EasySite FireWall 防火墙模块
程序员文章站
2022-05-24 11:14:13
...
EasySite FireWall 防火墙模块
<?php
/**
EasySite FireWall 防火墙模块
13:25 2012/7/23
*/
define('FW_ADMIN_KEY', '21232f297a57a5a743894a0e4a801fc3'); // 超级管理员密钥
define('FW_IP_RULE_FILE', APP_PATH.'Runtime/Conf/Config.Iprule.php');
$FW_DEFEND_IP_ON = false; // 开启IP规则过滤
$FW_DEFEND_IP_TP = 1; // 开设置IP过滤模式 0-IP黑名单过滤 1-IP白名单过滤
$FW_DEFEND_CC_ON = false; // 开启防恶意刷新
$FW_DEFEND_CC_TL = 5; // 每五次请求最小间隔时间/S
if(isset($_GET['fwkey']) || isset($_COOKIE['es_admin_fwkey'])){
$fwkey = isset($_GET['fwkey']) ? trim($_GET['fwkey']) :
(isset($_COOKIE['es_admin_fwkey']) ? $_COOKIE['es_admin_fwkey'] : '');
if($fwkey === FW_ADMIN_KEY) $FW_DEFEND_IP_ON = $FW_DEFEND_CC_ON = false;
setcookie('es_admin_fwkey', $fwkey, time()+3600*24, SITE_PATH);
}
if(true === $FW_DEFEND_IP_ON){
$client_ip = get_client_ip2();
$MYFW_LIST = (include FW_IP_RULE_FILE);
if(1 === $FW_DEFEND_IP_TP){
$allowed = false;
$MYFW_LIST = parse_ip_list($MYFW_LIST['whitelist']);
foreach($MYFW_LIST as $ip){
if(preg_match($ip, $client_ip)){
$allowed = true;
break;
}
}
if(!$allowed){
header('HTTP/1.1 403 Forbidden');
exit('HTTP/1.1 403 ES FireWall Forbidden : Not allowed IP');
}
}else{
$MYFW_LIST = parse_ip_list($MYFW_LIST['blacklist']);
foreach($MYFW_LIST as $ip){
if(preg_match($ip, $client_ip)){
header('HTTP/1.1 403 Forbidden');
exit('HTTP/1.1 403 ES FireWall Forbidden : Not allowed IP');
}
}
}
unset($allowed, $client_ip, $MYFW_LIST);
}
if(true === $FW_DEFEND_CC_ON){
if(!session_id()) session_start();
$nowtime = $lasttime = $_SERVER['REQUEST_TIME'];
if(isset($_SESSION['FireWall'])){
$lasttime = intval($_SESSION['FireWall']['lasttime']);
$fwtimes = intval($_SESSION['FireWall']['fwtimes']) +
(isset($_SERVER['HTTP_X_REQUESTED_WITH']) ? 0 : 1);
$_SESSION['FireWall']['fwtimes'] = $fwtimes;
if(($nowtime - $lasttime) < $FW_DEFEND_CC_TL){
if($fwtimes >= 5){
header('HTTP/1.1 403 Forbidden');
$_SESSION['FireWall']['lasttime'] = $nowtime;
exit('HTTP/1.1 403 ES FireWall Forbidden : Not allowed CC');
}
}else{
$_SESSION['FireWall']['fwtimes'] = 0;
$_SESSION['FireWall']['lasttime'] = $nowtime;
}
}else{
$_SESSION['FireWall']['fwtimes'] = 1;
$_SESSION['FireWall']['lasttime'] = $nowtime;
}
unset($nowtime, $lasttime, $fwtimes);
}
?>
2. [PHP]代码
<?php
/**
* 获取客户端IP
* @param void
* @return String 客户端IP
*/
function get_client_ip2(){
if(getenv('HTTP_CLIENT_IP')){
$client_ip = getenv('HTTP_CLIENT_IP');
}elseif(getenv('HTTP_X_FORWARDED_FOR')){
$client_ip = getenv('HTTP_X_FORWARDED_FOR');
}elseif(getenv('REMOTE_ADDR')) {
$client_ip = getenv('REMOTE_ADDR');
}else{
$client_ip = $HTTP_SERVER_VARS['REMOTE_ADDR'];
}
return $client_ip;
}
/**
* 解析IP规则列表
* @param void
* @return Array IP规则列表
*/
function parse_ip_list($rules){
$arr = array();
foreach($rules as $rule){
if($rule['start_time'] > $_SERVER['REQUEST_TIME'] || $rule['end_time']
< $_SERVER['REQUEST_TIME']) continue;
$ip = str_replace('.', '\.', $rule['ip']);
if($start = strstr($ip, '-')){
$start = substr($ip, 0, - strlen(strrchr($ip, '.')) + 1);
$pos = explode('-', trim(strrchr($ip, '.'), '.'));
for($i=intval($pos[0]),$a=intval($pos[1])+1; $i < $a; $i++ ){
$arr[] = '#^'.$start.$i.'$#i';
}
}elseif($start = strstr($ip, '[')){
$_ips = explode('|', substr($start, 1, -1));
$arr[] = '#^'.substr($ip, 0, - strlen($start)).'(('.implode(')|(',$_ips ).'))'.'$#i';
}elseif(strpos($ip, '*')){
$arr[] = '#^'.str_replace('*', '((25[0-5])|(2[0-4]\\d)|(1\\d{2})|(\\d{1,2}))', $ip).'$#i';
}else{
$arr[] = '#^'.$ip.'$#i';
}
}
return $arr;
}
?>
以上就是EasySite FireWall 防火墙模块的内容,更多相关内容请关注PHP中文网(www.php.cn)!
上一篇: JDBC使用事务实例