Skip to content

Instantly share code, notes, and snippets.

@SyntaxC4

SyntaxC4/.user.antixss.ini

Last active June 30, 2018 12:41
Show Gist options
  • Save SyntaxC4/0d7185b30acf477c2033 to your computer and use it in GitHub Desktop.
Save SyntaxC4/0d7185b30acf477c2033 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
.user.antixss.ini
;Read more: http://php.net/manual/en/session.configuration.php#ini.session.cookie-httponly
session.cookie_httponly=1
Raw
.user.forcehttps.ini
;Read More: http://php.net/manual/en/session.configuration.php#ini.session.cookie-secure
session.cookie_secure=1
Raw
.user.uploadsize.config
upload_max_filesize=20M
post_max_size=20M
max_execution_time=300
Raw
addAzureWebsitePHPHandler.sh
azure site handler add '*.php' 'D:\home\site\wwwroot\bin\php\php-cgi.exe'
Raw
InstallPHP.sh
cd site\wwwroot
mkdir bin
cd bin
mkdir php
curl -o php.zip http://windows.php.net/downloads/releases/php-5.5.2-nts-Win32-VC11-x86.zip
unzip php.zip
rm php.zip
Raw
New-AzureWebsitePHPHandler.ps1
$phpMapping = (@{Extension="*.php";ScriptProcessor="d:\home\site\wwwroot\bin\php\php-cgi.exe"})
Set-AzureWebSite -HandlerMappings $phpMapping -Name <website-name>
Raw
php.curlcainfo.ini
; Read more: https://azure.microsoft.com/en-us/documentation/articles/web-sites-php-configure/#changing-phpinisystem-configuration-settings
; Reference: http://php.net/manual/en/curl.configuration.php#ini.curl.cainfo
curl.cainfo="%ProgramFiles(x86)%\Git\bin\curl-ca-bundle.crt"
Raw
web.anticlickjack.config
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.webServer>
<httpProtocol>
<customHeaders>
<!-- Read More: https://developer.mozilla.org/en-US/docs/Web/HTTP/X-Frame-Options?redirectlocale=en-US&redirectslug=The_X-FRAME-OPTIONS_response_header#Configuring_IIS -->
<!-- Values: DENY | SAMEORIGIN | ALLOW-FROM origin-uri -->
<add name="X-Frame-Options" value="SAMEORIGIN" />
</customHeaders>
</httpProtocol>
</system.webServer>
</configuration>
Raw
web.autoheal.config
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.webServer>
<monitoring>
<triggers>
<!-- Scenario #1: Recycling based on Request Count -->
<requests count="1000" timeInterval="00:10:00"/>
<!-- Scenario #2: Recycling based on slow requests -->
<slowRequests timeTaken="00:00:45" count="20" timeInterval="00:02:00" />
<!-- Scenario #3: Logging an event (or recycling) based on HTTP status code(s) -->
<statusCode>
<add statusCode="500" subStatusCode="100" win32StatusCode="0" count="10" timeInterval="00:00:30"/>
</statusCode>
<!-- Scenario #4: Taking custom actions (or recycling/logging) based on memory limit -->
<memory privateBytesInKB="800000"/>
</triggers>
<!-- Scenario #1 & #2 Action -->
<actions value="Recycle"/>
<!-- Scenario #3 Action -->
<actions value="LogEvent"/>
<!-- Scenario #4 Action -->
<actions value="CustomAction">
<customAction exe="d:\home\procdump.exe" parameters="-accepteula w3wp d:\home\w3wp_PID_%1%_" />
</actions>
</monitoring>
</system.webServer>
</configuration>
Raw
web.dipr.config
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.webServer>
<security>
<!-- Full Dynamic IP Restriction Documentation: http://www.iis.net/learn/get-started/whats-new-in-iis-8/iis-80-dynamic-ip-address-restrictions -->
<dynamicIpSecurity> <!-- Change status code by adding the attribute: denyAction="[AbortRequest | Forbidden | NotFound | Unauthorized]" -->
<!-- Scenario #1: Deny by Concurrent Requests -->
<denyByConcurrentRequests enabled="true" maxConcurrentRequests="10"/>
<!-- Scenario #2: Deny by Request Rate -->
<denyByRequestRate enabled="true" maxRequests="10" requestIntervalInMilliseconds="2000"/>
<!-- Scenario #3: Combine Deny by Request Rate & Deny by Concurrent Requests -->
</dynamicIpSecurity>
</security>
</system.webServer>
</configuration>
Raw
web.disable-session-affinity.config
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.webServer>
<httpProtocol>
<customHeaders>
<add name="Arr-Disable-Session-Affinity" value="true" />
</customHeaders>
</httpProtocol>
</system.webServer>
</configuration>
Raw
web.forcehttps.config
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.webServer>
<rewrite>
<rules>
<rule name="Redirect to HTTPS" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="^OFF$" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}" redirectType="Permanent" />
</rule>
</rules>
</rewrite>
</system.webServer>
</configuration>
Raw
web.hsts.config
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<rewrite>
<rules>
<rule name="HTTP to HTTPS redirect" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="off" ignoreCase="true" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}"
redirectType="Permanent" />
</rule>
</rules>
<outboundRules>
<rule name="Add Strict-Transport-Security when HTTPS" enabled="true">
<match serverVariable="RESPONSE_Strict_Transport_Security"
pattern=".*" />
<conditions>
<add input="{HTTPS}" pattern="on" ignoreCase="true" />
</conditions>
<action type="Rewrite" value="max-age=31536000" />
</rule>
</outboundRules>
</rewrite>
</system.webServer>
</configuration>
Raw
web.httpcompression.config
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.webServer>
<httpCompression>
<dynamicTypes>
<add enabled="true" mimeType="application/json"/>
</dynamicTypes>
<staticTypes>
<add enabled="true" mimeType="application/json"/>
</staticTypes>
</httpCompression>
</system.webServer>
</configuration>
Raw
web.ipsecurity.config
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.webServer>
<security>
<ipSecurity allowUnlisted="true" denyAction="NotFound">
<add allowed="true" ipAddress="123.456.0.0" subnetMask="255.255.0.0"/>
</ipSecurity>
</security>
</system.webServer>
</configuration>
Raw
web.mimetype.config
<configuration>
<system.webServer>
<staticContent>
<mimeMap fileExtension=".json" mimeType="application/json" />
<mimeMap fileExtension=".mp4" mimeType="video/mp4" />
<mimeMap fileExtension=".m4v" mimeType="video/m4v" />
</staticContent>
</system.webServer>
</configuration>
Raw
web.netverbs.config
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.webServer>
<handlers>
<remove name="ExtensionlessUrl-Integrated-4.0" />
<add name="ExtensionlessUrl-Integrated-4.0"
path="*."
verb="GET,HEAD,POST,DEBUG,DELETE,PUT"
type="System.Web.Handlers.TransferRequestHandler"
preCondition="integratedMode,runtimeVersionv4.0" />
</handlers>
</system.webServer>
</configuration>
Raw
web.phpverbs.config
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.webServer>
<handlers>
<remove name="PHP53_via_FastCGI" />
<add name="PHP53_via_FastCGI" path="*.php" verb="GET,PUT,POST,DELETE,HEAD,OPTIONS,TRACE,PROPFIND,PROPPATCH,MKCOL,COPY,MOVE,LOCK,UNLOCK" modules="FastCgiModule" scriptProcessor="D:\Program Files (x86)\PHP\v5.3\php-cgi.exe" resourceType="Either" requireAccess="Script" />
</handlers>
</system.webServer>
</configuration>
Raw
web.uploadsize.config
<system.webServer>
<security>
<requestFiltering>
<requestLimits maxAllowedContentLength="524288000"/>
</requestFiltering>
</security>
</system.webServer>
Raw
web.x-powered-by.config
<system.webServer>
<httpProtocol>
<customHeaders>
<remove name="X-Powered-By" />
</customHeaders>
</httpProtocol>
</system.webServer>
Raw
xdebug.ini
zend_extension=D:\devtools\xdebug\2.2.5\php_5.5\php_xdebug-2.2.5-5.5-vc11-nts.dll
xdebug.profiler_enable=1
xdebug.profiler_output_dir=d:\home\LogFiles\debug
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment