$Id: README.txt,v 1.11.2.2.2.2 2008-03-22 16:20:01 swentel Exp $

IMPORTANT
---------

PHP5 only! (5.2.x recommended) Like Drupal, I also support the gophp5.org initiative.
(http://gophp5.org/). See also the php4 end of life announcement on php.net.

DESCRIPTION
-----------

This module adds an extra security layer to Drupal and recognizes (most)
malicious input. It always logs the impact and can send out mail or redirect 
to a warning page after a certain level of impact was reached if you want to.
User 1 is always ignored (unless someone really thinks otherwise) and anonymous users 
are always monitored.

INSTALLATION
------------

1) Download the latest PHPIDS package from http://www.phpids.org. 
   Warning: the php4 port does not work with this module.
2) Unpack the tar/zip and move the IDS directory in phpids-0.x/lib
   to the module directory of phpids.
3) make sure the IDS/tmp folder is writable (for caching the filters)
   On *nix: chown webuser:webuser IDS/tmp (or a chmod 666, but try to avoid that)

There is a Config.ini in the IDS/Config folder, do not worry, it's harmless, just keep
it like it is.

CONFIGURATION AND TESTING
-------------------------

After that, enable the module and surf to the settings page on
http://example.com/?q=admin/settings/phpids and change the default
settings to your needs.

Test if PHPIDS starts logging - user 1 is ignored.

* normal log level
  http://example.com/?q=admin/logs/watchdog&test=">XXX
* mail level - if you filled in an email
  http://example.com/?q=admin/logs/watchdog&test=">XXX<"><script>
* warning level - redirects the (anonymous) user (if configured like that)
  http://example.com/?q=admin/logs/watchdog&test=<script>alert('hi')</script>&test2=<script>alert('hi2'></script>
  
You should see entries in the watchdog module. You can filter on 'phpids'.

BUG REPORTS
-----------

Please file bug reports on http://drupal.org/project/phpids
New features will not be implemented in version 5.x, only bugs will be fixed.