Add additional PHP settings and cookie configurations

core/files/configure_misp.sh

@@ -219,6 +219,35 @@ set_up_aad() {
     sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "Security.require_password_confirmation" false
 }
 
+set_session() {
+    # Command to modify MISP session configuration
+    sudo -u www-data php /var/www/MISP/tests/modify_config.php modify "{
+        \"Session\": {
+            \"timeout\": ${PHP_TIMEOUT},
+            \"cookie_timeout\": ${PHP_COOKIE_TIMEOUT},
+            \"defaults\": \"${PHP_DEFAULTS}\",
+            \"autoRegenerate\": ${PHP_AUTO_REGENERATE},
+            \"checkAgent\": ${PHP_CHECK_AGENT},
+            \"ini\": {
+                \"session.cookie_secure\": ${PHP_COOKIE_SECURE},
+                \"session.cookie_domain\": \"${PHP_COOKIE_DOMAIN}\",
+                \"session.cookie_samesite\": \"${PHP_COOKIE_SAMESITE}\"
+            }
+        }
+    }" > /dev/null
+
+    echo "... Session configured."
+}
+
+set_up_proxy() {
+    if [[ "$PROXY_ENABLE" == "true" ]]; then
+        echo "... configuring proxy settings"
+        init_settings "proxy"
+    else
+        echo "... Proxy disabled"
+    fi
+}
+
 set_up_proxy() {
     if [[ "$PROXY_ENABLE" == "true" ]]; then
         echo "... configuring proxy settings"
@@ -411,6 +440,8 @@ echo "MISP | Set Up LDAP ..." && set_up_ldap
 
 echo "MISP | Set Up AAD ..." && set_up_aad
 
+echo "MISP | Set Up Session ..." && set_session
+
 echo "MISP | Set Up Proxy ..." && set_up_proxy
 
 echo "MISP | Mark instance live"

core/files/entrypoint.sh

@@ -45,6 +45,15 @@ export PHP_UPLOAD_MAX_FILESIZE=${PHP_UPLOAD_MAX_FILESIZE:-50M}
 export PHP_POST_MAX_SIZE=${PHP_POST_MAX_SIZE:-50M}
 export PHP_MAX_INPUT_TIME=${PHP_MAX_INPUT_TIME:-300}
 
+export PHP_TIMEOUT=${PHP_TIMEOUT:-60}
+export PHP_COOKIE_TIMEOUT=${PHP_COOKIE_TIMEOUT:-10080}
+export PHP_DEFAULTS=${PHP_DEFAULTS:-php}
+export PHP_AUTO_REGENERATE=${PHP_AUTO_REGENERATE:-false}
+export PHP_CHECK_AGENT=${PHP_CHECK_AGENT:-false}
+export PHP_COOKIE_SECURE=${PHP_COOKIE_SECURE:-true}
+export PHP_COOKIE_DOMAIN=${PHP_COOKIE_DOMAIN:}
+export PHP_COOKIE_SAMESITE=${PHP_COOKIE_SAMESITE:-Lax}
+
 export NGINX_X_FORWARDED_FOR=${NGINX_X_FORWARDED_FOR:-false}
 export NGINX_SET_REAL_IP_FROM=${NGINX_SET_REAL_IP_FROM}
 

docker-compose.yml

@@ -197,7 +197,16 @@ services:
       - "HSTS_MAX_AGE=${HSTS_MAX_AGE}"
       - "X_FRAME_OPTIONS=${X_FRAME_OPTIONS}"
       - "CONTENT_SECURITY_POLICY=${CONTENT_SECURITY_POLICY}"
-  
+      # Additional PHP settings
+      - "PHP_TIMEOUT=${PHP_TIMEOUT:-60}"
+      - "PHP_COOKIE_TIMEOUT=${PHP_COOKIE_TIMEOUT:-10080}"
+      - "PHP_DEFAULTS=${PHP_DEFAULTS:-php}"
+      - "PHP_AUTO_REGENERATE=${PHP_AUTO_REGENERATE:-false}"
+      - "PHP_CHECK_AGENT=${PHP_CHECK_AGENT:-false}"
+      - "PHP_COOKIE_SECURE=${PHP_COOKIE_SECURE:-true}"
+      - "PHP_COOKIE_DOMAIN=${PHP_COOKIE_DOMAIN:}"
+      - "PHP_COOKIE_SAMESITE=${PHP_COOKIE_SAMESITE:-Lax}"
+
   misp-modules:
     image: ghcr.io/misp/misp-docker/misp-modules:${MODULES_RUNNING_TAG:-latest}
     build:

template.env

@@ -185,6 +185,16 @@ SYNCSERVERS_1_PULL_RULES=
 # PHP_POST_MAX_SIZE=50M
 # PHP_MAX_INPUT_TIME=300
 
+# Additional PHP settings
+# PHP_TIMEOUT=60
+# PHP_COOKIE_TIMEOUT=10080
+# PHP_DEFAULTS=php
+# PHP_AUTO_REGENERATE=false
+# PHP_CHECK_AGENT=false
+# PHP_COOKIE_SECURE=true
+# PHP_COOKIE_DOMAIN=
+# PHP_COOKIE_SAMESITE=Lax
+
 # MariaSQL/MySQL (InnoDB) configuration
 # INNODB_BUFFER_POOL_SIZE=2048M
 # INNODB_CHANGE_BUFFERING=none