EasySite FireWall 防火墙模块
- PHP中文网Original
- 2016-05-25 17:08:361568browse
<?php
/**
EasySite FireWall 防火墙模块
13:25 2012/7/23
*/
define('FW_ADMIN_KEY', '21232f297a57a5a743894a0e4a801fc3'); // 超级管理员密钥
define('FW_IP_RULE_FILE', APP_PATH.'Runtime/Conf/Config.Iprule.php');
$FW_DEFEND_IP_ON = false; // 开启IP规则过滤
$FW_DEFEND_IP_TP = 1; // 开设置IP过滤模式 0-IP黑名单过滤 1-IP白名单过滤
$FW_DEFEND_CC_ON = false; // 开启防恶意刷新
$FW_DEFEND_CC_TL = 5; // 每五次请求最小间隔时间/S
if(isset($_GET['fwkey']) || isset($_COOKIE['es_admin_fwkey'])){
$fwkey = isset($_GET['fwkey']) ? trim($_GET['fwkey']) :
(isset($_COOKIE['es_admin_fwkey']) ? $_COOKIE['es_admin_fwkey'] : '');
if($fwkey === FW_ADMIN_KEY) $FW_DEFEND_IP_ON = $FW_DEFEND_CC_ON = false;
setcookie('es_admin_fwkey', $fwkey, time()+3600*24, SITE_PATH);
}
if(true === $FW_DEFEND_IP_ON){
$client_ip = get_client_ip2();
$MYFW_LIST = (include FW_IP_RULE_FILE);
if(1 === $FW_DEFEND_IP_TP){
$allowed = false;
$MYFW_LIST = parse_ip_list($MYFW_LIST['whitelist']);
foreach($MYFW_LIST as $ip){
if(preg_match($ip, $client_ip)){
$allowed = true;
break;
}
}
if(!$allowed){
header('HTTP/1.1 403 Forbidden');
exit('HTTP/1.1 403 ES FireWall Forbidden : Not allowed IP');
}
}else{
$MYFW_LIST = parse_ip_list($MYFW_LIST['blacklist']);
foreach($MYFW_LIST as $ip){
if(preg_match($ip, $client_ip)){
header('HTTP/1.1 403 Forbidden');
exit('HTTP/1.1 403 ES FireWall Forbidden : Not allowed IP');
}
}
}
unset($allowed, $client_ip, $MYFW_LIST);
}
if(true === $FW_DEFEND_CC_ON){
if(!session_id()) session_start();
$nowtime = $lasttime = $_SERVER['REQUEST_TIME'];
if(isset($_SESSION['FireWall'])){
$lasttime = intval($_SESSION['FireWall']['lasttime']);
$fwtimes = intval($_SESSION['FireWall']['fwtimes']) +
(isset($_SERVER['HTTP_X_REQUESTED_WITH']) ? 0 : 1);
$_SESSION['FireWall']['fwtimes'] = $fwtimes;
if(($nowtime - $lasttime) < $FW_DEFEND_CC_TL){
if($fwtimes >= 5){
header('HTTP/1.1 403 Forbidden');
$_SESSION['FireWall']['lasttime'] = $nowtime;
exit('HTTP/1.1 403 ES FireWall Forbidden : Not allowed CC');
}
}else{
$_SESSION['FireWall']['fwtimes'] = 0;
$_SESSION['FireWall']['lasttime'] = $nowtime;
}
}else{
$_SESSION['FireWall']['fwtimes'] = 1;
$_SESSION['FireWall']['lasttime'] = $nowtime;
}
unset($nowtime, $lasttime, $fwtimes);
}
?> 2. [PHP]代码
<?php
/**
* 获取客户端IP
* @param void
* @return String 客户端IP
*/
function get_client_ip2(){
if(getenv('HTTP_CLIENT_IP')){
$client_ip = getenv('HTTP_CLIENT_IP');
}elseif(getenv('HTTP_X_FORWARDED_FOR')){
$client_ip = getenv('HTTP_X_FORWARDED_FOR');
}elseif(getenv('REMOTE_ADDR')) {
$client_ip = getenv('REMOTE_ADDR');
}else{
$client_ip = $HTTP_SERVER_VARS['REMOTE_ADDR'];
}
return $client_ip;
}
/**
* 解析IP规则列表
* @param void
* @return Array IP规则列表
*/
function parse_ip_list($rules){
$arr = array();
foreach($rules as $rule){
if($rule['start_time'] > $_SERVER['REQUEST_TIME'] || $rule['end_time']
< $_SERVER['REQUEST_TIME']) continue;
$ip = str_replace('.', '\.', $rule['ip']);
if($start = strstr($ip, '-')){
$start = substr($ip, 0, - strlen(strrchr($ip, '.')) + 1);
$pos = explode('-', trim(strrchr($ip, '.'), '.'));
for($i=intval($pos[0]),$a=intval($pos[1])+1; $i < $a; $i++ ){
$arr[] = '#^'.$start.$i.'$#i';
}
}elseif($start = strstr($ip, '[')){
$_ips = explode('|', substr($start, 1, -1));
$arr[] = '#^'.substr($ip, 0, - strlen($start)).'(('.implode(')|(',$_ips ).'))'.'$#i';
}elseif(strpos($ip, '*')){
$arr[] = '#^'.str_replace('*', '((25[0-5])|(2[0-4]\\d)|(1\\d{2})|(\\d{1,2}))', $ip).'$#i';
}else{
$arr[] = '#^'.$ip.'$#i';
}
}
return $arr;
}
?>
以上就是EasySite FireWall 防火墙模块的内容,更多相关内容请关注PHP中文网(www.php.cn)!
Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Previous article:一种密码复杂度的简单计算方式Next article: 图片自动清理程序