| Prev | Next |
This plugin detects and protects a personal information leakage from your web server. This plugin detects HTTP responses which contain many e-mail addresses. This plugin is used to prevent files with many personal information from downloading unintendedly.
When this plugin detects such files, it raises an alert like following example, and it also logs HTTP request and HTTP response like rules do.
Wed Sep 29 13:06:24 JST 2004 : Alert:192.168.1.2:25553:PLUGIN:net.jumperz.app.MGuardian.plugin.MMailFileDetector::1096430784464_25553
This plugin analyzes HTTP response body line by line. If the total count of lines which contain e-mail address exceeds a certain value, an alert is raised. The value is called "maxCount" and is set to 50 by default. If you want to set this value, add a line to "control" file like this:
mailFileDetector.maxCount=500
This plugin does not block HTTP responses when it detects an information leakage by default. It only raise an alert. If you want this plugin to block the HTTP responses, add a line to "control" file like this:
mailFileDetector.block=true
And additionally, this plugin can be configured to execute a system command when it detects an information leakage. If you want the plugin to do so, add a line to "control" file like this:
mailFileDetector.command=/usr/local/bin/notifyMe
Because this plugin searches strings which can be thought as an e-mail address, it cannot detect a leakage of personal information with no e-mail addresses( for example, only names, addresses, and credit card numbers ). And, this plugin may raise false positives for contents with many e-mail addresses such as archives of mailing lists.
This plugin is made on the assumption that it would be called by GID8.