FOSSBilling 配置
以下文档 config.php 配置文件下的安全选项。
安全选项
属性描述
| 配置属性 | 默认值 | 允许值 | 描述 |
|---|---|---|---|
mode | strict | strictor regular | Setting this to strictsets cookies to have their samesiteattribute set to strictand they will be set as httpOnly. Setting it to regularwill use the default cookie properties except that they will still be set as httpOnly. |
force_https | true | bool | Setting this to true will cause FOSSBilling to redirect all requests to HTTPS and force cookies to only be sent over HTTPS. |
cookie_lifespan | 7200 | int | This property configures the number of seconds that cookies and session is considered valid for. After this time period, they will expire and be destroyed. The default configuration is 7200seconds (2 hours). |
配置中的示例
'security' => [ 'mode' => 'strict', 'force_https' => true, 'cookie_lifespan' => 7200,],API 选项
属性描述
| 配置属性 | 默认值 | 允许值 | 描述 |
|---|---|---|---|
CSRFPrevention | true | bool | Enables or disables the usage of a CSRF protection system. This should be enabled at all times unless it is specifically causing issues. |
配置中的示例
'api' => [ 'CSRFPrevention' => true,],Cloudflare
- 启用
IP Geolocation在您网站的网络设置下。这将允许 FOSSBilling 使用访问者的国家/地区(基于IP地址)来帮助防止会话劫持。
反向代理
指示 HTTPS
由于反向代理通常的工作方式,使用它通常会让 FOSSBilling 认为它是在没有 HTTPS 的情况下访问的。要解决这个问题,只需确保您的反向代理正在转发 X-Forwarded-Proto 标头,并且它已正确设置为 https。