EasySite FireWall 防火墙模块
程序员文章站
2022-05-24 11:14:13
...
EasySite FireWall 防火墙模块
<?php /** EasySite FireWall 防火墙模块 13:25 2012/7/23 */ define('FW_ADMIN_KEY', '21232f297a57a5a743894a0e4a801fc3'); // 超级管理员密钥 define('FW_IP_RULE_FILE', APP_PATH.'Runtime/Conf/Config.Iprule.php'); $FW_DEFEND_IP_ON = false; // 开启IP规则过滤 $FW_DEFEND_IP_TP = 1; // 开设置IP过滤模式 0-IP黑名单过滤 1-IP白名单过滤 $FW_DEFEND_CC_ON = false; // 开启防恶意刷新 $FW_DEFEND_CC_TL = 5; // 每五次请求最小间隔时间/S if(isset($_GET['fwkey']) || isset($_COOKIE['es_admin_fwkey'])){ $fwkey = isset($_GET['fwkey']) ? trim($_GET['fwkey']) : (isset($_COOKIE['es_admin_fwkey']) ? $_COOKIE['es_admin_fwkey'] : ''); if($fwkey === FW_ADMIN_KEY) $FW_DEFEND_IP_ON = $FW_DEFEND_CC_ON = false; setcookie('es_admin_fwkey', $fwkey, time()+3600*24, SITE_PATH); } if(true === $FW_DEFEND_IP_ON){ $client_ip = get_client_ip2(); $MYFW_LIST = (include FW_IP_RULE_FILE); if(1 === $FW_DEFEND_IP_TP){ $allowed = false; $MYFW_LIST = parse_ip_list($MYFW_LIST['whitelist']); foreach($MYFW_LIST as $ip){ if(preg_match($ip, $client_ip)){ $allowed = true; break; } } if(!$allowed){ header('HTTP/1.1 403 Forbidden'); exit('HTTP/1.1 403 ES FireWall Forbidden : Not allowed IP'); } }else{ $MYFW_LIST = parse_ip_list($MYFW_LIST['blacklist']); foreach($MYFW_LIST as $ip){ if(preg_match($ip, $client_ip)){ header('HTTP/1.1 403 Forbidden'); exit('HTTP/1.1 403 ES FireWall Forbidden : Not allowed IP'); } } } unset($allowed, $client_ip, $MYFW_LIST); } if(true === $FW_DEFEND_CC_ON){ if(!session_id()) session_start(); $nowtime = $lasttime = $_SERVER['REQUEST_TIME']; if(isset($_SESSION['FireWall'])){ $lasttime = intval($_SESSION['FireWall']['lasttime']); $fwtimes = intval($_SESSION['FireWall']['fwtimes']) + (isset($_SERVER['HTTP_X_REQUESTED_WITH']) ? 0 : 1); $_SESSION['FireWall']['fwtimes'] = $fwtimes; if(($nowtime - $lasttime) < $FW_DEFEND_CC_TL){ if($fwtimes >= 5){ header('HTTP/1.1 403 Forbidden'); $_SESSION['FireWall']['lasttime'] = $nowtime; exit('HTTP/1.1 403 ES FireWall Forbidden : Not allowed CC'); } }else{ $_SESSION['FireWall']['fwtimes'] = 0; $_SESSION['FireWall']['lasttime'] = $nowtime; } }else{ $_SESSION['FireWall']['fwtimes'] = 1; $_SESSION['FireWall']['lasttime'] = $nowtime; } unset($nowtime, $lasttime, $fwtimes); } ?>
2. [PHP]代码
<?php /** * 获取客户端IP * @param void * @return String 客户端IP */ function get_client_ip2(){ if(getenv('HTTP_CLIENT_IP')){ $client_ip = getenv('HTTP_CLIENT_IP'); }elseif(getenv('HTTP_X_FORWARDED_FOR')){ $client_ip = getenv('HTTP_X_FORWARDED_FOR'); }elseif(getenv('REMOTE_ADDR')) { $client_ip = getenv('REMOTE_ADDR'); }else{ $client_ip = $HTTP_SERVER_VARS['REMOTE_ADDR']; } return $client_ip; } /** * 解析IP规则列表 * @param void * @return Array IP规则列表 */ function parse_ip_list($rules){ $arr = array(); foreach($rules as $rule){ if($rule['start_time'] > $_SERVER['REQUEST_TIME'] || $rule['end_time'] < $_SERVER['REQUEST_TIME']) continue; $ip = str_replace('.', '\.', $rule['ip']); if($start = strstr($ip, '-')){ $start = substr($ip, 0, - strlen(strrchr($ip, '.')) + 1); $pos = explode('-', trim(strrchr($ip, '.'), '.')); for($i=intval($pos[0]),$a=intval($pos[1])+1; $i < $a; $i++ ){ $arr[] = '#^'.$start.$i.'$#i'; } }elseif($start = strstr($ip, '[')){ $_ips = explode('|', substr($start, 1, -1)); $arr[] = '#^'.substr($ip, 0, - strlen($start)).'(('.implode(')|(',$_ips ).'))'.'$#i'; }elseif(strpos($ip, '*')){ $arr[] = '#^'.str_replace('*', '((25[0-5])|(2[0-4]\\d)|(1\\d{2})|(\\d{1,2}))', $ip).'$#i'; }else{ $arr[] = '#^'.$ip.'$#i'; } } return $arr; } ?>
以上就是EasySite FireWall 防火墙模块的内容,更多相关内容请关注PHP中文网(www.php.cn)!
上一篇: JDBC使用事务实例