Skip to content
Fetching contributors…
Cannot retrieve contributors at this time
153 lines (117 sloc) 7.35 KB
# This configuration only applies if 2 things are true
# 1. You use the AppSensorSecurityConfiguration class as your security config for ESAPI
# 2. You use the AppSensorIntrusionDetector class as your intrusion detector in ESAPI
# This is the list of exceptions to disabling components, ie this list should never be disabled
disable.component.exceptions=/AppSensorDemo/appsensor_locked.jsp,/AppSensorDemo/login.jsp,/AppSensorDemo/updateProfile.jsp
# This is the list of extensions to check for disabling, ie. jsp (for jsp's), do (for struts 1), UpdateProfile (for the UpdateProfile servlet)
disable.component.extensionsToCheck=jsp,do,UpdateProfile,servlet,
# This is the class that handles the response actions
AppSensor.responseAction=org.meri.simpleshirosecuredapplication.intrusiondetection.responseaction.CustomResponseAction
#AppSensor.responseAction=org.owasp.appsensor.intrusiondetection.reference.DefaultResponseAction
# This is the class that handles the intrusion store
AppSensor.intrusionStore=org.owasp.appsensor.intrusiondetection.reference.DefaultIntrusionStore
# This is the class that handles the utility retriever
AppSensor.asUtilities=org.meri.simpleshirosecuredapplication.intrusiondetection.integration.ShiroASUtilities
# This is the class that handles the trend logging
AppSensor.trendLogger=org.owasp.appsensor.trendmonitoring.reference.InMemoryTrendLogger
# This collection of strings is the XSS attack pattern list
xss.attack.patterns=\"><script>,script.*document\\.cookie,<script>,<IMG.*SRC.*=.*script,<iframe>.*</iframe>
# This collection of strings is the SQL Injection attack pattern list
sql.injection.attack.patterns=\\-\\-,\\;,\\/\\*,\\*\\/,\\@\\@,\\@,nchar,varchar,nvarchar,alter,cursor,delete,drop,exec,fetch,insert,kill,sysobjects,syscolumns
# This is the list of all HTTP 1.1 methods
all.http.methods=HEAD,GET,POST,PUT,DELETE,TRACE,OPTIONS,CONNECT
# This is the list of acceptable HTTP 1.1 methods for this application
valid.http.methods=GET,POST
# This string should be configured as the encrypted properties file you want
# Appsensor to use. If you don't want to use one, just leave this commented out.
# The file should be located in the same directory (.esapi) as the
# ESAPI.properties and appsensor.properties files.
#appsensor.encrypted.properties.file=appsensor.encrypted.properties
######### Begin Email Config ##################
# The properties in this section are used only if a detection point
# is configured to respond using the emailAdmin response action
# This is the mail protocol - should be smtp or smtps (secure)
emailAdmin.protocol=smtp
# This is the mail host (smtp server) you use
emailAdmin.host=mail.REPLACEWITHYOURDOMAIN.com
# This is the port the mail host accepts requests on - 25 is the default for smtp
emailAdmin.port=25
# This is a setting that determines if the mail host requires authentication to send an email
# If so, the emailAdmin.send.user and emailAdmin.send.password settings are used as the credentials
emailAdmin.mail.host.authentication.required=true
# This is the user that is used for authentication to the mail host
# it should be configured as a property in the encrypted properties file
# (appsensor.encrypted.properties.file) as (emailAdmin.send.user) if you
# desire to use this property
# emailAdmin.send.user=XXXX
# This is the password that is used for authentication to the mail host
# it should be configured as a property in the encrypted properties file
# (appsensor.encrypted.properties.file) as (emailAdmin.send.password) if you
# desire to use this property
# emailAdmin.send.password=XXXX
# This is the email account that the email should be sent FROM
emailAdmin.from=REPLACEMEWITHYOURFROMEMAIL
# This is the email account that the email should be sent TO
emailAdmin.to=REPLACEMEWITHYOURTOEMAIL
######### End Email Config ####################
######### Begin SMS Config ####################
# The properties in this section are used only if a detection point
# is configured to respond using the smsAdmin response action
# This is the mail protocol - should be smtp or smtps (secure)
smsAdmin.protocol=smtp
# This is the mail host (smtp server) you use
smsAdmin.host=mail.REPLACEWITHYOURDOMAIN.com
# This is the port the mail host accepts requests on - 25 is the default for smtp
smsAdmin.port=25
# This is a setting that determines if the mail host requires authentication to send an email
# If so, the emailAdmin.send.user and emailAdmin.send.password settings are used as the credentials
smsAdmin.mail.host.authentication.required=true
# This is the user that is used for authentication to the mail host
# it should be configured as a property in the encrypted properties file
# (appsensor.encrypted.properties.file) as (smsAdmin.send.user) if you
# desire to use this property
# smsAdmin.send.user=XXXX
# This is the password that is used for authentication to the mail host
# it should be configured as a property in the encrypted properties file
# (appsensor.encrypted.properties.file) as (smsAdmin.send.password) if you
# desire to use this property
# smsAdmin.send.password=XXXX
# This is the email account that the email should be sent FROM
smsAdmin.from=REPLACEMEWITHYOURFROMEMAIL
# This is the sms account that the email should be sent TO
# This is likely going to be 10digitphonenumber@carrier.com
# ie. 0123456789@text.att.net or something along those lines
# Note: this can be a comma separated list of emails if you like
smsAdmin.to=REPLACEMEWITHYOURTOEMAIL
######### End SMS Config ######################
# ------------------------- detection points --------------------------------
# XSS attack -- be careful about these settings
# clear attack event, taking action immediately
IntrusionDetector.IE1.count=1
# clear log after 20 minutes
IntrusionDetector.IE1.interval=1200
# first offense log user out, second disable account
IntrusionDetector.IE1.actions=logout, disable
# SQL injection -- be careful about these settings
# clear attack event, taking action immediately
IntrusionDetector.CIE1.count=1
# clear log after 20 minutes
IntrusionDetector.CIE1.interval=1200
# first offense log user out, second disable account
IntrusionDetector.CIE1.actions=logout, disable
# number of intrusions in a specified segment of time that constitutes the upper threshold - once crossed, it's considered an "attack"
IntrusionDetector.ACTION_NOT_PERMITTED.count=1
# segment of time (in seconds)
IntrusionDetector.ACTION_NOT_PERMITTED.interval=600
# list of actions you want executed in the specified order as the threshold for this intrusion is met - ie. log the first time, logout the user the second time, etc.
IntrusionDetector.ACTION_NOT_PERMITTED.actions=warn, disable
# number of intrusions in a specified segment of time that constitutes the upper threshold - once crossed, it's considered an "attack"
IntrusionDetector.ACTION_DOES_NOT_EXISTS.count=1
# segment of time (in seconds)
IntrusionDetector.ACTION_DOES_NOT_EXISTS.interval=600
# some integer - duration of time to disable
IntrusionDetector.ACTION_DOES_NOT_EXISTS.disableComponentForUser.duration=30
# some measure of time, currently supported are s,m,h,d (second, minute, hour, day)
IntrusionDetector.ACTION_DOES_NOT_EXISTS.disableComponentForUser.timeScale=m
# list of actions you want executed in the specified order as the threshold for this intrusion is met - ie. log the first time, logout the user the second time, etc.
IntrusionDetector.ACTION_DOES_NOT_EXISTS.actions=disableComponentForUser
Something went wrong with that request. Please try again.