50 lines
1.1 KiB
PHP
50 lines
1.1 KiB
PHP
<?php
|
|
/**
|
|
* OpenSMTPD Admin Session Hardening
|
|
* by Jeroen Janssen <jeroen at laylo dot io>
|
|
* Copyright (c) 2022 LAYLO
|
|
*/
|
|
|
|
/* Compress the output */
|
|
if (version_compare(PHP_VERSION, 8.0, '<')) {
|
|
ini_set('zlib.output_compression', 'On');
|
|
}
|
|
|
|
/* Limit the cookies to the session lifetime */
|
|
ini_set('session.cookie_lifetime', 0);
|
|
|
|
/* Use only cookies */
|
|
ini_set('session.use_cookie', 1);
|
|
ini_set('session.use_only_cookies', 1);
|
|
|
|
/* Use strict session mode */
|
|
ini_set('session.use_strict_mode', 1);
|
|
|
|
/* Limit session cookie to HTTP */
|
|
ini_set('session.cookie_httponly', 1);
|
|
if (version_compare(PHP_VERSION, 7.3, '>=')) {
|
|
ini_set('session.cookie_samesite', 'Strict');
|
|
}
|
|
|
|
/* Only set cookies on HTTPS */
|
|
ini_set('session.cookie_secure', 1);
|
|
|
|
/* GC max lifetime */
|
|
ini_set('session.gc_maxlifetime', 1440);
|
|
|
|
/* Disable trans sid */
|
|
ini_set('session.use_trans_sid', 0);
|
|
|
|
/* Do not allow session cache */
|
|
ini_set('session.cache_limiter', 'nocache');
|
|
|
|
/* Set the cookie hash to SHA256 */
|
|
ini_set('session.hash_function', 'sha256');
|
|
|
|
// Set the session name
|
|
ini_set('session.name', 'osmtpda_session');
|
|
|
|
// Disallow remote includes
|
|
ini_set('allow_url_include', 0);
|
|
?>
|