Update default config

This change updates the default configuration file by removing most comments. Configuration options will be documented separately.

The regex patterns in the default ruleset for HTTP honeypots is simplified.

configs/default-config.xml

@@ -1,50 +1,24 @@
 <?xml version="1.0" encoding="UTF-8"?>
 
-<!-- =========== -->
-<!-- Deceptifeed -->
-<!-- =========== -->
+<!-- Deceptifeed Configuration -->
 <config>
 
-  <!-- The default log path for honeypot servers. -->
+  <!-- The default log path for honeypot servers -->
   <defaultLogPath>/opt/deceptifeed/logs/honeypot.log</defaultLogPath>
 
-  <!--
-  ===========================================================================
-  Threat Feed Configuration
-  ===========================================================================
-  This section controls the settings for the threat feed server, which
-  provides a list of IP addresses observed interacting with your honeypot
-  servers.
-  -->
+  <!-- Threat Feed Configuration -->
   <threatFeed>
     <enabled>true</enabled>
     <port>9000</port>
     <databasePath>/opt/deceptifeed/logs/threatfeed.csv</databasePath>
     <threatExpiryHours>336</threatExpiryHours>
     <minimumThreatScore>0</minimumThreatScore>
-    <isPrivateIncluded>false</isPrivateIncluded>
+    <includePrivateIPs>false</includePrivateIPs>
     <customThreatsPath></customThreatsPath>
     <excludeListPath></excludeListPath>
   </threatFeed>
 
-  <!--
-  =============================================================================
-  Honeypot Server Configuration
-  =============================================================================
-  This section allows you to define any number of honeypot servers. Each server
-  accepts network connections, logs interactions from clients, and updates the
-  threat feed with the connecting client's IP address.
-  
-  Use the `<server>` element to define a honeypot, and the `type` attribute to
-  specify the server's role (for example, <server type="http"> ... </server>).
-  
-  Available server types:
-  - "ssh"   SSH server. Records, but rejects every login attempt.
-  - "http"  Web server. Returns error codes for requests outside the homepage.
-  - "https" Web server. Returns error codes for requests outside the homepage.
-  - "tcp"   Simulates a generic TCP-based service.
-  - "udp"   Records incoming data. Does not send responses.
-  -->
+  <!-- Honeypot Server Configuration -->
   <honeypotServers>
 
     <!-- SSH honeypot server on port 2222 -->
@@ -66,21 +40,11 @@
       <sendToThreatFeed>true</sendToThreatFeed>
       <threatScore>1</threatScore>
       <rules>
-        <!-- Update the threat feed if any of the following conditions match: -->
-        <!-- File extensions, dot files, and paths -->
-        <include target="path">(?i)\.(asp|bak|cfm|cgi|dll|ds_store|env|esp|git|htaccess|ini|jhtml|js|key|log|pem|php|pl|sh|ssh|ssl|yml)</include>
-        <include target="path">(?i)(api|admin|aws|cfide|cgi-bin|config|cscoe|dashboard|data|env|login|manage|owa|panel|portal|query|readme|remote|sdk|server|setup|status|store|user|vpn|wp-)</include>
-        <!-- Query values -->
-        <include target="query">(?i)(action|conf|dns|file|form|json|login|php|q=|url|user)</include>
-        <!-- Directory traversal attempts -->
-        <include target="path">\.\.</include>
-        <include target="query">\.\.</include>
-        <include target="lang">\.\.</include>
-        <!-- Authorization header is set -->
+        <!-- Update the threat feed if any of the following rules match: -->
+        <include target="path" negate="true">(?i)^(/|/index\.html|/favicon\.ico|/robots\.txt|/sitemap\.xml|/\.well-known/\w+\.txt)$</include>
+        <include target="query">(?i)(action|conf|dns|file|form|http|id=|json|login|php|q=|url|user|\.\.)</include>
         <include target="authorization">.*</include>
-        <!-- An HTTP method that is not GET, HEAD or OPTIONS -->
         <include target="method" negate="true">(?i)^(GET|HEAD|OPTIONS)$</include>
-        <!-- User agents -->
         <include target="user-agent">(?i)(curl|go-http-client|httpclient|java|libwww|nikto|nmap|php|python|wget)</include>
         <include target="user-agent">^$</include>
       </rules>
@@ -96,21 +60,11 @@
       <certPath>/opt/deceptifeed/certs/https-cert.pem</certPath>
       <keyPath>/opt/deceptifeed/certs/https-key.pem</keyPath>
       <rules>
-        <!-- Update the threat feed if any of the following conditions match: -->
-        <!-- File extensions, dot files, and paths -->
-        <include target="path">(?i)\.(asp|bak|cfm|cgi|dll|ds_store|env|esp|git|htaccess|ini|jhtml|js|key|log|pem|php|pl|sh|ssh|ssl|yml)</include>
-        <include target="path">(?i)(api|admin|aws|cfide|cgi-bin|config|cscoe|dashboard|data|env|login|manage|owa|panel|portal|query|readme|remote|sdk|server|setup|status|store|user|vpn|wp-)</include>
-        <!-- Query values -->
-        <include target="query">(?i)(action|conf|dns|file|form|json|login|php|q=|url|user)</include>
-        <!-- Directory traversal attempts -->
-        <include target="path">\.\.</include>
-        <include target="query">\.\.</include>
-        <include target="lang">\.\.</include>
-        <!-- Authorization header is set -->
+        <!-- Update the threat feed if any of the following rules match: -->
+        <include target="path" negate="true">(?i)^(/|/index\.html|/favicon\.ico|/robots\.txt|/sitemap\.xml|/\.well-known/\w+\.txt)$</include>
+        <include target="query">(?i)(action|conf|dns|file|form|http|id=|json|login|php|q=|url|user|\.\.)</include>
         <include target="authorization">.*</include>
-        <!-- An HTTP method that is not GET, HEAD or OPTIONS -->
         <include target="method" negate="true">(?i)^(GET|HEAD|OPTIONS)$</include>
-        <!-- User agents -->
         <include target="user-agent">(?i)(curl|go-http-client|httpclient|java|libwww|nikto|nmap|php|python|wget)</include>
         <include target="user-agent">^$</include>
       </rules>