| blob | f54ee2d8ddae24d5ae238220c4ad18f5dc017351 |
2 Configuration Ideas
4 Here are some theoretical configuration ideas that we could implement some
5 time. Note the naming convention: %Namespace.Directive. If you want one
6 implemented, give us a ring, and we'll move it up the priority chain.
8 %Attr.RewriteFragments - if there's %Attr.IDPrefix we may want to transparently
9 rewrite the URLs we parse too. However, we can only do it when it's a pure
10 anchor link, so it's not foolproof
12 %Attr.ClassBlacklist,
13 %Attr.ClassWhitelist,
14 %Attr.ClassPolicy - determines what classes are allowed. When
15 %Attr.ClassPolicy is set to Blacklist, only allow those not in
16 %Attr.ClassBlacklist. When it's Whitelist, only allow those in
17 %Attr.ClassWhitelist.
19 %Attr.MaxWidth,
20 %Attr.MaxHeight - caps for width and height related checks.
21 (the hack in Pixels for an image crashing attack could be replaced by this)
23 %URI.AddRelNofollow - will add rel="nofollow" to all links, preventing the
24 spread of ill-gotten pagerank
26 %URI.HostBlacklistRegex - regexes that if matching the host are disallowed
27 %URI.HostWhitelist - domain names that are excluded from the host blacklist
28 %URI.HostPolicy - determines whether or not its reject all and then whitelist
29 or allow all in then do specific blacklists with whitelist intervening.
30 'DenyAll' or 'AllowAll' (default)
32 %URI.DisableIPHosts - URIs that have IP addresses for hosts are disallowed.
33 Be sure to also grab unusual encodings (dword, hex and octal), which may
34 be currently be caught by regular DNS
35 %URI.DisableIDN - Disallow raw internationalized domain names. Punycode
36 will still be permitted.
38 %URI.ConvertUnusualIPHosts - transform dword/hex/octal IP addresses to the
39 regular form
40 %URI.ConvertAbsoluteDNS - Remove extra dots after host names that trigger
41 absolute DNS. While this is actually the preferred method according to
42 the RFC, most people opt to use a relative domain name relative to . (root).
44 vim: et sw=4 sts=4