首页 >php教程 >PHP源码 >EasySite FireWall 防火墙模块

EasySite FireWall 防火墙模块

PHP中文网
PHP中文网原创
2016-05-25 17:08:361577浏览

EasySite FireWall 防火墙模块

<?php
/**
	EasySite FireWall 防火墙模块
	13:25 2012/7/23
*/

define(&#39;FW_ADMIN_KEY&#39;,   &#39;21232f297a57a5a743894a0e4a801fc3&#39;);  // 超级管理员密钥
define(&#39;FW_IP_RULE_FILE&#39;, APP_PATH.&#39;Runtime/Conf/Config.Iprule.php&#39;);

$FW_DEFEND_IP_ON = false; 	// 开启IP规则过滤
$FW_DEFEND_IP_TP = 1; 	  	// 开设置IP过滤模式 0-IP黑名单过滤  1-IP白名单过滤
$FW_DEFEND_CC_ON = false; 	// 开启防恶意刷新
$FW_DEFEND_CC_TL = 5; 		// 每五次请求最小间隔时间/S

if(isset($_GET[&#39;fwkey&#39;]) || isset($_COOKIE[&#39;es_admin_fwkey&#39;])){
	$fwkey = isset($_GET[&#39;fwkey&#39;]) ? trim($_GET[&#39;fwkey&#39;]) : 
	(isset($_COOKIE[&#39;es_admin_fwkey&#39;]) ? $_COOKIE[&#39;es_admin_fwkey&#39;] : &#39;&#39;);
    if($fwkey === FW_ADMIN_KEY) $FW_DEFEND_IP_ON  = $FW_DEFEND_CC_ON  = false;
	setcookie(&#39;es_admin_fwkey&#39;, $fwkey, time()+3600*24, SITE_PATH);
}

if(true === $FW_DEFEND_IP_ON){
	$client_ip = get_client_ip2();
	$MYFW_LIST = (include FW_IP_RULE_FILE);

	if(1 === $FW_DEFEND_IP_TP){
		$allowed = false;
		$MYFW_LIST = parse_ip_list($MYFW_LIST[&#39;whitelist&#39;]);
		foreach($MYFW_LIST as $ip){
			if(preg_match($ip, $client_ip)){
				$allowed = true;
				break;
			}
		}
		if(!$allowed){
			header(&#39;HTTP/1.1 403 Forbidden&#39;);
			exit(&#39;HTTP/1.1 403 ES FireWall Forbidden :  Not allowed IP&#39;);
		}
	}else{
		$MYFW_LIST = parse_ip_list($MYFW_LIST[&#39;blacklist&#39;]);
		foreach($MYFW_LIST as $ip){
			if(preg_match($ip, $client_ip)){
				header(&#39;HTTP/1.1 403 Forbidden&#39;);
				exit(&#39;HTTP/1.1 403 ES FireWall Forbidden :  Not allowed IP&#39;);
			}
		}
	}

	unset($allowed, $client_ip, $MYFW_LIST);
}


if(true === $FW_DEFEND_CC_ON){
	if(!session_id()) session_start();

	$nowtime = $lasttime = $_SERVER[&#39;REQUEST_TIME&#39;];
	if(isset($_SESSION[&#39;FireWall&#39;])){
		$lasttime = intval($_SESSION[&#39;FireWall&#39;][&#39;lasttime&#39;]);
$fwtimes  = intval($_SESSION[&#39;FireWall&#39;][&#39;fwtimes&#39;]) + 
(isset($_SERVER[&#39;HTTP_X_REQUESTED_WITH&#39;]) ? 0 : 1);
		$_SESSION[&#39;FireWall&#39;][&#39;fwtimes&#39;] = $fwtimes;
		
		
		if(($nowtime - $lasttime) < $FW_DEFEND_CC_TL){
			if($fwtimes >= 5){
				header(&#39;HTTP/1.1 403 Forbidden&#39;);
				$_SESSION[&#39;FireWall&#39;][&#39;lasttime&#39;] = $nowtime;
				exit(&#39;HTTP/1.1 403 ES FireWall Forbidden :  Not allowed CC&#39;);
			}
		}else{
			$_SESSION[&#39;FireWall&#39;][&#39;fwtimes&#39;]  = 0;
			$_SESSION[&#39;FireWall&#39;][&#39;lasttime&#39;] = $nowtime;
		}
	
	}else{
		$_SESSION[&#39;FireWall&#39;][&#39;fwtimes&#39;]  = 1;
		$_SESSION[&#39;FireWall&#39;][&#39;lasttime&#39;] = $nowtime;
	}

	unset($nowtime, $lasttime, $fwtimes);
}
?>

 2. [PHP]代码

<?php

/**
 * 获取客户端IP
 * @param  void
 * @return String 客户端IP
 */
function get_client_ip2(){
	if(getenv(&#39;HTTP_CLIENT_IP&#39;)){
		$client_ip = getenv(&#39;HTTP_CLIENT_IP&#39;);
	}elseif(getenv(&#39;HTTP_X_FORWARDED_FOR&#39;)){
		$client_ip = getenv(&#39;HTTP_X_FORWARDED_FOR&#39;);
	}elseif(getenv(&#39;REMOTE_ADDR&#39;)) {
		$client_ip = getenv(&#39;REMOTE_ADDR&#39;);
	}else{
		$client_ip = $HTTP_SERVER_VARS[&#39;REMOTE_ADDR&#39;];
	}
	return $client_ip;
}

/**
 * 解析IP规则列表
 * @param  void
 * @return Array IP规则列表
 */
function parse_ip_list($rules){
	$arr = array();
	foreach($rules as $rule){
		if($rule[&#39;start_time&#39;] > $_SERVER[&#39;REQUEST_TIME&#39;] || $rule[&#39;end_time&#39;] 
		< $_SERVER[&#39;REQUEST_TIME&#39;]) continue;

		$ip = str_replace(&#39;.&#39;, &#39;\.&#39;, $rule[&#39;ip&#39;]);
		if($start = strstr($ip, &#39;-&#39;)){
			$start = substr($ip, 0, - strlen(strrchr($ip, &#39;.&#39;)) + 1);
			$pos = explode(&#39;-&#39;, trim(strrchr($ip, &#39;.&#39;), &#39;.&#39;));
			for($i=intval($pos[0]),$a=intval($pos[1])+1; $i < $a; $i++ ){
				$arr[] = &#39;#^&#39;.$start.$i.&#39;$#i&#39;;
			}
		}elseif($start = strstr($ip, &#39;[&#39;)){
			$_ips  = explode(&#39;|&#39;, substr($start, 1, -1));
		$arr[] = &#39;#^&#39;.substr($ip, 0, - strlen($start)).&#39;((&#39;.implode(&#39;)|(&#39;,$_ips ).&#39;))&#39;.&#39;$#i&#39;;
		}elseif(strpos($ip, &#39;*&#39;)){
	$arr[] = &#39;#^&#39;.str_replace(&#39;*&#39;, &#39;((25[0-5])|(2[0-4]\\d)|(1\\d{2})|(\\d{1,2}))&#39;, $ip).&#39;$#i&#39;;
		}else{
			$arr[] = &#39;#^&#39;.$ip.&#39;$#i&#39;;
		}
	}
	return $arr;
}
?>

           

 以上就是EasySite FireWall 防火墙模块的内容,更多相关内容请关注PHP中文网(www.php.cn)!


       

声明:
本文内容由网友自发贡献,版权归原作者所有,本站不承担相应法律责任。如您发现有涉嫌抄袭侵权的内容,请联系admin@php.cn