mz:URL|$URL:/wp-admin/update.php";
BasicRule wl:1000 "mz:$URL:/wp-includes/js/imgareaselect/imgareaselect.css|URL";
BasicRule wl:1002 "mz:$URL_X:/wp-content/uploads/[0-9]{4}/[0-9]{2}/[^/]+\.jpg$|URL";
# URL|ARGS
BasicRule wl:1015 "mz:$URL:/wp-admin/load-styles.php|$ARGS_VAR:dashicons,admin-bar,wp-admin,buttons,wp-auth-check";
BasicRule wl:1000 "mz:$URL:/wp-admin/about.php|$ARGS_VAR:updated";
BasicRule wl:1009 "mz:$URL:/wp-admin/customize.php|$ARGS_VAR:return";
# URL|BODY
BasicRule wl:1009,1100,1101 "mz:$URL:/wp-admin/post.php|$BODY_VAR:_wp_http_referer";
BasicRule wl:1016 "mz:$URL:/wp-admin/post.php|$BODY_VAR:metakeyselect";
BasicRule wl:11 "mz:$URL:/xmlrpc.php|BODY";
BasicRule wl:11,16 "mz:$URL:/wp-cron.php|BODY";
BasicRule wl:2 "mz:$URL:/wp-admin/async-upload.php|BODY";
# URL|BODY|NAME
BasicRule wl:1100,1101 "mz:$URL:/wp-admin/post.php|$BODY_VAR:_wp_original_http_referer|NAME";
BasicRule wl:1000 "mz:$URL:/wp-admin/post.php|$BODY_VAR:metakeyselect|NAME";
BasicRule wl:1000 "mz:$URL:/wp-admin/user-edit.php|$BODY_VAR:from|NAME";
BasicRule wl:1100,1101 "mz:$URL:/wp-admin/admin-ajax.php|$BODY_VAR:attachment%5burl%5d|NAME";
BasicRule wl:1100,1101 "mz:$URL:/wp-admin/post.php|$BODY_VAR:attachment_url|NAME";
BasicRule wl:1000 "mz:$URL:/wp-admin/plugins.php|$BODY_VAR:verify-delete|NAME";
BasicRule wl:1310,1311 "mz:$URL:/wp-admin/post.php|$BODY_VAR:post_category[]|NAME";
BasicRule wl:1311 "mz:$URL:/wp-admin/post.php|$BODY_VAR:post_category|NAME";
BasicRule wl:1310,1311 "mz:$URL:/wp-admin/post.php|$BODY_VAR:tax_input[post_tag]|NAME";
BasicRule wl:1310,1311 "mz:$URL:/wp-admin/post.php|$BODY_VAR:newtag[post_tag]|NAME";
BasicRule wl:1310,1311 "mz:$URL:/wp-admin/users.php|$BODY_VAR:users[]|NAME";
BasicRule wl:1000 "mz:$URL:/wp-admin/update-core.php|$BODY_VAR:Update%2BTranslations|NAME";
BasicRule wl:1000 "mz:$URL:/wp-admin/update-core.php|$BODY_VAR:Update%2BNow|NAME";
# URL|ARGS|NAME
BasicRule wl:1310,1311 "mz:$URL:/wp-admin/load-scripts.php|$ARGS_VAR:load[]|NAME";
BasicRule wl:1000 "mz:$URL:/wp-admin/users.php|$ARGS_VAR:delete_count|NAME";
BasicRule wl:1000 "mz:$URL:/wp-admin/users.php|$ARGS_VAR:update|NAME";
BasicRule wl:1310,1311 "mz:$URL:/wp-admin/customize.php|$ARGS_VAR:autofocus[control]|NAME";
# plain WP site
BasicRule wl:1000 "mz:URL|$URL:/wp-admin/update-core.php";
BasicRule wl:1000 "mz:URL|$URL:/wp-admin/update.php";
# URL|BODY
BasicRule wl:1009,1100,1101 "mz:$URL:/wp-admin/post.php|$BODY_VAR:_wp_http_referer";
BasicRule wl:1016 "mz:$URL:/wp-admin/post.php|$BODY_VAR:metakeyselect";
BasicRule wl:11 "mz:$URL:/xmlrpc.php|BODY";
BasicRule wl:11,16 "mz:$URL:/wp-cron.php|BODY";
# URL|BODY|NAME
BasicRule wl:1100,1101 "mz:$URL:/wp-admin/post.php|$BODY_VAR:_wp_original_http_referer|NAME";
BasicRule wl:1000 "mz:$URL:/wp-admin/post.php|$BODY_VAR:metakeyselect|NAME";
BasicRule wl:1000 "mz:$URL:/wp-admin/user-edit.php|$BODY_VAR:from|NAME";
BasicRule wl:1100,1101 "mz:$URL:/wp-admin/admin-ajax.php|$BODY_VAR:attachment%5burl%5d|NAME";
BasicRule wl:1310,1311 "mz:$URL:/wp-admin/admin-ajax.php|$BODY_VAR:data[wp-auth-check]|NAME";
BasicRule wl:1310,1311 "mz:$URL:/wp-admin/admin-ajax.php|$BODY_VAR:data[wp-check-locked-posts][]|NAME";
BasicRule wl:1310,1311 "mz:$URL:/wp-admin/admin-ajax.php|$BODY_VAR:data[wp-refresh-post-lock][post_id]|NAME";
BasicRule wl:1310,1311 "mz:$URL:/wp-admin/admin-ajax.php|$BODY_VAR:data[wp-refresh-post-lock][lock]|NAME";
BasicRule wl:1310,1311 "mz:$URL:/wp-admin/update-core.php|$BODY_VAR:checked[]|NAME";
# URL|ARGS|NAME
BasicRule wl:1310,1311 "mz:$URL:/wp-admin/load-scripts.php|$ARGS_VAR:load[]|NAME";
BasicRule wl:1000 "mz:$URL:/wp-admin/users.php|$ARGS_VAR:delete_count|NAME";
BasicRule wl:1000 "mz:$URL:/wp-admin/users.php|$ARGS_VAR:update|NAME";
### Plugins
#WP Minify
BasicRule wl:1015 "mz:$URL:/wp-content/plugins/bwp-minify/min/|$ARGS_VAR:f";
#Jetpack Infinite Scroll
BasicRule wl:1310,1311 "mz:$BODY_VAR:scripts[]|NAME";
BasicRule wl:1310,1311 "mz:$BODY_VAR:styles[]|NAME";
BasicRule wl:1310,1311 "mz:$BODY_VAR_X:^query_args\[.*\]|NAME";
BasicRule wl:1000 "mz:$BODY_VAR:query_args[update_post_term_cache]|NAME";
BasicRule wl:1000 "mz:$BODY_VAR:query_args[update_post_meta_cache]|NAME";
#UpdraftPlus
BasicRule wl:1000 "mz:$URL:/wp-content/plugins/updraftplus/includes/select2/select2.min.css|URL";
BasicRule wl:1000 "mz:$URL:/wp-content/plugins/updraftplus/includes/select2/select2.min.js|URL";
#WP plugin updates
BasicRule wl:1315 "mz:$ARGS_VAR:query|$URL:/wp-json/jetpack/v4/jitm";
#Jetpack Google Fonts
BasicRule wl:1001 "mz:$URL_X:^/wp-content/plugins/jetpack/css/.*|URL";
#WooCommerce
BasicRule wl:1000 "mz:$URL:/wp-content/plugins/woocommerce/assets/js/select2/select2.full.min.js|URL";
BasicRule wl:1000 "mz:$URL:/wp-content/plugins/woocommerce/assets/js/selectWoo/selectWoo.full.min.js|URL";
BasicRule wl:1000 "mz:$URL:/wp-content/plugins/woocommerce/assets/js/stupidtable/stupidtable.min.js|URL";
#WPML
BasicRule wl:1000 "mz:$URL:/wp-content/plugins/sitepress-multilingual-cms/lib/select2/select2.min.js|URL";
#Yoast SEO
BasicRule wl:1000 "mz:$URL:/wp-content/plugins/wordpress-seo/js/dist/select2/select2.full.min.js|URL";
BasicRule wl:1000 "mz:$URL:/wp-content/plugins/wordpress-seo/css/dist/select2/select2.min.css|URL";

8
containers/conf/angie/naxsi_rules/whitelists/zerobin.rules Normal file
View file

@ -0,0 +1,8 @@
# Zerobin is here in directory /paste if diffrent change $URL:/paste/ below
BasicRule wl:1015 "mz:$URL:/paste/|$BODY_VAR:data";
BasicRule wl:1315 "mz:$URL:/paste/|$HEADERS_VAR:cookie";
BasicRule wl:1001 "mz:$URL:/paste/|$BODY_VAR:data";
BasicRule wl:1009 "mz:$URL:/paste/|$BODY_VAR:data";
BasicRule wl:1009 "mz:$URL:/paste/|$BODY_VAR:nickname";
BasicRule wl:1001 "mz:$URL:/paste/|$BODY_VAR:nickname";
BasicRule wl:1015 "mz:$URL:/paste/|$BODY_VAR:nickname";

20
containers/conf/angie/sites-available/default Normal file
View file

@ -0,0 +1,20 @@
server {
listen 80 default_server backlog=2048 reuseport fastopen=256;
listen [::]:80 default_server backlog=2048 reuseport fastopen=256;
# redirect all http traffic to https
#return 301 https://$host$request_uri;
# Reject everything on your default IP
location / { return 444; }
}
server {
listen 443 ssl reuseport fastopen=256 backlog=2048;
listen [::]:443 ssl reuseport fastopen=256 backlog=2048;
# Reject everything on your default IP
location / { return 444; }
ssl_reject_handshake on;
}

91
containers/conf/angie/sites-available/example Normal file
View file

@ -0,0 +1,91 @@
##
# You should look at the following URL's in order to grasp a solid understanding
# of angie configuration files in order to fully unleash the power of angie.
# https://www.angie.com/resources/wiki/start/
# https://www.angie.com/resources/wiki/start/topics/tutorials/config_pitfalls/
# https://wiki.debian.org/angie/DirectoryStructure
#
# In most cases, administrators will remove this file from sites-enabled/ and
# leave it as reference inside of sites-available where it will continue to be
# updated by the angie packaging team.
#
# This file will automatically load configuration files provided by other
# applications, such as Drupal or Wordpress. These applications will be made
# available underneath a path with that package name, such as /drupal8.
#
# Please see /usr/share/doc/angie-doc/examples/ for more detailed examples.
##
# Default server configuration
#
server {
listen 80 default_server;
listen [::]:80 default_server;
# SSL configuration
#
# listen 443 ssl default_server;
# listen [::]:443 ssl default_server;
#
# Note: You should disable gzip for SSL traffic.
# See: https://bugs.debian.org/773332
#
# Read up on ssl_ciphers to ensure a secure configuration.
# See: https://bugs.debian.org/765782
#
# Self signed certs generated by the ssl-cert package
# Don't use them in a production server!
#
# include snippets/snakeoil.conf;
root /var/www/html;
# Add index.php to the list if you are using PHP
index index.html index.htm index.angie-debian.html;
server_name _;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
# pass PHP scripts to FastCGI server
#
#location ~ \.php$ {
# include snippets/fastcgi-php.conf;
#
# # With php-fpm (or other unix sockets):
# fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
# # With php-cgi (or other tcp sockets):
# fastcgi_pass 127.0.0.1:9000;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with angie's one
#
#location ~ /\.ht {
# deny all;
#}
}
# Virtual Host configuration for example.com
#
# You can move that to a different file under sites-available/ and symlink that
# to sites-enabled/ to enable it.
#
#server {
# listen 80;
# listen [::]:80;
#
# server_name example.com;
#
# root /var/www/example.com;
# index index.html;
#
# location / {
# try_files $uri $uri/ =404;
# }
#}

32
containers/conf/php.ini
View file

@ -1,14 +1,18 @@
allow_url_fopen = 0 allow_url_fopen=Off
allow_url_include = 0 allow_url_include=Off
cgi.fix_pathinfo = 0 cgi.fix_pathinfo=Off
display_errors = 0 display_errors=On
display_startup_errors = 0 display_startup_errors=On
expose_php = 0 expose_php=Off
file_uploads = On file_uploads=On
max_execution_time = 600 html_errors=On
max_input_time = 600 error_prepend_string="<pre style='white-space: preserve'>"
max_input_vars = 2000 error_append_string="</pre>"
memory_limit = 1024M max_execution_time=600
post_max_size = 32M max_input_time=600
register_globals = Off max_input_vars=2000
upload_max_filesize = 32M memory_limit=1024M
open_basedir="/"
post_max_size=32M
register_globals=Off
upload_max_filesize=32M

64
cspell.json
View file

@ -1,48 +1,52 @@
{ {
"dictionaries": ["fr-fr", "en-gb"], "dictionaries": [
"en-gb",
"fr-fr"
],
"userWords": [ "userWords": [
"lightningcss", "codesniffer",
"curryfication",
"eilandert",
"ERRMODE",
"gcch",
"giftcard",
"haikuatelier", "haikuatelier",
"healthcheck", "healthcheck",
"traefik",
"innodb", "innodb",
"jaegertracing", "jaegertracing",
"eilandert",
"valkey",
"somaxconn",
"woocommerce",
"Squiz",
"twentytwentyfour",
"symfony",
"phpstan",
"codesniffer",
"muplugin",
"wpautop",
"ERRMODE",
"laravel", "laravel",
"multishipping", "lightningcss",
"multiformats", "multiformats",
"curryfication", "multishipping",
"giftcard", "muplugin",
"phpactor",
"phpstan",
"somaxconn",
"Squiz",
"symfony",
"taplo", "taplo",
"phpactor" "traefik",
"twentytwentyfour",
"valkey",
"woocommerce",
"wpautop"
], ],
"words": [ "words": [
"GLITCHTIP", "classlike",
"Vali", "Crell",
"Eles",
"fdir", "fdir",
"friendsofphp",
"GLITCHTIP",
"htmlburger",
"logtape",
"mobily", "mobily",
"oxlint", "oxlint",
"valibot",
"zstandard",
"Eles",
"logtape",
"wpackagist",
"phpdotenv", "phpdotenv",
"friendsofphp", "Vali",
"htmlburger", "valibot",
"Crell", "wpackagist",
"wpdb", "wpdb",
"classlike" "zstandard"
] ]
} }

4
docs/JOURNAL.md
View file

@ -1,5 +1,9 @@
# Journal de développement # Journal de développement
## 2026-01-09
- Faire un modèle _Twig_ pour l'injection de données _JSON_ dans le _HTML_ d'une page.
## 2025-06-13 ## 2025-06-13
### Informations produit sous forme de grille ### Informations produit sous forme de grille

6
docs/TESTS.md Normal file
View file

@ -0,0 +1,6 @@
- Produits
- Aller sur tous les Produits
- La page doit correctement se charger
- Il est possible d'ajouter chaque variation au Panier
- Il n'est pas possible d'ajouter un Produit sans stock au Panier
- Le backend renvoie une erreur quand une demande d'ajout au Panier pour un Produit sans stock est malgré tout effectuée

6
docs/TODO.md
View file

@ -1,3 +1,9 @@
## 2026-02-19
- Créer un _timer_ et _service_ `systemd` adossés à un script réalisant un export de la BDD de production du site Haiku toutes les semaines dans le dossier `db` du répertoire.
---
- PAGE PANIER - PAGE PANIER
- [-] Bouton « Réinitialiser » pour les Articles - [-] Bouton « Réinitialiser » pour les Articles
- [-] Bouton « Réinitialiser » pour les Adresses - [-] Bouton « Réinitialiser » pour les Adresses

11
docs/lol/cute.ts
View file

@ -1,12 +1,5 @@
const etapes = [ const etapes = ["┌(・ω・)┘", "└(・ω・)┐", "┌(;・ω・)┘", "└(;・ω・)┐", "┌(;・ω・;)┘", "└(;・ω・;)┐"];
"┌(・ω・)┘", const assigneTexte = (texte: string): void => (ELEMENTS.BOUTON_CODE_PROMO.textContent = texte);
"└(・ω・)┐",
"┌(;・ω・)┘",
"└(;・ω・)┐",
"┌(;・ω・;)┘",
"└(;・ω・;)┐",
];
const assigneTexte = (texte: string): void => ELEMENTS.BOUTON_CODE_PROMO.textContent = texte;
let index = 0; let index = 0;
const z = {}; const z = {};
const callback = () => { const callback = () => {

122
dprint.json
View file

@ -1,122 +0,0 @@
{
"excludes": [
"**/node_modules",
"**/pnpm-lock.yaml",
"./lib/",
"web/app/languages",
"web/app/plugins",
"web/app/themes/haiku-atelier-2024/assets",
"web/vendor"
],
"exec": {
"cacheKey": "1",
"commands": [
{ "command": "prettier --ignore-unknown --write --stdin-filepath {{file_path}}", "exts": ["xml"] },
{ "command": "just --dump", "fileNames": ["justfile"], "stdin": true }
],
"cwd": "${originConfigDir}",
"indentWidth": 2,
"lineWidth": 120,
"timeout": 30,
"useTabs": false
},
"indentWidth": 2,
"json": {
"commentLine.forceSpaceAfterSlashes": true,
"indentWidth": 2,
"jsonTrailingCommaFiles": [".swcrc", "biome.jsonc", "settings.json", "tsconfig.json"],
"lineWidth": 120,
"newLineKind": "lf",
"preferSingleLine": true,
"trailingCommas": "never",
"useTabs": false
},
"lineWidth": 120,
"malva": {
"alignComments": true,
"attrValueQuotes": "always",
"blockSelectorLinebreak": "wrap",
"declarationOrder": null,
"formatComments": true,
"hexCase": "lower",
"hexColorLength": "short",
"indentWidth": 2,
"keyframeSelectorNotation": "keyword",
"lineBreak": "lf",
"linebreakInPseudoParens": true,
"omitNumberLeadingZero": false,
"operatorLinebreak": "before",
"preferSingleLine": true,
"printWidth": 100,
"quotes": "alwaysDouble",
"singleLineBlockThreshold": null,
"singleLineTopLevelDeclarations": false,
"trailingComma": false,
"useTabs": false
},
"markup": {
"closingBracketSameLine": false,
"closingTagLineBreakForEmpty": "never",
"component.selfClosing": false,
"doctypeKeywordCase": "lower",
"formatComments": true,
"html.normal.selfClosing": false,
"html.void.selfClosing": false,
"indentWidth": 2,
"lineBreak": "lf",
"maxAttrsPerLine": 1,
"printWidth": 120,
"quotes": "double",
"scriptFormatter": "dprint",
"scriptIndent": true,
"styleIndent": true,
"svg.selfClosing": true,
"useTabs": false,
"whitespaceSensitivity": "strict"
},
"newLineKind": "lf",
"plugins": [
"https://plugins.dprint.dev/typescript-0.95.13.wasm",
"https://plugins.dprint.dev/json-0.21.0.wasm",
"https://plugins.dprint.dev/markdown-0.20.0.wasm",
"https://plugins.dprint.dev/toml-0.7.0.wasm",
"https://plugins.dprint.dev/g-plane/malva-v0.15.1.wasm",
"https://plugins.dprint.dev/g-plane/markup_fmt-v0.25.3.wasm",
"https://plugins.dprint.dev/g-plane/pretty_yaml-v0.5.1.wasm",
"https://plugins.dprint.dev/exec-0.6.0.json@a054130d458f124f9b5c91484833828950723a5af3f8ff2bd1523bd47b83b364"
],
"toml": {
"cargo.applyConventions": true,
"comment.forceLeadingSpace": true,
"indentWidth": 2,
"lineWidth": 120,
"newLineKind": "lf",
"useTabs": false
},
"typescript": {
"arrowFunction.useParentheses": "preferNone",
"conditionalExpression.operatorPosition": "nextLine",
"conditionalExpression.preferSingleLine": true,
"exportDeclaration.sortNamedExports": "maintain",
"importDeclaration.sortNamedImports": "maintain",
"module.sortExportDeclarations": "maintain",
"module.sortImportDeclarations": "maintain",
"quoteProps": "asNeeded",
"trailingCommas": "onlyMultiLine",
"useBraces": "whenNotSingleLine"
},
"yaml": {
"braceSpacing": true,
"bracketSpacing": false,
"formatComments": true,
"indentBlockSequenceInMap": true,
"indentWidth": 2,
"lineBreak": "lf",
"preferSingleLine": false,
"printWidth": 120,
"quotes": "preferDouble",
"trailingComma": true,
"trimTrailingWhitespaces": true,
"trimTrailingZero": false
}
}

61
eslint.config.js
View file

@ -1,61 +0,0 @@
import js from "@eslint/js";
import oxlint from "eslint-plugin-oxlint";
import perfectionist from "eslint-plugin-perfectionist";
import globals from "globals";
import tseslint from "typescript-eslint";
export default tseslint.config(
js.configs.recommended,
perfectionist.configs["recommended-natural"],
...tseslint.configs.strictTypeChecked,
...tseslint.configs.stylisticTypeChecked,
oxlint.configs["flat/recommended"],
{
files: ["*.js", "web/app/themes/haiku-atelier-2024/src/**/*.ts"],
languageOptions: {
ecmaVersion: "latest",
globals: {
...globals.browser,
...globals.es2020,
},
parserOptions: {
projectService: true,
tsconfigRootDir: import.meta.dirname,
},
},
rules: {
/* Utilise Array<T> plutôt que T[]. */
"@typescript-eslint/array-type": [
"error",
{
default: "generic",
readonly: "generic",
},
],
/* L'usage d'interfaces ou de types doit être à la discrétion du développeur. */
"@typescript-eslint/consistent-type-definitions": "off",
/* Désactive cette règle pour les fonctions fléchées pour rendre le code moins verbeux. */
"@typescript-eslint/no-confusing-void-expression": [
"error",
{
ignoreArrowShorthand: true,
ignoreVoidOperator: false,
},
],
/* Chiant avec certaines Promises. */
"@typescript-eslint/no-misused-promises": "off",
/* Cette règle empêche l'usage de génériques précisant les types de retour de fonctions. */
"@typescript-eslint/no-unnecessary-type-parameters": "off",
// Pour utiliser LogTape.
"@typescript-eslint/no-unused-expressions": "off",
/* Cette règle est doublon avec les règles noUnused* de TypeScript. */
"@typescript-eslint/no-unused-vars": "off",
/* Cette règle empêche de lever des erreurs génériques (p.ex. `E extends Error`). */
"@typescript-eslint/only-throw-error": "off",
/* Cette règle empêche le style fonctionnel « point free ». */
"@typescript-eslint/unbound-method": "off",
/* Cette règle interdit l'usage de fonctions vides sauf pour les fonctions fléchées. */
"no-empty-function": ["error", { allow: ["arrowFunctions"] }],
},
},
);

101
justfile
View file

@ -1,11 +1,7 @@
set shell := ["fish", "-c"] set shell := ["fish", "-c"]
set unstable
cacheFolder := ".cache"
prettierCacheFile := "prettiercache"
# Recette par défaut. # Recette par défaut.
default: dev default: build-all
# Liste toutes les recettes # Liste toutes les recettes
list: list:
@ -16,64 +12,69 @@ list:
[group('php')] [group('php')]
update: update:
composer update composer update
bun update aube update
# Formatte avec Prettier et dprint. # Formatte avec treefmt.
[group('qualité')]
treefmt:
treefmt --config-file ~/.config/treefmt/treefmt.toml .
# Formatte avec Prettier et treefmt.
[group('qualité')] [group('qualité')]
format: format:
bun prettier \ aube x prettier \
--cache \ --cache --cache-location ".cache/prettiercache" \
--cache-location "{{ cacheFolder }}/{{ prettierCacheFile }}" \ --config "cfg/prettier.config.ts" \
--ignore-path "cfg/prettierignore" \
--ignore-unknown \ --ignore-unknown \
--parallel-workers 8 \ --parallel-workers 8 \
--write \ --write .
.
dprint fmt
# TwigCsFixher # TwigCsFixher
-vendor/bin/twig-cs-fixer fix web/app/themes/haiku-atelier-2024/ -vendor/bin/twig-cs-fixer fix web/app/themes/haiku-atelier-2024/
# Mago
mago fmt
# PhpCsFixer # PhpCsFixer
-vendor/bin/php-cs-fixer fix --allow-risky yes # -vendor/bin/php-cs-fixer fix --allow-risky yes
fish scripts/format-sort-files.fish treefmt \
--config-file ~/.config/treefmt/treefmt.toml \
--tree-root . \
.
# Compile, minifie et optimise Sass vers CSS. # Compile, minifie et optimise Sass vers CSS.
[group('css')] [group('css')]
build-css: build-css:
@bun sass \ @aube x sass \
--update \ --update \
"web/app/themes/haiku-atelier-2024/src/sass":"web/app/themes/haiku-atelier-2024/assets/css" "web/app/themes/haiku-atelier-2024/src/sass":"web/app/themes/haiku-atelier-2024/assets/css"
@bun lightningcss \ @aube x lightningcss \
--bundle \ --bundle \
--minify \ --minify \
--output-file "web/app/themes/haiku-atelier-2024/assets/css/main.min.css" \ --output-file "web/app/themes/haiku-atelier-2024/assets/css/main.min.css" \
-- "web/app/themes/haiku-atelier-2024/assets/css/main.css" -- "web/app/themes/haiku-atelier-2024/assets/css/main.css"
@bun lightningcss \ @aube x lightningcss \
--bundle \ --bundle \
--minify \ --minify \
--output-file "web/app/themes/haiku-atelier-2024/assets/css/pages/page-panier.min.css" \ --output-file "web/app/themes/haiku-atelier-2024/assets/css/pages/page-panier.min.css" \
-- "web/app/themes/haiku-atelier-2024/assets/css/pages/page-panier.css" -- "web/app/themes/haiku-atelier-2024/assets/css/pages/page-panier.css"
@bun lightningcss \ @aube x lightningcss \
--bundle \ --bundle \
--minify \ --minify \
--output-file "web/app/themes/haiku-atelier-2024/assets/css/pages/page-accueil.min.css" \ --output-file "web/app/themes/haiku-atelier-2024/assets/css/pages/page-accueil.min.css" \
-- "web/app/themes/haiku-atelier-2024/assets/css/pages/page-accueil.css" -- "web/app/themes/haiku-atelier-2024/assets/css/pages/page-accueil.css"
@bun lightningcss \ @aube x lightningcss \
--bundle \ --bundle \
--minify \ --minify \
--output-file "web/app/themes/haiku-atelier-2024/assets/css/pages/page-boutique.min.css" \ --output-file "web/app/themes/haiku-atelier-2024/assets/css/pages/page-boutique.min.css" \
-- "web/app/themes/haiku-atelier-2024/assets/css/pages/page-boutique.css" -- "web/app/themes/haiku-atelier-2024/assets/css/pages/page-boutique.css"
@bun lightningcss \ @aube x lightningcss \
--bundle \ --bundle \
--minify \ --minify \
--output-file "web/app/themes/haiku-atelier-2024/assets/css/pages/page-a-propos.min.css" \ --output-file "web/app/themes/haiku-atelier-2024/assets/css/pages/page-a-propos.min.css" \
-- "web/app/themes/haiku-atelier-2024/assets/css/pages/page-a-propos.css" -- "web/app/themes/haiku-atelier-2024/assets/css/pages/page-a-propos.css"
@bun lightningcss \ @aube x lightningcss \
--bundle \ --bundle \
--minify \ --minify \
--output-file "web/app/themes/haiku-atelier-2024/assets/css/pages/page-modele-simple.min.css" \ --output-file "web/app/themes/haiku-atelier-2024/assets/css/pages/page-modele-simple.min.css" \
-- "web/app/themes/haiku-atelier-2024/assets/css/pages/page-modele-simple.css" -- "web/app/themes/haiku-atelier-2024/assets/css/pages/page-modele-simple.css"
@bun lightningcss \ @aube x lightningcss \
--bundle \ --bundle \
--minify \ --minify \
--output-file "web/app/themes/haiku-atelier-2024/assets/css/pages/page-succes-commande.min.css" \ --output-file "web/app/themes/haiku-atelier-2024/assets/css/pages/page-succes-commande.min.css" \
@ -87,7 +88,12 @@ watch-css:
# Compile TypeScript en JavaScript. # Compile TypeScript en JavaScript.
[group('js')] [group('js')]
build-js: build-js:
@bun vite build aube x vite build --config "cfg/vite.config.ts"
# Compile TypeScript à chaque changement de fichier.
[group('js')]
watch-js:
@watchexec -w "web/app/themes/haiku-atelier-2024/src/scripts" -w "web/app/themes/haiku-atelier-2024/src/scripts-effect" -- just build-js treefmt
# Compile tout. # Compile tout.
[group('css')] [group('css')]
@ -97,30 +103,32 @@ build-all:
@just build-js @just build-js
@just format @just format
# Compile TypeScript à chaque changement de fichier.
[group('js')]
watch-js:
bun vite build --watch
# Vérifie le code TypeScript avec des analyseurs statiques. # Vérifie le code TypeScript avec des analyseurs statiques.
[group('js')] [group('js')]
[group('qualité')] [group('qualité')]
lint-js: lint-js:
-bun eslint "web/app/themes/haiku-atelier-2024/src/scripts" -aube x eslint "web/app/themes/haiku-atelier-2024/src/scripts"
-bun biome check --reporter=summary "web/app/themes/haiku-atelier-2024/src/scripts" -aube x oxlint \
-bun oxlint "web/app/themes/haiku-atelier-2024/src/scripts" --config cfg/oxlint.config.ts \
--format stylish
fix-js:
aube x oxlint \
--config cfg/oxlint.config.ts \
--format stylish \
--fix --fix-suggestions --fix-dangerously
# Vérifie le code Sass avec Stylelint. # Vérifie le code Sass avec Stylelint.
[group('css')] [group('css')]
[group('qualité')] [group('qualité')]
lint-css: lint-css:
-bun stylelint "web/app/themes/haiku-atelier-2024/src/sass/" --fix -aube x stylelint --config "cfg/stylelint.config.ts" "web/app/themes/haiku-atelier-2024/src/sass/" --fix
# Vérifie le code TypeScript mort avec knip # Vérifie le code TypeScript mort avec knip
[group('js')] [group('js')]
[group('qualité')] [group('qualité')]
lint-code-mort: lint-code-mort:
-bun knip -aube x knip
# Fusionne tous les changements actuels dans le commit précédent et pousse sur le répertoire distant avec Jujetsu. # Fusionne tous les changements actuels dans le commit précédent et pousse sur le répertoire distant avec Jujetsu.
[group('vcs')] [group('vcs')]
@ -135,19 +143,6 @@ lint-build-format-css:
-just build-css -just build-css
-just format -just format
# Lance un navigateur de développement.
[group('développement')]
dev:
@/opt/cromite/chrome --remote-debugging-address=127.0.0.1 --remote-debugging-port=9222 --profile-directory=Guest "https://haikuatelier.gcch.local" &
# Recharge le premier onglet du navigateur de développement.
[group('développement')]
reload-tab:
#!/usr/bin/fish
set -f WSURL (curl -s http://127.1:9222/json | fx '.[0].webSocketDebuggerUrl')
set -f REQUEST '{ "id": 2, "method": "Page.reload", "params": { "ignoreCache": true, "scriptToEvaluateOnLoad": "" } }'
echo $REQUEST | websocat $WSURL
# Créé l'image OCI. # Créé l'image OCI.
[group('container')] [group('container')]
build-wordpress-container: build-wordpress-container:
@ -171,4 +166,10 @@ restart-services:
# Met à jour les conteneurs images des conteneurs. # Met à jour les conteneurs images des conteneurs.
[group('container')] [group('container')]
pull-images: pull-images:
bun "scripts/pull-container-images.ts" bun run "scripts/pull-container-images.ts"
export_production_db:
fish "scripts/déclenche-sauvegarde-bdd-production.fish"
ui_tests:
aube x playwright test --config cfg/playwright.config.ts --ui

163961
lib/openapi3_1.json
View file

File diff suppressed because it is too large Load diff

8
lib/stylelint.d.ts vendored
View file

@ -1,8 +0,0 @@
/**
* Définition d'un groupe de Propriétés _CSS_ du plugin `stylelint-config-clean-order` pour _Stylelint_.
*/
export type stylelintconfigcleanorderpropertygroup = {
emptyLineBefore: "never" | "threshold";
noEmptyLineBetween: boolean;
properties: string | array<string>;
};

163961
lib/wp-json-openapi.json
View file

File diff suppressed because it is too large Load diff

195938
lib/wp-json-schema.json
View file

File diff suppressed because it is too large Load diff

8329
mago-schema.json Normal file
View file

File diff suppressed because it is too large Load diff

172
mago.toml
View file

@ -1,108 +1,80 @@
#:schema mago-schema.json
php-version = "8.5" php-version = "8.5"
stack-size = 8388608 stack-size = 0
threads = 8 threads = 0
[source] [source]
excludes = ["web/wp/wp-admin/includes/noop.php"] excludes = [
extensions = ["php"] "web/wp/wp-admin/includes/noop.php",
includes = ["config", "vendor", "web/app/plugins", "web/vendor", "web/wp"] ]
paths = ["web/app/themes/haiku-atelier-2024"] extensions = ["php"]
includes = ["config", "vendor", "web/app/plugins", "web/vendor", "web/wp"]
[formatter] paths = ["web/app/themes/haiku-atelier-2024"]
# Brace style for classes, traits, etc. workspace = "."
classlike-brace-style = "same_line"
# Brace style for closures.
closure-brace-style = "same_line"
# Brace style for control structures.
control-brace-style = "same_line"
# Brace style for functions.
function-brace-style = "same_line"
# Brace style for methods.
method-brace-style = "same_line"
# Maximum line length that the printer will wrap on.
print-width = 120
# Remove the trailing PHP close tag (?>) from files.
remove-trailing-close-tag = true
# Prefer single quotes over double quotes for strings.
single-quote = true
# Number of spaces per indentation level.
tab-width = 4
# Add a trailing comma to multi-line arrays, parameter lists, etc.
trailing-comma = true
# Use tabs instead of spaces for indentation.
use-tabs = false
# Place empty control structure bodies on the same line.
inline-empty-control-braces = true
# Place empty function bodies on the same line.
inline-empty-function-braces = true
# Place empty constructor bodies on the same line.
inline-empty-constructor-braces = true
# Place empty method bodies on the same line.
inline-empty-method-braces = true
# Place empty anonymous class bodies on the same line.
inline-empty-anonymous-class-braces = true
# How to break method chains.
method-chain-breaking-style = "next_line"
# Preserve existing line breaks in method chains.
preserve-breaking-member-access-chain = false
# Preserve existing line breaks in argument lists.
preserve-breaking-argument-list = false
# Preserve existing line breaks in array-like structures.
preserve-breaking-array-like = false
# Preserve existing line breaks in parameter lists.
preserve-breaking-parameter-list = false
# Preserve existing line breaks in attribute lists.
preserve-breaking-attribute-list = false
# Preserve existing line breaks in ternary expressions.
preserve-breaking-conditional-expression = false
# Always break parameter lists with promoted properties.
break-promoted-properties-list = true
# Place the binary operator on the next line when breaking.
line-before-binary-operator = true
# Always break named argument lists into multiple lines.
always-break-named-arguments-list = true
# Always break named argument lists in attributes.
always-break-attribute-named-argument-lists = true
# Use table-style alignment for arrays.
array-table-style-alignment = true
# Sort use statements alphabetically.
sort-uses = true
# Insert a blank line between different types of use statements.
separate-use-types = true
# Expand grouped use statements into individual statements.
expand-use-groups = true
# How to format null type hints (null|T vs ?T).
null-type-hint = "null_pipe"
# Add parentheses around new in member access ((new Foo)->bar()).
parentheses-around-new-in-member-access = false
# Add parentheses to new expressions without arguments (new Foo()).
parentheses-in-new-expression = true
# Add parentheses to exit and die constructs.
parentheses-in-exit-and-die = true
# Add parentheses to attributes without arguments.
parentheses-in-attribute = true
# Add a space before arrow function parameters.
space-before-arrow-function-parameter-list-parenthesis = false
[linter] [linter]
integrations = ["wordpress"] integrations = ["wordpress"]
[linter.rules] [linter.rules]
ambiguous-function-call = { enabled = true } ambiguous-function-call = { enabled = true }
halstead = { effort-threshold = 7000 } array-style = { enabled = true, style = "short" }
literal-named-argument = { enabled = false } halstead = { effort-threshold = 7000 }
no-redundant-readonly = { enabled = true } literal-named-argument = { enabled = false }
no-redundant-use = { enabled = true } missing-docs = { enabled = true }
no-variable-variable = { enabled = true } no-array-accumulation-in-loop = { enabled = true }
no-inline = { enabled = true }
no-is-null = { enabled = true }
no-iterator-to-array-in-foreach = { enabled = true }
no-parameter-shadowing = { enabled = true }
no-redundant-readonly = { enabled = true }
no-redundant-use = { enabled = true }
no-variable-variable = { enabled = true }
require-namespace = { enabled = true }
sorted-integer-keys = { enabled = true }
# Les else permettent de conserver les branches d'une condition à la même indentation.
no-else-clause = { enabled = false }
[analyzer] [analyzer]
allow-possibly-undefined-array-keys = true allow-implicit-pipe-callable-types = false
analyze-dead-code = true allow-possibly-undefined-array-keys = false
check-arrow-function-missing-type-hints = true allow-side-effects-in-conditions = true
check-closure-missing-type-hints = true analyze-dead-code = true
check-missing-type-hints = true check-arrow-function-missing-type-hints = true
check-throws = true check-closure-missing-type-hints = true
find-unused-definitions = true check-experimental = true
find-unused-expressions = true check-missing-override = true
perform-heuristic-checks = true check-missing-type-hints = true
strict-list-index-checks = true check-name-casing = true
check-property-initialization = true
check-throws = true
check-use-statements = true
enforce-class-finality = true
find-overly-wide-return-types = true
find-unused-definitions = true
find-unused-expressions = true
find-unused-parameters = true
memoize-properties = true
no-boolean-literal-comparison = false
perform-heuristic-checks = true
plugins = ["psl"]
require-api-or-internal = true
strict-list-index-checks = true
trust-existence-checks = false
[analyzer.performance]
array-combination-threshold = 256
consensus-limit-threshold = 512
disjunction-complexity-threshold = 8192
formula-size-threshold = 1024
integer-combination-threshold = 256
loop-assignment-depth-threshold = 2
negation-complexity-threshold = 8192
saturation-complexity-threshold = 16384
string-combination-threshold = 256
[formatter]
excludes = [
"web/app/mu-plugins",
"web/app/plugins",
]

2
mise.toml
View file

@ -1,2 +1,2 @@
[tools] [tools]
"cargo:mago" = "latest" "github:AJenbo/phpantom_lsp" = "latest"

116
package.json Executable file → Normal file
View file

@ -7,63 +7,68 @@
"license": "ISC", "license": "ISC",
"main": "index.js", "main": "index.js",
"keywords": [], "keywords": [],
"scripts": { "knip": "knip" }, "scripts": {
"knip": "knip",
"prepare": "effect-tsgo patch"
},
"dependencies": { "dependencies": {
"@effect/language-service": "^0.60.0",
"@logtape/logtape": "^1.2.2",
"@mobily/ts-belt": "v4.0.0-rc.5", "@mobily/ts-belt": "v4.0.0-rc.5",
"@sentry/browser": "^10.29.0", "@sentry/browser": "^10.51.0",
"a11y-dialog": "^8.1.4", "a11y-dialog": "^8.1.5",
"chalk": "^5.6.2", "effect": "^4.0.0-beta.59",
"effect": "^3.19.9", "html-template-tag": "^5.0.0",
"lit-html": "^3.3.1", "lit-html": "^3.3.2",
"loglevel": "^1.9.2",
"loglevel-plugin-prefix": "^0.8.4",
"optics-ts": "^2.4.1",
"purify-ts": "2.1.2", "purify-ts": "2.1.2",
"ts-pattern": "^5.9.0", "ts-pattern": "^5.9.0",
"valibot": "1.1.0" "valibot": "1.1.0"
}, },
"devDependencies": { "devDependencies": {
"@biomejs/biome": "^2.3.8", "@effect/language-service": "^0.85.1",
"@cspell/dict-fr-fr": "^2.3.2", "@effect/tsgo": "^0.5.2",
"@eslint/js": "^9.39.1", "@gcch/configuration-eslint": "git+https://git.gcch.fr/gcch/configuration-eslint#888eb4aa54",
"@playwright/test": "^1.57.0", "@gcch/configuration-oxlint": "git+https://git.gcch.fr/gcch/configuration-oxlint#83547fc1ebfd",
"@prettier/plugin-xml": "^3.4.2", "@gcch/configuration-prettier": "git+https://git.gcch.fr/gcch/configuration-prettier#d267d6dc5e",
"@sentry/core": "^10.29.0", "@playwright/test": "^1.59.1",
"@swc/cli": "0.7.8", "@sentry/core": "^10.51.0",
"@types/eslint__js": "^9.14.0", "@types/bun": "^1.3.13",
"@types/node": "^24.10.1", "@types/node": "^25.6.0",
"@vitejs/plugin-legacy": "^7.2.1", "@typescript/native-preview": "7.0.0-dev.20260503.1",
"@vitejs/plugin-legacy": "^8.0.1",
"better-typescript-lib": "^2.12.0", "better-typescript-lib": "^2.12.0",
"browserslist": "^4.28.1", "browserslist": "^4.28.2",
"caniuse-lite": "^1.0.30001759", "caniuse-lite": "^1.0.30001791",
"eslint": "^9.39.1", "eslint": "^10.3.0",
"eslint-plugin-oxlint": "^1.31.0", "eslint-plugin-functional": "^9.0.4",
"eslint-plugin-perfectionist": "^4.15.1", "eslint-plugin-jsx-a11y": "^6.10.2",
"eslint-plugin-oxlint": "^1.62.0",
"eslint-plugin-perfectionist": "^5.9.0",
"fdir": "^6.5.0", "fdir": "^6.5.0",
"globals": "^16.5.0", "globals": "^17.6",
"knip": "^5.71.0", "jiti": "^2.6.1",
"lightningcss-cli": "^1.30.2", "knip": "^6.11.0",
"oxlint": "^1.31.0", "lightningcss": "^1.32.0",
"picomatch": "^4.0.3", "lightningcss-cli": "^1.32.0",
"playwright": "^1.57.0", "oxlint": "^1.62.0",
"prettier": "^4.0.0-alpha.13", "oxlint-tsgolint": "^0.22.1",
"prettier-plugin-pkg": "^0.21.2", "playwright": "^1.59.1",
"prettier-plugin-sh": "^0.18.0", "prettier": "^3.8.3",
"sass-embedded": "^1.93.3", "prettier-plugin-curly": "^0.4.1",
"stylelint": "^16.26.1", "prettier-plugin-ini": "^1.3.0",
"stylelint-config-clean-order": "^8.0.0", "prettier-plugin-jsdoc": "^1.8.0",
"stylelint-config-sass-guidelines": "^12.1.0", "prettier-plugin-pkg": "^0.22.1",
"stylelint-config-standard-scss": "^16.0.0", "prettier-plugin-sh": "^0.18.1",
"stylelint-declaration-block-no-ignored-properties": "^2.8.0", "prettier-plugin-sort-json": "^4.2.0",
"stylelint-plugin-logical-css": "^1.2.3", "sass-embedded": "^1.99.0",
"typescript": "5.9.3", "stylelint": "^17.9.1",
"typescript-eslint": "^8.48.1", "stylelint-config-clean-order": "^8.0.1",
"vite": "^7.2.6", "stylelint-config-sass-guidelines": "^13.0.0",
"vite-plugin-valibot-env": "^1.0.1", "stylelint-config-standard-scss": "^17.0.0",
"vite-tsconfig-paths": "^5.1.4", "stylelint-declaration-block-no-ignored-properties": "^3.0.0",
"wp-types": "^4.69.0" "stylelint-plugin-logical-css": "^2.1.0",
"typescript": "^6.0.3",
"typescript-eslint": "^8.59.1",
"vite": "^8.0.10",
"vite-tsconfig-paths": "^6.1.1"
}, },
"browserslist": [ "browserslist": [
"chrome >0 and last 3 years", "chrome >0 and last 3 years",
@ -75,8 +80,17 @@
"ios >0 and last 3 years" "ios >0 and last 3 years"
], ],
"knip": { "knip": {
"entry": ["web/app/themes/haiku-atelier-2024/src/scripts/*.ts"], "entry": [
"project": ["web/app/themes/haiku-atelier-2024/src/scripts/**/*.{js,ts,d.ts}"] "web/app/themes/haiku-atelier-2024/src/scripts/*.ts"
],
"project": [
"web/app/themes/haiku-atelier-2024/src/scripts/**/*.{js,ts,d.ts}"
]
}, },
"trustedDependencies": ["@biomejs/biome", "@parcel/watcher", "@swc/core", "core-js", "esbuild", "lightningcss-cli"] "trustedDependencies": [
"@parcel/watcher",
"core-js",
"lightningcss-cli",
"msgpackr-extract"
]
} }

1235
phpactor.schema.json
View file

File diff suppressed because it is too large Load diff

2
phpstan.neon
View file

@ -21,6 +21,8 @@ parameters:
reportWrongPhpDocTypeInVarTag: true reportWrongPhpDocTypeInVarTag: true
# Setting treatPhpDocTypesAsCertain to false relaxes some of the rules around type-checking. # Setting treatPhpDocTypesAsCertain to false relaxes some of the rules around type-checking.
treatPhpDocTypesAsCertain: true treatPhpDocTypesAsCertain: true
# PHP silently casts array keys that look like decimal integers from string to int. This means array<string, mixed> cant guarantee that keys are actually strings at runtime.
reportUnsafeArrayStringKeyCasting: true
parallel: parallel:
jobSize: 20 jobSize: 20

92
playwright.config.ts
View file

@ -1,92 +0,0 @@
import { defineConfig, devices } from "@playwright/test";
/**
* Read environment variables from file.
* https://github.com/motdotla/dotenv
*/
// import dotenv from 'dotenv';
// import path from 'path';
// dotenv.config({ path: path.resolve(__dirname, '.env') });
/**
* See https://playwright.dev/docs/test-configuration.
*/
export default defineConfig({
testDir: "./tests",
/* Run tests in files in parallel */
fullyParallel: true,
/* Fail the build on CI if you accidentally left test.only in the source code. */
forbidOnly: !!process.env.CI,
/* Retry on CI only */
retries: process.env.CI ? 2 : 0,
/* Opt out of parallel tests on CI. */
workers: process.env.CI ? 1 : undefined,
/* Reporter to use. See https://playwright.dev/docs/test-reporters */
reporter: "list",
/* Shared settings for all the projects below. See https://playwright.dev/docs/api/class-testoptions. */
use: {
/* Base URL to use in actions like `await page.goto('/')`. */
// baseURL: 'http://localhost:3000',
/* Collect trace when retrying the failed test. See https://playwright.dev/docs/trace-viewer */
trace: "on-first-retry",
clientCertificates: [
{
origin: "https://haikuatelier.gcch.local",
certPath: "../certs/_wildcard.gcch.local.pem",
keyPath: "../certs/_wildcard.gcch.local-key.pem",
},
],
ignoreHTTPSErrors: true,
},
/* Configure projects for major browsers */
projects: [
{
name: "desktop-chromium-1920",
use: { ...devices["Desktop Chrome"], viewport: { width: 1920, height: 1080 } },
},
{
name: "desktop-chromium-1536",
use: { ...devices["Desktop Chrome"], viewport: { width: 1536, height: 864 } },
},
{
name: "desktop-chromium-1366",
use: { ...devices["Desktop Chrome"], viewport: { width: 1366, height: 768 } },
},
{
name: "desktop-firefox-1920",
use: { ...devices["Desktop Firefox"], viewport: { width: 1920, height: 1080 } },
},
{
name: "desktop-firefox-1536",
use: { ...devices["Desktop Firefox"], viewport: { width: 1536, height: 864 } },
},
{
name: "desktop-firefox-1366",
use: { ...devices["Desktop Firefox"], viewport: { width: 1366, height: 768 } },
},
{
name: "tablet-chromium-portrait",
use: { ...devices["Galaxy Tab S9"] },
},
{
name: "tablet-chromium-landscape",
use: { ...devices["Galaxy Tab S9 landscape"] },
},
{
name: "mobile-chromium-portrait",
use: { ...devices["Pixel 7"] },
},
{
name: "mobile-chromium-landscape",
use: { ...devices["Pixel 7 landscape"] },
},
],
/* Run your local dev server before starting the tests */
// webServer: {
// command: 'npm run start',
// url: 'http://localhost:3000',
// reuseExistingServer: !process.env.CI,
// },
});

8
prettier.config.js
View file

@ -1,8 +0,0 @@
import { configClassique, configXml } from "@gcch/configuration-prettier";
const config = {
...configClassique,
overrides: [configXml],
};
export default config;

24
rector.php
View file

@ -1,24 +0,0 @@
<?php declare(strict_types=1);
use Rector\Config\RectorConfig;
return RectorConfig::configure()
->withPaths([__DIR__ . '/web/app/themes/haiku-atelier-2024'])
->withSkip([__DIR__ . '/vendor', __DIR__ . '/node_modules'])
->withPhpSets(php85: true)
->withCodeQualityLevel(10)
->withCodingStyleLevel(10)
->withDeadCodeLevel(10)
->withTypeCoverageDocblockLevel(10)
->withTypeCoverageLevel(10)
->withImportNames(
importDocBlockNames: true,
importNames: true,
importShortClasses: true,
removeUnusedImports: true,
)
->withPreparedSets(
carbon: true,
instanceOf: true,
privatization: true,
);

7
scripts/SCRIPT.fish
View file

@ -1,7 +0,0 @@
#!/usr/bin/fish
for image in *.png
gm convert -resize 1000 $image ok-$image.png
end
flaca -p *

19
scripts/SUBSET.fish
View file

@ -1,19 +0,0 @@
pyftsubset \
lato-variable-italic.ttf \
--desubroutinize \
--flavor=woff2 \
--layout-features-="dnom,frac,numr" \
--layout-features+="case,pnum,tnum" \
--output-file="lato-variable-italic-webfont.woff2" \
--unicodes="U+0000-00FF,U+0131,U+0152-0153,U+02BB-02BC,U+02C6,U+02DA,U+02DC,U+2000-206F,U+2074,U+20AC,U+2122,U+2191,U+2193,U+2212,U+2215,U+FEFF,U+FFFD" \
--with-zopfli
pyftsubset \
lato-variable-italic.ttf \
--desubroutinize \
--layout-features-="dnom,frac,numr" \
--layout-features+="case,pnum,tnum" \
--output-file="lato-variable-italic-webfont.ttf" \
--unicodes="U+0000-00FF,U+0131,U+0152-0153,U+02BB-02BC,U+02C6,U+02DA,U+02DC,U+2000-206F,U+2074,U+20AC,U+2122,U+2191,U+2193,U+2212,U+2215,U+FEFF,U+FFFD" \
--with-zopfli

68
scripts/convertis-images.fish Executable file
View file

@ -0,0 +1,68 @@
#!/usr/bin/fish
for jpg in **/*.{jpg,jpeg}
echo $jpg
set -f avif (path change-extension 'avif' "$jpg")
set -f jxl (path change-extension 'jxl' "$jpg")
set -f png (path change-extension 'png' "$jpg")
set -f dimensions (magick identify -format "%w-%h" $jpg)
set -f dimensions (string split "-" $dimensions)
if test $dimensions[1] -eq 1920 || test $dimensions[2] -eq 1920
set -f a_bonnes_dimensions true
else
set -f a_bonnes_dimensions false
end
if test -e $avif && test -e $jxl
echo -e "\tAll there."
continue
end
magick "$jpg" -resize 1920x1920\> "$png" >/dev/null
if ! test -e $jxl
if test $a_bonnes_dimensions = false
cjxl \
--allow_jpeg_reconstruction=1 \
--brotli_effort=11 \
--container=1 \
--effort=9 \
--lossless_jpeg=1 \
--num_threads=-1 \
--progressive \
$png $jxl &>/dev/null
djxl \
--num_threads=-1 \
$jxl $jpg &>/dev/null
end
cjxl \
--allow_jpeg_reconstruction=0 \
--brotli_effort=11 \
--container=1 \
--effort=10 \
--quality=70 \
--lossless_jpeg=0 \
--num_threads=-1 \
--progressive \
$png $jxl &>/dev/null
echo -e "\t$jxl"
set -f avif (path change-extension 'avif' "$jpg")
if ! test -e $avif
avifenc \
-q 70 \
-s 0 \
-c aom \
-y 420 \
"$png" "$avif" &>/dev/null
echo -e "\t$avif"
end
rm $png
end
end

4
scripts/déclenche-sauvegarde-bdd-production.fish Executable file
View file

@ -0,0 +1,4 @@
#!/usr/bin/fish
ssh ade -- fish /srv/haikuatelier.com/scripts/sauvegarde-bdd-production.fish
rclone copy --check-first --progress --multi-thread-streams 8 ade:/srv/haikuatelier.com/db /home/gcch/Répertoires/git.gcch.fr/gcch/haiku-atelier-2024/db

9
scripts/format-sort-files.fish Normal file → Executable file
View file

@ -1,5 +1,12 @@
#!/usr/bin/fish
set -f fichiers_toml (fd --glob "*.toml") set -f fichiers_toml (fd --glob "*.toml")
set -f fichiers_angie (fd --glob "*.conf" containers/conf/angie)
for toml in $fichiers_toml for toml in $fichiers_toml
taplo format "$toml" tombi format "$toml"
end
for angie in $angie
nginxfmt "$angie"
end end

96
scripts/importe-dernier-export-bdd.ts Normal file
View file

@ -0,0 +1,96 @@
import { $ } from "bun";
import type { Option } from "effect";
import { Array as FxArray, Console, Context, Effect, Layer, ManagedRuntime, Order, pipe, Schema } from "effect";
import type { UnknownError } from "effect/Cause";
import { readdir } from "node:fs/promises";
class PodmanError extends Schema.TaggedErrorClass<PodmanError>()("PodmanError", {
cause: Schema.Error,
}) {}
class FSError extends Schema.TaggedErrorClass<FSError>()("FSError", {
cause: Schema.Error,
}) {}
class Podman extends Context.Service<
Podman,
{
launchContainers(): Effect.Effect<string, PodmanError>;
importLatestDbInWordPressContainer(exportPath: string): Effect.Effect<string, PodmanError>;
}
>()("haikuatelier.fr/scripts/importe-dernier-export-bdd/Podman") {
static readonly layer = Layer.effect(
Podman,
// oxlint-disable-next-line require-yield
Effect.gen(function*() {
const launchContainers = Effect.fn("launchContainers")(function*() {
return yield* pipe(
Effect.tryPromise(async () => $`podman compose up -d &> /dev/null`),
Effect.map((shell: $.ShellOutput) => shell.text()),
Effect.mapError((error: UnknownError) => new PodmanError({ cause: error })),
);
});
const importLatestDbInWordPressContainer = Effect.fn("importLatestDbInWordPressContainer")(function*(
exportPath: string,
) {
return yield* pipe(
Effect.tryPromise(
async () =>
$`podman exec -it haikuatelier.fr-wordpress fish -c "cd web && wp --allow-root db import ${exportPath} > /dev/null"`,
),
Effect.map((shell: $.ShellOutput) => shell.text()),
Effect.mapError((error: UnknownError) => new PodmanError({ cause: error })),
);
});
return Podman.of({
launchContainers,
importLatestDbInWordPressContainer,
});
}),
);
}
class FS extends Context.Service<
FS,
{
getLatestDbExport(): Effect.Effect<string, FSError>;
}
>()("haikuatelier.fr/scripts/importe-dernier-export-bdd/FS") {
static readonly layer = Layer.effect(
FS,
// oxlint-disable-next-line require-yield
Effect.gen(function*() {
const getLatestDbExport = Effect.fn("getLatestDbExport")(function*() {
return yield* pipe(
Effect.tryPromise(async () => readdir(`./db`)),
Effect.map((paths: ReadonlyArray<string>) => FxArray.sort(paths, Order.String)),
Effect.map((sortedPaths: ReadonlyArray<string>) => FxArray.last(sortedPaths)),
Effect.flatMap((path: Option.Option<string>) => Effect.fromOption(path)),
Effect.mapError(_ => new FSError({ cause: new Error("Aucun export de BDD n'est disponible.") })),
);
});
return FS.of({
getLatestDbExport,
});
}),
);
}
const mainLayer = Layer.mergeAll(Podman.layer, FS.layer);
const runtime = ManagedRuntime.make(mainLayer);
const program = Effect.fn("program")(function*() {
yield* Podman.use(podman => podman.launchContainers());
yield* Console.log("Containers are launched.");
const latestExportPath: string = pipe(yield* FS.use(fs => fs.getLatestDbExport()), path => `../db/${path}`);
yield* Console.log(latestExportPath);
yield* Podman.use(podman => podman.importLatestDbInWordPressContainer(latestExportPath));
yield* Console.log("Import done.");
});
runtime.runFork(program().pipe(Effect.tapError(Console.error)));

112
scripts/pull-container-images.ts
View file

@ -1,42 +1,88 @@
import { BunFile, YAML } from "bun"; import { YAML } from "bun";
import { Array, Console, Effect, Option, pipe, Record, Schema } from "effect"; import { Array as EffectArray, Console, Data, Effect, pipe, Record, Schema, SchemaIssue } from "effect";
import { type UnknownException } from "effect/Cause"; import { SchemaError } from "effect/Schema";
import { type ParseError } from "effect/ParseResult";
import { type ReadonlyRecord } from "effect/Record";
const COMPOSE_PATH = "compose.yaml"; const COMPOSE_PATH = "compose.yaml";
const DEFAULT_CMD_TIMEOUT = 10_000;
class Compose extends Schema.Class<Compose>("Compose")({
name: Schema.String,
services: Schema.Record(Schema.String, Schema.Unknown),
}) {}
const getServicesKey = ( class ScriptError extends Data.TaggedError("ScriptError")<{ cause: unknown }> {}
yaml: ReadonlyRecord<string | symbol, any>,
): Option.Option<ReadonlyArray<string>> =>
pipe(
Record.get("services")(yaml),
Option.andThen(yaml => Record.keys(yaml)),
);
const getComposeYaml = <A, I, R>( // Const composeSchema = Schema.Record(Schema.Union([Schema.String, Schema.Symbol]), Schema.Unknown);
filePath: string, // type YamlRecord = ReadonlyRecord<string | symbol, unknown>;
schema: Schema.Schema<A, I, R>,
): Effect.Effect<A, UnknownException | ParseError, R> =>
pipe(
Effect.try(() => Bun.file(filePath)),
Effect.andThen((file: BunFile) => Effect.tryPromise(() => file.text())),
Effect.andThen((text: string) => Effect.try(() => YAML.parse(text))),
Effect.andThen((yaml: unknown) => Schema.decodeUnknown(schema)(yaml)),
);
const programEffect: Effect.Effect<ReadonlyArray<string>> = Effect.gen(function*() { /* */
/**
* Retourne les noms des services déclarés dans un ficher _Compose_.
* @param compose Le fichier _Compose_ sous forme d'objet.
* @returns Les noms des Services sous forme de tableau.
*/
const getServicesFromComposeYaml: (compose: Compose) => ReadonlyArray<string> = compose =>
Record.keys(compose.services);
/**
* Récupère le contenu texte d'un fichier pour un chemin donné.
*
* @param filePath Le chemin du fichier dont on souhaite le contenu.
* @returns Le contenu textuel du fichier sous forme de chaîne de caractères.
*/
const getFileContent: (filePath: string) => Effect.Effect<string, ScriptError> = Effect.fn("getFileContent")(
function*(filePath) {
const fileRef: Bun.BunFile = Bun.file(filePath);
yield* Effect.tryPromise({
catch: (_): ScriptError => new ScriptError({ cause: "The wanted file does not exist." }),
try: async (): Promise<boolean> => fileRef.exists(),
});
return yield* Effect.tryPromise({
catch: (_): ScriptError => new ScriptError({ cause: "Can't retrieve the file's text content." }),
try: async (): Promise<string> => fileRef.text(),
});
},
);
/**
* Récupère le contenu _YAML_ d'un fichier _Compose_ sous forme de `Record`.
*
* @param path Le chemin du fichier _Compose_.
* @param schema Le `Schema` utilisée pour le parsage des données du fichier.
* @returns Un `Record` des données du fichier.
*/
const getComposeYaml: <ComposeSchema>(
path: string,
schema: Schema.Schema<ComposeSchema>,
) => Effect.Effect<ComposeSchema, ScriptError, unknown> = Effect.fn("getComposeYaml")(function*(path, schema) {
return yield* pipe( return yield* pipe(
// Récupère le contenu du fichier compose.yaml sous forme de Record. getFileContent(path),
getComposeYaml(COMPOSE_PATH, Schema.Record({ key: Schema.String, value: Schema.Unknown })), Effect.map((text: string): unknown => YAML.parse(text)),
// Récupère la clé des services. Effect.flatMap((yaml: unknown) =>
Effect.andThen((yaml: ReadonlyRecord<string | symbol, unknown>) => getServicesKey(yaml)), Schema.decodeUnknownEffect(schema)(yaml, { errors: "all", onExcessProperty: "ignore" })
// Retire la clé de l'image WordPress. ),
Effect.andThen((keys: ReadonlyArray<string>) => Array.filter(keys, key => key !== "wordpress")), Effect.mapError((error): ScriptError => {
Effect.orElseSucceed(() => [""]), if (error instanceof SchemaError) {
// Exécute la commande podman. return new ScriptError({ cause: SchemaIssue.makeFormatterStandardSchemaV1()(error.issue) });
Effect.tap(services => Bun.spawn({ cmd: ["podman", "compose", "pull", ...services], timeout: 10000 })), } else {
return error;
}
}),
); );
}); });
Effect.runFork(programEffect).pipe(Effect.tapErrorCause(Console.error)); const program: Effect.Effect<ReadonlyArray<string>, ScriptError> = pipe(
getComposeYaml(COMPOSE_PATH, Compose),
Effect.map((compose: Compose) => getServicesFromComposeYaml(compose)),
Effect.map((keys: ReadonlyArray<string>) => EffectArray.filter(keys, key => key !== "wordpress")),
Effect.orElseSucceed(() => [""]),
Effect.tap((services: ReadonlyArray<string>) => {
Bun.spawn({ cmd: ["podman", "compose", "pull", ...services], timeout: DEFAULT_CMD_TIMEOUT });
return Effect.succeed(services);
}),
Effect.tapCause(Console.error),
);
Effect.runFork(program);

4
scripts/remove-scaled-images.php
View file

@ -1,4 +1,6 @@
<?php declare(strict_types=1); <?php
declare(strict_types=1);
require_once 'web/wp/wp-load.php'; require_once 'web/wp/wp-load.php';

2
scripts/sauvegarde-bdd-production.fish Normal file → Executable file
View file

@ -1,3 +1,5 @@
#!/usr/bin/fish
cd /srv/haikuatelier.com/web cd /srv/haikuatelier.com/web
sudo -S wp-cli --allow-root db export sudo -S wp-cli --allow-root db export
sudo -S mv -v /srv/haikuatelier.com/web/*.sql ../db sudo -S mv -v /srv/haikuatelier.com/web/*.sql ../db

20
scripts/subset-polices.fish Executable file
View file

@ -0,0 +1,20 @@
#!/usr/bin/fish
pyftsubset \
lato-variable-italic.ttf \
--desubroutinize \
--flavor=woff2 \
--layout-features-="dnom,frac,numr" \
--layout-features+="case,pnum,tnum" \
--output-file="lato-variable-italic-webfont.woff2" \
--unicodes="U+0000-00FF,U+0131,U+0152-0153,U+02BB-02BC,U+02C6,U+02DA,U+02DC,U+2000-206F,U+2074,U+20AC,U+2122,U+2191,U+2193,U+2212,U+2215,U+FEFF,U+FFFD" \
--with-zopfli
pyftsubset \
lato-variable-italic.ttf \
--desubroutinize \
--layout-features-="dnom,frac,numr" \
--layout-features+="case,pnum,tnum" \
--output-file="lato-variable-italic-webfont.ttf" \
--unicodes="U+0000-00FF,U+0131,U+0152-0153,U+02BB-02BC,U+02C6,U+02DA,U+02DC,U+2000-206F,U+2074,U+20AC,U+2122,U+2191,U+2193,U+2212,U+2215,U+FEFF,U+FFFD" \
--with-zopfli

40
stylelint.config.js
View file

@ -1,40 +0,0 @@
// @ts-expect-error -- La dépendance ne dispose pas de types.
import { propertyGroups } from "stylelint-config-clean-order";
/** @type {string[][]} */
// eslint-disable-next-line @typescript-eslint/no-unsafe-argument -- Impossible de typer correctement avec JSDoc.
const groupesProprietes = Array.from(/** @type {GroupeProprietes} */ propertyGroups);
/** @import { StylelintConfigCleanOrderPropertyGroup } from "./lib/stylelint" */
/** @type {Array<StylelintConfigCleanOrderPropertyGroup>} */
const ordreProprietes = groupesProprietes.map(properties => ({
emptyLineBefore: "never",
noEmptyLineBetween: true,
properties,
}));
/** @type {import("stylelint").Config} */
export default {
extends: ["stylelint-config-standard-scss", "stylelint-config-sass-guidelines", "stylelint-config-clean-order"],
plugins: ["stylelint-declaration-block-no-ignored-properties"],
rules: {
"@stylistic/function-parentheses-space-inside": null,
"@stylistic/selector-list-comma-newline-after": null,
"@stylistic/string-quotes": null,
"custom-property-pattern": null,
"declaration-block-no-duplicate-custom-properties": true,
"declaration-block-no-duplicate-properties": true,
"declaration-block-no-redundant-longhand-properties": true,
"declaration-block-no-shorthand-property-overrides": true,
"max-nesting-depth": null,
"no-descending-specificity": null,
"no-duplicate-selectors": [true, { disallowInList: false }],
"order/properties-order": [ordreProprietes, { severity: "error", unspecified: "bottomAlphabetical" }],
"plugin/declaration-block-no-ignored-properties": true,
"selector-class-pattern": null,
"selector-id-pattern": null,
"selector-max-compound-selectors": null,
"selector-max-id": null,
"selector-no-qualifying-type": null,
},
};

Some files were not shown because too many files have changed in this diff Show more