1 | <?xml version="1.0" encoding="UTF-8"?>
|
2 | <!DOCTYPE policymap [
|
3 | <!ELEMENT policymap (policy)+>
|
4 | <!ELEMENT policy (#PCDATA)>
|
5 | <!ATTLIST policy domain (delegate|coder|filter|path|resource) #IMPLIED>
|
6 | <!ATTLIST policy name CDATA #IMPLIED>
|
7 | <!ATTLIST policy rights CDATA #IMPLIED>
|
8 | <!ATTLIST policy pattern CDATA #IMPLIED>
|
9 | <!ATTLIST policy value CDATA #IMPLIED>
|
10 | ]>
|
11 | |
12 | Configure ImageMagick policies.
|
13 |
|
14 | Domains include system, delegate, coder, filter, path, or resource.
|
15 |
|
16 | Rights include none, read, write, and execute. Use | to combine them,
|
17 | for example: "read | write" to permit read from, or write to, a path.
|
18 |
|
19 | Use a glob expression as a pattern.
|
20 |
|
21 | Suppose we do not want users to process MPEG video images:
|
22 |
|
23 | <policy domain="delegate" rights="none" pattern="mpeg:decode" />
|
24 |
|
25 | Here we do not want users reading images from HTTP:
|
26 |
|
27 | <policy domain="coder" rights="none" pattern="HTTP" />
|
28 |
|
29 | Lets prevent users from executing any image filters:
|
30 |
|
31 | <policy domain="filter" rights="none" pattern="*" />
|
32 |
|
33 | The /repository file system is restricted to read only. We use a glob
|
34 | expression to match all paths that start with /repository:
|
35 |
|
36 | <policy domain="path" rights="read" pattern="/repository/*" />
|
37 |
|
38 | Let's prevent possible exploits by removing the right to use indirect reads.
|
39 |
|
40 | <policy domain="path" rights="none" pattern="@*" />
|
41 |
|
42 | Any large image is cached to disk rather than memory:
|
43 |
|
44 | <policy domain="resource" name="area" value="1GB"/>
|
45 |
|
46 | Define arguments for the memory, map, area, width, height, and disk resources
|
47 | with SI prefixes (.e.g 100MB). In addition, resource policies are maximums
|
48 | for each instance of ImageMagick (e.g. policy memory limit 1GB, -limit 2GB
|
49 | exceeds policy maximum so memory limit is 1GB).
|
50 | -->
|
51 | <policymap>
|
52 |
|
53 | <policy domain="resource" name="memory" value="256MiB"/>
|
54 | <policy domain="resource" name="map" value="512MiB"/>
|
55 | <policy domain="resource" name="width" value="16KP"/>
|
56 | <policy domain="resource" name="height" value="16KP"/>
|
57 | <policy domain="resource" name="area" value="128MB"/>
|
58 | <policy domain="resource" name="disk" value="1GiB"/>
|
59 |
|
60 |
|
61 |
|
62 |
|
63 |
|
64 |
|
65 |
|
66 |
|
67 | <policy domain="delegate" rights="none" pattern="URL" />
|
68 | <policy domain="delegate" rights="none" pattern="HTTPS" />
|
69 | <policy domain="delegate" rights="none" pattern="HTTP" />
|
70 |
|
71 | <policy domain="path" rights="none" pattern="@*"/>
|
72 | <policy domain="cache" name="shared-secret" value="passphrase" stealth="true"/>
|
73 |
|
74 | <policy domain="coder" rights="none" pattern="PS" />
|
75 | <policy domain="coder" rights="none" pattern="EPI" />
|
76 | <policy domain="coder" rights="none" pattern="PDF" />
|
77 | <policy domain="coder" rights="none" pattern="XPS" />
|
78 | </policymap>
|