From 11ea887f55c6c654d38373a79ee00b7aa1d9d1d6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=C4=8Ceslav=20Przywara?= <cp@bluechip.at>
Date: Mon, 29 Jul 2024 12:42:27 +0200
Subject: [PATCH] Implement ASP files rule completely...

Follow-up to 873ccd1.

See #161.
---
 README.md                                             | 11 ++++++-----
 .../Security/Modules/BadRequestsBanner/Settings.php   |  6 ++++++
 2 files changed, 12 insertions(+), 5 deletions(-)

diff --git a/README.md b/README.md
index da2e07b..c7c9890 100644
--- a/README.md
+++ b/README.md
@@ -144,11 +144,12 @@ Passwords are validated on user creation, password change or password reset. If
 
 Remote IP addresses that are scanning your website for weaknesses can be automatically [blocked](#internal-blocklist) for configured amount of time. Such scanners can be usually quite easily detected because while scanning a website they trigger a lot of 404 errors and URLs they try to access differ from "valid" 404 errors: usually they try to find a known vulnerable plugin, forgotten backup file or PHP script used for administrative purposes.
 
-There are four built-in rules available (they are not active by default):
-1. ban when non-existent PHP file is requested (any URL ending with `.php`)
-2. ban when non-existent archive file is requested (any URL ending with `.tgz` or `.zip`)
-3. ban when non-existent backup file is requested (any URL targeting file with `backup` in basename or with `.back`, `.old` or `.tmp` extension)
-4. ban when non-existent `readme.txt` file is accessed
+There are five built-in rules available (they are not active by default):
+1. ban when non-existent APS file is requested (any URL ending with `.asp` or `.aspx`)
+2. ban when non-existent PHP file is requested (any URL ending with `.php`)
+3. ban when non-existent archive file is requested (any URL ending with `.tgz` or `.zip`)
+4. ban when non-existent backup file is requested (any URL targeting file with `backup` in basename or with `.back`, `.old` or `.tmp` extension)
+5. ban when non-existent `readme.txt` file is accessed
 
 You may define custom rules as well (in form of regular expression).
 
diff --git a/classes/BlueChip/Security/Modules/BadRequestsBanner/Settings.php b/classes/BlueChip/Security/Modules/BadRequestsBanner/Settings.php
index 0fe58b4..1ca0e79 100644
--- a/classes/BlueChip/Security/Modules/BadRequestsBanner/Settings.php
+++ b/classes/BlueChip/Security/Modules/BadRequestsBanner/Settings.php
@@ -13,6 +13,11 @@ class Settings extends CoreSettings
      */
     public const BUILT_IN_RULE_ARCHIVE_FILES = BuiltInRules::ARCHIVE_FILES;
 
+    /**
+     * @var string Is built-in rule "ASP files" active? [bool:no]
+     */
+    public const BUILT_IN_RULE_ASP_FILES = BuiltInRules::ASP_FILES;
+
     /**
      * @var string Is built-in rule "Backup files" active? [bool:no]
      */
@@ -50,6 +55,7 @@ class Settings extends CoreSettings
      */
     protected const DEFAULTS = [
         self::BUILT_IN_RULE_ARCHIVE_FILES => false,
+        self::BUILT_IN_RULE_ASP_FILES => false,
         self::BUILT_IN_RULE_BACKUP_FILES => false,
         self::BUILT_IN_RULE_PHP_FILES => false,
         self::BUILT_IN_RULE_README_FILES => false,