templates - fine tune low, medium and high

2026-05-24 09:28:37 +00:00 · 2024-05-01 16:43:29 +02:00 · 2024-05-01 16:43:29 +02:00 · e79d14498f
commit e79d14498f
parent b506453a46
3 changed files with 18 additions and 7 deletions
--- a/src/common/templates/high.json
+++ b/src/common/templates/high.json
@ -11,9 +11,10 @@
                "REVERSE_PROXY_HOST": "http://my-upstream-server:8080",
                "REVERSE_PROXY_URL": "/",
                "REVERSE_PROXY_INTERCEPT_ERRORS": "yes",
-                "REVERSE_PROXY_WS": "yes",
+                "REVERSE_PROXY_WS": "no",
                "REVERSE_PROXY_CUSTOM_HOST": "",
-                "REVERSE_PROXY_HEADERS": "Accept-Encoding ''"
+                "REVERSE_PROXY_HEADERS": "Accept-Encoding ''",
+                "SERVE_FILES": "no"
            }
        },
        {
@ -28,6 +29,7 @@
            "name": "HTTP configuration",
            "description": "Miscellaneous settings related to HTTP protocol.",
            "settings": {
+                "DENY_HTTP_STATUS": "444",
                "USE_GZIP": "yes",
                "USE_BROTLI": "yes",
                "ALLOWED_METHODS": "GET|POST|HEAD",
@ -100,6 +102,14 @@
                "CORS_ALLOW_ORIGIN": ""
            }
        },
+        {
+            "name": "Reverse scan",
+            "description": "Configure reverse scan of client to detect open proxy or datacenter connections.",
+            "settings": {
+                "USE_REVERSE_SCAN": "yes",
+                "REVERSE_SCAN_PORTS": "22 80 443 3128 8000 8080"
+            }
+        },
        {
            "name": "ModSecurity",
            "description": "Enable/disable and configure ModSecurity on your web service.",
--- a/src/common/templates/low.json
+++ b/src/common/templates/low.json
@ -35,7 +35,8 @@
                "CONTENT_SECURITY_POLICY": "",
                "X_FRAME_OPTIONS": "",
                "PERMISSIONS_POLICY": "",
-                "FEATURE_POLICY": ""
+                "FEATURE_POLICY": "",
+                "KEEP_UPSTREAM_HEADERS": "*"
            }
        },
        {
@ -43,9 +44,9 @@
            "description": "Configure automatic bans when detecting bad behaviors on your web service.",
            "settings": {
                "USE_BAD_BEHAVIOR": "yes",
-                "BAD_BEHAVIOR_STATUS_CODES": "400 401 403 404 405 429 444",
+                "BAD_BEHAVIOR_STATUS_CODES": "400 401 403 405 429 444",
                "BAD_BEHAVIOR_BAN_TIME": "3600",
-                "BAD_BEHAVIOR_THRESHOLD": "30",
+                "BAD_BEHAVIOR_THRESHOLD": "20",
                "BAD_BEHAVIOR_COUNT_TIME": "60"
            }
        },
@ -58,7 +59,7 @@
                "LIMIT_CONN_MAX_HTTP2": 200,
                "USE_LIMIT_REQ": "yes",
                "LIMIT_REQ_URL": "/",
-                "LIMIT_REQ_RATE": "4r/s"
+                "LIMIT_REQ_RATE": "5r/s"
            }
        },
        {
--- a/src/common/templates/medium.json
+++ b/src/common/templates/medium.json
@ -11,7 +11,7 @@
                "REVERSE_PROXY_HOST": "http://my-upstream-server:8080",
                "REVERSE_PROXY_URL": "/",
                "REVERSE_PROXY_INTERCEPT_ERRORS": "yes",
-                "REVERSE_PROXY_WS": "yes",
+                "REVERSE_PROXY_WS": "no",
                "REVERSE_PROXY_CUSTOM_HOST": "",
                "REVERSE_PROXY_HEADERS": "Accept-Encoding ''"
            }