欢迎您访问程序员文章站本站旨在为大家提供分享程序员计算机编程知识!
您现在的位置是: 首页  >  php教程

EasySite FireWall 防火墙模块

程序员文章站 2022-05-24 11:14:13
...
EasySite FireWall 防火墙模块
<?php
/**
	EasySite FireWall 防火墙模块
	13:25 2012/7/23
*/

define('FW_ADMIN_KEY',   '21232f297a57a5a743894a0e4a801fc3');  // 超级管理员密钥
define('FW_IP_RULE_FILE', APP_PATH.'Runtime/Conf/Config.Iprule.php');

$FW_DEFEND_IP_ON = false; 	// 开启IP规则过滤
$FW_DEFEND_IP_TP = 1; 	  	// 开设置IP过滤模式 0-IP黑名单过滤  1-IP白名单过滤
$FW_DEFEND_CC_ON = false; 	// 开启防恶意刷新
$FW_DEFEND_CC_TL = 5; 		// 每五次请求最小间隔时间/S

if(isset($_GET['fwkey']) || isset($_COOKIE['es_admin_fwkey'])){
	$fwkey = isset($_GET['fwkey']) ? trim($_GET['fwkey']) : 
	(isset($_COOKIE['es_admin_fwkey']) ? $_COOKIE['es_admin_fwkey'] : '');
    if($fwkey === FW_ADMIN_KEY) $FW_DEFEND_IP_ON  = $FW_DEFEND_CC_ON  = false;
	setcookie('es_admin_fwkey', $fwkey, time()+3600*24, SITE_PATH);
}

if(true === $FW_DEFEND_IP_ON){
	$client_ip = get_client_ip2();
	$MYFW_LIST = (include FW_IP_RULE_FILE);

	if(1 === $FW_DEFEND_IP_TP){
		$allowed = false;
		$MYFW_LIST = parse_ip_list($MYFW_LIST['whitelist']);
		foreach($MYFW_LIST as $ip){
			if(preg_match($ip, $client_ip)){
				$allowed = true;
				break;
			}
		}
		if(!$allowed){
			header('HTTP/1.1 403 Forbidden');
			exit('HTTP/1.1 403 ES FireWall Forbidden :  Not allowed IP');
		}
	}else{
		$MYFW_LIST = parse_ip_list($MYFW_LIST['blacklist']);
		foreach($MYFW_LIST as $ip){
			if(preg_match($ip, $client_ip)){
				header('HTTP/1.1 403 Forbidden');
				exit('HTTP/1.1 403 ES FireWall Forbidden :  Not allowed IP');
			}
		}
	}

	unset($allowed, $client_ip, $MYFW_LIST);
}


if(true === $FW_DEFEND_CC_ON){
	if(!session_id()) session_start();

	$nowtime = $lasttime = $_SERVER['REQUEST_TIME'];
	if(isset($_SESSION['FireWall'])){
		$lasttime = intval($_SESSION['FireWall']['lasttime']);
$fwtimes  = intval($_SESSION['FireWall']['fwtimes']) + 
(isset($_SERVER['HTTP_X_REQUESTED_WITH']) ? 0 : 1);
		$_SESSION['FireWall']['fwtimes'] = $fwtimes;
		
		
		if(($nowtime - $lasttime) < $FW_DEFEND_CC_TL){
			if($fwtimes >= 5){
				header('HTTP/1.1 403 Forbidden');
				$_SESSION['FireWall']['lasttime'] = $nowtime;
				exit('HTTP/1.1 403 ES FireWall Forbidden :  Not allowed CC');
			}
		}else{
			$_SESSION['FireWall']['fwtimes']  = 0;
			$_SESSION['FireWall']['lasttime'] = $nowtime;
		}
	
	}else{
		$_SESSION['FireWall']['fwtimes']  = 1;
		$_SESSION['FireWall']['lasttime'] = $nowtime;
	}

	unset($nowtime, $lasttime, $fwtimes);
}
?>

2. [PHP]代码

<?php

/**
 * 获取客户端IP
 * @param  void
 * @return String 客户端IP
 */
function get_client_ip2(){
	if(getenv('HTTP_CLIENT_IP')){
		$client_ip = getenv('HTTP_CLIENT_IP');
	}elseif(getenv('HTTP_X_FORWARDED_FOR')){
		$client_ip = getenv('HTTP_X_FORWARDED_FOR');
	}elseif(getenv('REMOTE_ADDR')) {
		$client_ip = getenv('REMOTE_ADDR');
	}else{
		$client_ip = $HTTP_SERVER_VARS['REMOTE_ADDR'];
	}
	return $client_ip;
}

/**
 * 解析IP规则列表
 * @param  void
 * @return Array IP规则列表
 */
function parse_ip_list($rules){
	$arr = array();
	foreach($rules as $rule){
		if($rule['start_time'] > $_SERVER['REQUEST_TIME'] || $rule['end_time'] 
		< $_SERVER['REQUEST_TIME']) continue;

		$ip = str_replace('.', '\.', $rule['ip']);
		if($start = strstr($ip, '-')){
			$start = substr($ip, 0, - strlen(strrchr($ip, '.')) + 1);
			$pos = explode('-', trim(strrchr($ip, '.'), '.'));
			for($i=intval($pos[0]),$a=intval($pos[1])+1; $i < $a; $i++ ){
				$arr[] = '#^'.$start.$i.'$#i';
			}
		}elseif($start = strstr($ip, '[')){
			$_ips  = explode('|', substr($start, 1, -1));
		$arr[] = '#^'.substr($ip, 0, - strlen($start)).'(('.implode(')|(',$_ips ).'))'.'$#i';
		}elseif(strpos($ip, '*')){
	$arr[] = '#^'.str_replace('*', '((25[0-5])|(2[0-4]\\d)|(1\\d{2})|(\\d{1,2}))', $ip).'$#i';
		}else{
			$arr[] = '#^'.$ip.'$#i';
		}
	}
	return $arr;
}
?>

以上就是EasySite FireWall 防火墙模块的内容,更多相关内容请关注PHP中文网(www.php.cn)!