boticello/hiawatha.conf

## hiawatha.conf
# Hiawatha main configuration file
#


# GENERAL SETTINGS
#
ServerId = www-data
ConnectionsTotal = 1000
ConnectionsPerIP = 35
SystemLogfile = /var/log/hiawatha/system.log
GarbageLogfile = /var/log/hiawatha/garbage.log
ExploitLogfile = /var/log/hiawatha/exploit.log

LogFormat = extended
ServerString = SimpleHTTPserver
CGIwrapper = /usr/sbin/cgi-wrapper

# BINDING SETTINGS
# A binding is where a client can connect to.
#
Binding {
	Port = 80
#	Interface = 127.0.0.1
	MaxKeepAlive = 50
	TimeForRequest = 12,50
}
#
#Binding {
#	Port = 443
#	Interface = ::1
#	MaxKeepAlive = 30
#	TimeForRequest = 3,20
#	SSLcertFile = hiawatha.pem
#}


# BANNING SETTINGS
# Deny service to clients who misbehave.
#
#BanOnGarbage = 300
#BanOnMaxPerIP = 60
#BanOnMaxReqSize = 300
#KickOnBan = yes
#RebanDuringBan = yes

BanOnGarbage = 300
BanOnMaxPerIP = 300
BanOnMaxReqSize = 300
BanOnTimeout = 300
KickOnBan = yes
RebanDuringBan = yes

BanOnDeniedBody = 300
BanOnSQLi = 300
BanOnFlooding = 90/1:300
BanlistMask = deny 127.0.0.1
BanOnInvalidURL = 300

BanOnWrongPassword = 3:300
ChallengeClient = 70,httpheader,300

# COMMON GATEWAY INTERFACE (CGI) SETTINGS
# These settings can be used to run CGI applications.
#
CGIhandler = /usr/bin/perl:pl
#CGIhandler = /usr/bin/php5-cgi:php
CGIhandler = /usr/sbin/php5-fpm:php
CGIhandler = /usr/bin/python:py
CGIhandler = /usr/bin/ruby:rb
CGIhandler = /usr/bin/ssi-cgi:shtml
CGIextension = cgi
#
FastCGIserver {
	FastCGIid = PHP5
#	ConnectTo = 127.0.0.1:9000
        ConnectTo = /var/run/php5-fpm.sock
	Extension = php
	SessionTimeout = 600
}


# URL TOOLKIT
# This URL toolkit rule was made for the Banshee PHP framework, which
# can be downloaded from http://www.hiawatha-webserver.org/banshee
#
UrlToolkit {
	ToolkitID = banshee
	Do Call scannerblocker
	Do Call vulnerabilityblocker
        RequestURI isfile Return
	Match ^/(css|files|images|js|slimstat)($|/) Return
	Match ^/(favicon.ico|robots.txt|sitemap.xml)$ Return
	Match ^/(crawler)($|/) Return
	Match .*\?(.*) Rewrite /index.php?$1
	Match .* Rewrite /index.php
}

UrlToolkit {
	ToolkitID = vulnerabilityblocker
	Header * \(\)\s*\{ DenyAccess   # Shellshock
	MatchCI ^/(crawler|pma|myadmin|phpmyadmin|cgi-bin)($|/) Ban 900 # phpmyadmin & cgi-bin
	MatchCI ^/(xmlrpc.php|phpinfo.php)$ Ban 900 # wordpress, drupal & phpinfo
}

UrlToolkit {
        ToolkitID = scannerblocker
	Header User-Agent ^w3af.sourceforge.net DenyAccess
	Header User-Agent ^dirbuster DenyAccess
	Header User-Agent ^nikto DenyAccess
	Header User-Agent ^sqlmap DenyAccess
	Header User-Agent ^fimap DenyAccess
	Header User-Agent ^nessus DenyAccess
	Header User-Agent ^Nessus DenyAccess
	Header User-Agent ^whatweb DenyAccess
	Header User-Agent ^Openvas DenyAccess
	Header User-Agent ^jbrofuzz DenyAccess
	Header User-Agent ^libwhisker DenyAccess
	Header User-Agent ^webshag DenyAccess
	Header User-Agent ^Morfeus DenyAccess
	Header User-Agent ^Fucking DenyAccess
	Header User-Agent ^Scanner DenyAccess
	Header User-Agent ^Aboundex DenyAccess
	Header User-Agent ^AlphaServer DenyAccess
	Header User-Agent ^Indy DenyAccess
	Header User-Agent ^ZmEu DenyAccess
	Header User-Agent ^social DenyAccess
	Header User-Agent ^Zollard DenyAccess
	Header User-Agent ^CLR DenyAccess
	Header User-Agent ^Camino DenyAccess
	Header User-Agent ^Nmap DenyAccess
	Header * ^WVS DenyAccess
	Header User-Agent ^Python-httplib DenyAccess
	Header User-Agent ^Python-requests DenyAccess
	Header User-Agent ^masscan DenyAccess
	Header User-Agent ^Java DenyAccess
	Header User-Agent ^Nutch DenyAccess
	Header User-Agent ^Who.is DenyAccess
	Header User-Agent ^immoral DenyAccess
	Header User-Agent ^crawler DenyAccess
	Header User-Agent ^NetShelter DenyAccess
	Header User-Agent ^Application DenyAccess
	Header User-Agent ^Validator.nu/LV DenyAccess
        Header * ^ssdp DenyAccess
        Header User-Agent ^Arachni DenyAccess
        Header User-Agent ^Spider-Pig DenyAccess
        Header User-Agent ^tinfoilsecurity DenyAccess
        Header User-Agent ^@ DenyAccess
	Header User-Agent ^shellshock-scan DenyAccess
        Header User-Agent ^Vega DenyAccess
        Header * ^\(\)\s*\{ DenyAccess
        Header * ^uname DenyAccess
        Header * ^whoami DenyAccess
        Header User-Agent ^friendly-scanner DenyAccess
        Header * ^mxmail.netease.com DenyAccess
        Header * ^muieblackcat DenyAccess
        Header User-Agent ^BOT\sfor\sJCE DenyAccess
}


# DEFAULT WEBSITE
# It is wise to use your IP address as the hostname of the default website
# and give it a blank webpage. By doing so, automated webscanners won't find
# your possible vulnerable website.
#
Hostname = 98.139.183.24
WebsiteRoot = /var/www/hiawatha
StartFile = index.html
AccessLogfile = /var/log/hiawatha/access.log
ErrorLogfile = /var/log/hiawatha/error.log
#ErrorHandler = 404:/error.cgi
ReverseProxy ^/.* http://www.example.com:80/

Include /etc/hiawatha/enable-sites/

# VIRTUAL HOSTS
# Use a VirtualHost section to declare the websites you want to host.
#
#VirtualHost {
#	Hostname = www.my-domain.com
#	WebsiteRoot = /var/www/my-domain/public
#	StartFile = index.php
#	AccessLogfile = /var/www/my-domain/log/access.log
#	ErrorLogfile = /var/www/my-domain/log/error.log
#	TimeForCGI = 5
#	UseFastCGI = PHP5
#	UseToolkit = banshee
#}


# DIRECTORY SETTINGS
# You can specify some settings per directory.
#
#Directory {
#	Path = /home/baduser
#	ExecuteCGI = no
#	UploadSpeed = 10,2
#}
	# Hiawatha main configuration file
	#


	# GENERAL SETTINGS
	#
	ServerId = www-data
	ConnectionsTotal = 1000
	ConnectionsPerIP = 35
	SystemLogfile = /var/log/hiawatha/system.log
	GarbageLogfile = /var/log/hiawatha/garbage.log
	ExploitLogfile = /var/log/hiawatha/exploit.log

	LogFormat = extended
	ServerString = SimpleHTTPserver
	CGIwrapper = /usr/sbin/cgi-wrapper

	# BINDING SETTINGS
	# A binding is where a client can connect to.
	#
	Binding {
	Port = 80
	# Interface = 127.0.0.1
	MaxKeepAlive = 50
	TimeForRequest = 12,50
	}
	#
	#Binding {
	# Port = 443
	# Interface = ::1
	# MaxKeepAlive = 30
	# TimeForRequest = 3,20
	# SSLcertFile = hiawatha.pem
	#}


	# BANNING SETTINGS
	# Deny service to clients who misbehave.
	#
	#BanOnGarbage = 300
	#BanOnMaxPerIP = 60
	#BanOnMaxReqSize = 300
	#KickOnBan = yes
	#RebanDuringBan = yes

	BanOnGarbage = 300
	BanOnMaxPerIP = 300
	BanOnMaxReqSize = 300
	BanOnTimeout = 300
	KickOnBan = yes
	RebanDuringBan = yes

	BanOnDeniedBody = 300
	BanOnSQLi = 300
	BanOnFlooding = 90/1:300
	BanlistMask = deny 127.0.0.1
	BanOnInvalidURL = 300

	BanOnWrongPassword = 3:300
	ChallengeClient = 70,httpheader,300

	# COMMON GATEWAY INTERFACE (CGI) SETTINGS
	# These settings can be used to run CGI applications.
	#
	CGIhandler = /usr/bin/perl:pl
	#CGIhandler = /usr/bin/php5-cgi:php
	CGIhandler = /usr/sbin/php5-fpm:php
	CGIhandler = /usr/bin/python:py
	CGIhandler = /usr/bin/ruby:rb
	CGIhandler = /usr/bin/ssi-cgi:shtml
	CGIextension = cgi
	#
	FastCGIserver {
	FastCGIid = PHP5
	# ConnectTo = 127.0.0.1:9000
	ConnectTo = /var/run/php5-fpm.sock
	Extension = php
	SessionTimeout = 600
	}


	# URL TOOLKIT
	# This URL toolkit rule was made for the Banshee PHP framework, which
	# can be downloaded from http://www.hiawatha-webserver.org/banshee
	#
	UrlToolkit {
	ToolkitID = banshee
	Do Call scannerblocker
	Do Call vulnerabilityblocker
	RequestURI isfile Return
	Match ^/(css\|files\|images\|js\|slimstat)($\|/) Return
	Match ^/(favicon.ico\|robots.txt\|sitemap.xml)$ Return
	Match ^/(crawler)($\|/) Return
	Match .\?(.) Rewrite /index.php?$1
	Match .* Rewrite /index.php
	}

	UrlToolkit {
	ToolkitID = vulnerabilityblocker
	Header * \(\)\s*\{ DenyAccess # Shellshock
	MatchCI ^/(crawler\|pma\|myadmin\|phpmyadmin\|cgi-bin)($\|/) Ban 900 # phpmyadmin & cgi-bin
	MatchCI ^/(xmlrpc.php\|phpinfo.php)$ Ban 900 # wordpress, drupal & phpinfo
	}

	UrlToolkit {
	ToolkitID = scannerblocker
	Header User-Agent ^w3af.sourceforge.net DenyAccess
	Header User-Agent ^dirbuster DenyAccess
	Header User-Agent ^nikto DenyAccess
	Header User-Agent ^sqlmap DenyAccess
	Header User-Agent ^fimap DenyAccess
	Header User-Agent ^nessus DenyAccess
	Header User-Agent ^Nessus DenyAccess
	Header User-Agent ^whatweb DenyAccess
	Header User-Agent ^Openvas DenyAccess
	Header User-Agent ^jbrofuzz DenyAccess
	Header User-Agent ^libwhisker DenyAccess
	Header User-Agent ^webshag DenyAccess
	Header User-Agent ^Morfeus DenyAccess
	Header User-Agent ^Fucking DenyAccess
	Header User-Agent ^Scanner DenyAccess
	Header User-Agent ^Aboundex DenyAccess
	Header User-Agent ^AlphaServer DenyAccess
	Header User-Agent ^Indy DenyAccess
	Header User-Agent ^ZmEu DenyAccess
	Header User-Agent ^social DenyAccess
	Header User-Agent ^Zollard DenyAccess
	Header User-Agent ^CLR DenyAccess
	Header User-Agent ^Camino DenyAccess
	Header User-Agent ^Nmap DenyAccess
	Header * ^WVS DenyAccess
	Header User-Agent ^Python-httplib DenyAccess
	Header User-Agent ^Python-requests DenyAccess
	Header User-Agent ^masscan DenyAccess
	Header User-Agent ^Java DenyAccess
	Header User-Agent ^Nutch DenyAccess
	Header User-Agent ^Who.is DenyAccess
	Header User-Agent ^immoral DenyAccess
	Header User-Agent ^crawler DenyAccess
	Header User-Agent ^NetShelter DenyAccess
	Header User-Agent ^Application DenyAccess
	Header User-Agent ^Validator.nu/LV DenyAccess
	Header * ^ssdp DenyAccess
	Header User-Agent ^Arachni DenyAccess
	Header User-Agent ^Spider-Pig DenyAccess
	Header User-Agent ^tinfoilsecurity DenyAccess
	Header User-Agent ^@ DenyAccess
	Header User-Agent ^shellshock-scan DenyAccess
	Header User-Agent ^Vega DenyAccess
	Header * ^\(\)\s*\{ DenyAccess
	Header * ^uname DenyAccess
	Header * ^whoami DenyAccess
	Header User-Agent ^friendly-scanner DenyAccess
	Header * ^mxmail.netease.com DenyAccess
	Header * ^muieblackcat DenyAccess
	Header User-Agent ^BOT\sfor\sJCE DenyAccess
	}


	# DEFAULT WEBSITE
	# It is wise to use your IP address as the hostname of the default website
	# and give it a blank webpage. By doing so, automated webscanners won't find
	# your possible vulnerable website.
	#
	Hostname = 98.139.183.24
	WebsiteRoot = /var/www/hiawatha
	StartFile = index.html
	AccessLogfile = /var/log/hiawatha/access.log
	ErrorLogfile = /var/log/hiawatha/error.log
	#ErrorHandler = 404:/error.cgi
	ReverseProxy ^/.* http://www.example.com:80/

	Include /etc/hiawatha/enable-sites/

	# VIRTUAL HOSTS
	# Use a VirtualHost section to declare the websites you want to host.
	#
	#VirtualHost {
	# Hostname = www.my-domain.com
	# WebsiteRoot = /var/www/my-domain/public
	# StartFile = index.php
	# AccessLogfile = /var/www/my-domain/log/access.log
	# ErrorLogfile = /var/www/my-domain/log/error.log
	# TimeForCGI = 5
	# UseFastCGI = PHP5
	# UseToolkit = banshee
	#}


	# DIRECTORY SETTINGS
	# You can specify some settings per directory.
	#
	#Directory {
	# Path = /home/baduser
	# ExecuteCGI = no
	# UploadSpeed = 10,2
	#}