-
-
Notifications
You must be signed in to change notification settings - Fork 21
Expand file tree
/
Copy path.env.default
More file actions
43 lines (34 loc) · 2.25 KB
/
.env.default
File metadata and controls
43 lines (34 loc) · 2.25 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
# Application mode. Setting "production" enables a hard repository reset before each git pull.
# Allowed values: production, development
NODE_ENV=production
# Cloudflare API token required to manage WAF rules.
# Required permissions are described in the README: https://github.com/sefinek/Cloudflare-WAF-Expressions#tutorial-for-linux
# Generate your token here: https://dash.cloudflare.com/profile/api-tokens
CF_API_TOKEN=
# Cloudflare Account ID (usually 32 characters), visible in the URL after logging in: dash.cloudflare.com/<account_id>/...
# Required only for IP list synchronization (rules/ip-blocklist.txt → Cloudflare Lists).
# Without this variable, synchronization will be skipped and WAF rules will work normally, but with reduced effectiveness.
CF_ACCOUNT_ID=
# Name of the managed IP list in Cloudflare. Do not create it manually - it will be created automatically.
# Allowed characters: lowercase letters, digits and underscores.
# The name is automatically injected into WAF expressions - the reference in expressions.md always matches this value.
CF_IP_LIST_NAME=sefinek_cf_waf
# PHP support.
# false: requests to .php files trigger a Managed Challenge (Part 5).
# true: the .php rule from Part 5 is removed, .php files pass through without any verification.
PHP_SUPPORT=false
# SniffCat API token for fetching a dynamic list of malicious IP addresses. Highly recommended for maximum effectiveness.
# Leave empty to disable this integration. More info: https://sniffcat.com
SNIFFCAT_API_TOKEN=
# Minimum confidence level (0-100) required to include an IP address from SniffCat.
# Higher values return fewer results, but with greater certainty that the IPs are actually malicious.
SNIFFCAT_CONFIDENCE_MIN=78
# Maximum number of IP addresses fetched from SniffCat per request.
# Cloudflare allows up to 10,000 entries per IP list - do not exceed this limit.
SNIFFCAT_LIMIT=3000
# Cron schedule for automatically pulling updates from the repository (git pull).
# Default: every day at 13:00. When changes are detected, the script runs "npm ci --omit=dev" and then restarts the app via PM2.
GIT_PULL_CRON="0 13 * * *"
# Cron schedule for updating WAF rules in Cloudflare.
# Default: every day at 11:00, 14:00, 16:00, 18:00 and 20:00.
RULES_UPDATE_CRON="0 11,14,16,18,20 * * *"