Compare commits

...

2 commits

Author SHA1 Message Date
1a4fb6246b docs: update the non-standard code configuration to forbid access to .env and .git
Some checks failed
Deploy Next.js application / deploy (push) Has been cancelled
2024-09-10 19:43:13 +02:00
b7e2ec9d63 docs: fix invalid JSON on example easywaf-config.json file 2024-09-10 19:37:39 +02:00

View file

@ -57,7 +57,7 @@ If you're using SVR.JS behind a reverse proxy, you need to configure _trustProxy
Example _easywaf-config.json_ file: Example _easywaf-config.json_ file:
```json ```json
{ {
"modules" : { "modules": {
"xss": { "xss": {
"excludePaths": "/^\\/(?:git\\/)?(?:(?!\\.git).)*\\.git\\/|^\\/(?:(?:navbar-)?logo|powered).png$/" "excludePaths": "/^\\/(?:git\\/)?(?:(?!\\.git).)*\\.git\\/|^\\/(?:(?:navbar-)?logo|powered).png$/"
}, },
@ -109,7 +109,7 @@ It's also recommended to forbid the access to ".env" file and ".git" directories
"nonStandardCodes": [ "nonStandardCodes": [
{ {
"scode": 403, "scode": 403,
"regex": "/^\\/\\.env(?:\\.local)?(?:$|[#?])/" "regex": "/^\\/\\.env(?:\\.local|\\.production)?(?:$|[#?])/"
}, },
{ {
"scode": 403, "scode": 403,