Skip to content

Commit 962f0c5

Browse files
ulises-jeremiasulises-jeremias
committed
Some firewall update
1 parent e210e2c commit 962f0c5

File tree

1 file changed

+75
-91
lines changed

1 file changed

+75
-91
lines changed

Mbh/Firewall.php

Lines changed: 75 additions & 91 deletions
Original file line numberDiff line numberDiff line change
@@ -18,11 +18,10 @@
1818
class Firewall
1919
{
2020
const FCONF = [
21-
'WEBMASTER_EMAIL' => '[email protected]',
21+
'WEBMASTER_EMAIL' => '',
2222
'PUSH_MAIL' => false,
23-
'IS_API' => false,
24-
'ACTIVATE_LOGS' => false,
25-
'LOG_FILE' => 'var/logs/logfile',
23+
'ACTIVATE_LOGS' => true,
24+
'LOG_FILE' => 'uploads/logs/firewall',
2625
'PROTECTION_UNSET_GLOBALS' => true,
2726
'PROTECTION_RANGE_IP_DENY' => false,
2827
'PROTECTION_RANGE_IP_SPAM' => false,
@@ -93,7 +92,7 @@ private function unset_globals()
9392
*
9493
* @param string $s: index of the variable to heal
9594
*
96-
* @return retorna $r healed
95+
* @return string $r healed
9796
*/
9897
private function getEnv($s)
9998
{
@@ -122,7 +121,7 @@ private function getReferer()
122121
/**
123122
* Gets ip
124123
*
125-
* @return ip
124+
* @return string ip
126125
*/
127126
private function getIp()
128127
{
@@ -137,7 +136,7 @@ private function getIp()
137136
/**
138137
* Gets user agent
139138
*
140-
* @return devuelve el agente de usuario
139+
* @return string user agent
141140
*/
142141
private function getUserAgent()
143142
{
@@ -150,16 +149,18 @@ private function getUserAgent()
150149
/**
151150
* Gets the request of the page request
152151
*
153-
* @return query of the request
152+
* @return string query of the request
154153
*/
155154
private function getQueryString()
156155
{
157156
if (self::FCONF['PROTECTION_ROUTER_STRICT']) {
158157
return str_replace('%09', '%20', $_SERVER['REQUEST_URI']);
159158
}
159+
160160
if ($this->getEnv('QUERY_STRING')) {
161161
return str_replace('%09', '%20', $this->getEnv('QUERY_STRING'));
162162
}
163+
163164
return '';
164165
}
165166

@@ -176,7 +177,7 @@ private function getRequestMethod()
176177
/**
177178
* Gets Internet host name
178179
*
179-
* @return devuelve el host de Internet según la IP actual
180+
* @return string host
180181
*/
181182
private function getHostByAddr()
182183
{
@@ -200,20 +201,20 @@ private function getHostByAddr()
200201
*/
201202
private function pushEmail($subject, $msg)
202203
{
203-
$headers = "From: MBHFramework Firewall: ". self::FCONF['WEBMASTER_EMAIL'] ." <".self::FCONF['WEBMASTER_EMAIL'].">\r\n"
204-
."Reply-To: ".self::FCONF['WEBMASTER_EMAIL']."\r\n"
205-
."Priority: urgent\r\n"
206-
."Importance: High\r\n"
207-
."Precedence: special-delivery\r\n"
208-
."Organization: MBHFramework\r\n"
209-
."MIME-Version: 1.0\r\n"
210-
."Content-Type: text/plain\r\n"
211-
."Content-Transfer-Encoding: 8bit\r\n"
212-
."X-Priority: 1\r\n"
213-
."X-MSMail-Priority: High\r\n"
214-
."X-Mailer: PHP/" . phpversion() ."\r\n"
215-
."X-Firewall: 1.0 by MBHFramework\r\n"
216-
."Date:" . date("D, d M Y H:s:i") . " +0100\n";
204+
$headers = "From: MBHFramework Firewall: " . self::FCONF['WEBMASTER_EMAIL'] . " <" . self::FCONF['WEBMASTER_EMAIL']. ">\r\n"
205+
. "Reply-To: " . self::FCONF['WEBMASTER_EMAIL']. "\r\n"
206+
. "Priority: urgent\r\n"
207+
. "Importance: High\r\n"
208+
. "Precedence: special-delivery\r\n"
209+
. "Organization: MBHFramework\r\n"
210+
. "MIME-Version: 1.0\r\n"
211+
. "Content-Type: text/plain\r\n"
212+
. "Content-Transfer-Encoding: 8bit\r\n"
213+
. "X-Priority: 1\r\n"
214+
. "X-MSMail-Priority: High\r\n"
215+
. "X-Mailer: PHP/" . phpversion() . "\r\n"
216+
. "X-Firewall: 1.0 by MBHFramework\r\n"
217+
. "Date:" . date("D, d M Y H:s:i") . " +0100\n";
217218
if (self::FCONF['WEBMASTER_EMAIL'] != '') {
218219
mail(self::FCONF['WEBMASTER_EMAIL'], $subject, $msg, $headers);
219220
}
@@ -232,12 +233,12 @@ private function pushEmail($subject, $msg)
232233
private function logs($type, $ip, $user_agent, $referer)
233234
{
234235
if (self::FCONF['ACTIVATE_LOGS']) {
235-
$f = fopen('./' . self::FCONF['LOG_FILE'] .'.log', 'a');
236+
$f = fopen('./' . self::FCONF['LOG_FILE'] .'.logs', 'a');
236237
$msg = date('j-m-Y H:i:s') . ' | ' . $type . ' | IP: '. $ip .' ] | DNS: ' . gethostbyaddr($ip) . ' | Agent: ' . $user_agent . PHP_EOL;
237238
fwrite($f, $msg);
238239
fclose($f);
239240
if (self::FCONF['PUSH_MAIL']) {
240-
$this->pushEmail('Alert MBHFramework Firewall ' . strip_tags($_SERVER['SERVER_NAME']), "Firewall logs of " . strip_tags($_SERVER['SERVER_NAME']) . "\n".str_replace('|', "\n", $msg));
241+
$this->pushEmail('Alert MBHFramework Firewall ' . strip_tags($_SERVER['SERVER_NAME']), "Firewall logs of " . strip_tags($_SERVER['SERVER_NAME']) . "\n" . str_replace('|', "\n", $msg));
241242
}
242243
}
243244
}
@@ -294,72 +295,65 @@ public function __construct()
294295

295296
if (self::FCONF['PROTECTION_SERVER_OVH'] and stristr($GET_HOST, 'ovh') and !stristr($GET_HOST, 'dsl.ovh')) {
296297
$this->logs('OVH Server list', $GET_IP, $USER_AGENT, $GET_REFERER);
297-
if (self::FCONF['IS_API']) {
298-
die(json_encode(array('success' => 0, 'message' => self::MSG_PROTECTION_OVH)));
299-
}
300-
Functions::redirect();
298+
299+
die(json_encode(array('success' => 0, 'message' => self::MSG_PROTECTION_OVH)));
300+
301301
return;
302302
}
303303

304304
if (self::FCONF['PROTECTION_SERVER_OVH_BY_IP']) {
305305
$ip = explode('.', $GET_IP);
306306
if (sizeof($ip) > 1 and in_array($ip[0].'.'.$ip[1], self::IPLIST['SERVER_OVH_BY_IP'])) {
307307
$this->logs('OVH Server IP', $GET_IP, $USER_AGENT, $GET_REFERER);
308-
if (self::FCONF['IS_API']) {
309-
die(json_encode(array('success' => 0, 'message' => self::MSG_PROTECTION_OVH)));
310-
}
311-
Functions::redirect();
308+
309+
die(json_encode(array('success' => 0, 'message' => self::MSG_PROTECTION_OVH)));
310+
312311
return;
313312
}
314313
}
315314

316315
if (self::FCONF['PROTECTION_SERVER_KIMSUFI'] and stristr($GET_HOST, 'kimsufi')) {
317316
$this->logs('KIMSUFI Server list', $GET_IP, $USER_AGENT, $GET_REFERER);
318-
if (self::FCONF['IS_API']) {
319-
die(json_encode(array('success' => 0, 'message' => self::MSG_PROTECTION_KIMSUFI)));
320-
}
321-
Functions::redirect();
317+
318+
die(json_encode(array('success' => 0, 'message' => self::MSG_PROTECTION_KIMSUFI)));
319+
322320
return;
323321
}
324322

325323
if (self::FCONF['PROTECTION_SERVER_DEDIBOX'] and stristr($GET_HOST, 'dedibox')) {
326324
$this->logs('DEDIBOX Server list', $GET_IP, $USER_AGENT, $GET_REFERER);
327-
if (self::FCONF['IS_API']) {
328-
die(json_encode(array('success' => 0, 'message' => self::MSG_PROTECTION_DEDIBOX)));
329-
}
330-
Functions::redirect();
325+
326+
die(json_encode(array('success' => 0, 'message' => self::MSG_PROTECTION_DEDIBOX)));
327+
331328
return;
332329
}
333330

334331
if (self::FCONF['PROTECTION_SERVER_DEDIBOX_BY_IP']) {
335332
$ip = explode('.', $GET_IP);
336333
if (sizeof($ip) > 1 and $ip[0].'.'.$ip[1] == self::IPLIST['DEDIBOX_BY_IP']) {
337334
$this->logs('DEDIBOX server IP', $GET_IP, $USER_AGENT, $GET_REFERER);
338-
if (self::FCONF['IS_API']) {
339-
die(json_encode(array('success' => 0, 'message' => self::MSG_PROTECTION_DEDIBOX_IP)));
340-
}
341-
Functions::redirect();
335+
336+
die(json_encode(array('success' => 0, 'message' => self::MSG_PROTECTION_DEDIBOX_IP)));
337+
342338
return;
343339
}
344340
}
345341

346342
if (self::FCONF['PROTECTION_SERVER_DIGICUBE'] and stristr($GET_HOST, 'digicube')) {
347343
$this->logs('DIGICUBE Server list', $GET_IP, $USER_AGENT, $GET_REFERER);
348-
if (self::FCONF['IS_API']) {
349-
die(json_encode(array('success' => 0, 'message' => self::MSG_PROTECTION_DIGICUBE)));
350-
}
351-
Functions::redirect();
344+
345+
die(json_encode(array('success' => 0, 'message' => self::MSG_PROTECTION_DIGICUBE)));
346+
352347
return;
353348
}
354349

355350
if (self::FCONF['PROTECTION_SERVER_DIGICUBE_BY_IP']) {
356351
$ip = explode('.', $GET_IP);
357352
if (sizeof($ip) > 1 and $ip[0].'.'.$ip[1] == self::IPLIST['DIGICUBE_BY_IP']) {
358353
$this->logs('DIGICUBE Server IP', $GET_IP, $USER_AGENT, $GET_REFERER);
359-
if (self::FCONF['IS_API']) {
360-
die(json_encode(array('success' => 0, 'message' => self::MSG_PROTECTION_DIGICUBE_IP)));
361-
}
362-
Functions::redirect();
354+
355+
die(json_encode(array('success' => 0, 'message' => self::MSG_PROTECTION_DIGICUBE_IP)));
356+
363357
return;
364358
}
365359
}
@@ -368,9 +362,8 @@ public function __construct()
368362
$range_ip = explode('.', $GET_IP);
369363
if (in_array($range_ip[0], self::IPLIST['RANGE_IP_SPAM'])) {
370364
$this->logs('IPs (ip:'.$range_ip[0].') Spam list (Comming)', $GET_IP, $USER_AGENT, $GET_REFERER);
371-
if (self::FCONF['IS_API']) {
372-
die(json_encode(array('success' => 0, 'message' => self::MSG_PROTECTION_SPAM)));
373-
}
365+
366+
die(json_encode(array('success' => 0, 'message' => self::MSG_PROTECTION_SPAM)));
374367
die(self::MSG_PROTECTION_SPAM);
375368
}
376369
}
@@ -379,9 +372,8 @@ public function __construct()
379372
$range_ip = explode('.', $GET_IP);
380373
if (in_array($range_ip[0], self::IPLIST['RANGE_IP_DENY'])) {
381374
$this->logs('IPs (ip:'.$range_ip[0].') Reserved list (Comming)', $GET_IP, $USER_AGENT, $GET_REFERER);
382-
if (self::FCONF['IS_API']) {
383-
die(json_encode(array('success' => 0, 'message' => self::MSG_PROTECTION_SPAM_IP)));
384-
}
375+
376+
die(json_encode(array('success' => 0, 'message' => self::MSG_PROTECTION_SPAM_IP)));
385377
die(self::MSG_PROTECTION_SPAM_IP);
386378
}
387379
}
@@ -461,21 +453,19 @@ public function __construct()
461453
$check = str_replace($ct_rules, '*', $GET_QUERY_STRING);
462454
if ($GET_QUERY_STRING != $check) {
463455
$this->logs('URL protect', $GET_IP, $USER_AGENT, $GET_REFERER);
464-
if (self::FCONF['IS_API']) {
465-
die(json_encode(array('success' => 0, 'message' => self::MSG_PROTECTION_URL)));
466-
}
467-
Functions::redirect();
456+
457+
die(json_encode(array('success' => 0, 'message' => self::MSG_PROTECTION_URL)));
458+
468459
return;
469460
}
470461
}
471462

472463
if (self::FCONF['PROTECTION_REQUEST_SERVER'] and $GET_REQUEST_METHOD == 'POST'
473464
and isset($_SERVER['HTTP_REFERER']) and !stripos($_SERVER['HTTP_REFERER'], $_SERVER['HTTP_HOST'], 0)) {
474465
$this->logs('Posting another server', $GET_IP, $USER_AGENT, $GET_REFERER);
475-
if (self::FCONF['IS_API']) {
476-
die(json_encode(array('success' => 0, 'message' => self::MSG_PROTECTION_OTHER_SERVER)));
477-
}
478-
Functions::redirect();
466+
467+
die(json_encode(array('success' => 0, 'message' => self::MSG_PROTECTION_OTHER_SERVER)));
468+
479469
return;
480470
}
481471

@@ -529,29 +519,26 @@ public function __construct()
529519

530520
if (strtolower($USER_AGENT) != str_replace($ct_rules, '*', strtolower($USER_AGENT))) {
531521
$this->logs('Bots attack', $GET_IP, $USER_AGENT, $GET_REFERER);
532-
if (self::FCONF['IS_API']) {
533-
die(json_encode(array('success' => 0, 'message' => self::MSG_PROTECTION_BOTS)));
534-
}
535-
Functions::redirect();
522+
523+
die(json_encode(array('success' => 0, 'message' => self::MSG_PROTECTION_BOTS)));
524+
536525
return;
537526
}
538527
}
539528

540529
if (self::FCONF['PROTECTION_REQUEST_METHOD'] and !in_array(strtolower($GET_REQUEST_METHOD), ['get','head','post','put','update','delete'])) {
541530
$this->logs('Invalid request', $GET_IP, $USER_AGENT, $GET_REFERER);
542-
if (self::FCONF['IS_API']) {
543-
die(json_encode(array('success' => 0, 'message' => self::MSG_PROTECTION_REQUEST)));
544-
}
545-
Functions::redirect();
531+
532+
die(json_encode(array('success' => 0, 'message' => self::MSG_PROTECTION_REQUEST)));
533+
546534
return;
547535
}
548536

549537
if (self::FCONF['PROTECTION_DOS'] and ($USER_AGENT == '' or $USER_AGENT == '-')) {
550538
$this->logs('Dos attack', $GET_IP, $USER_AGENT, $GET_REFERER);
551-
if (self::FCONF['IS_API']) {
552-
die(json_encode(array('success' => 0, 'message' => self::MSG_PROTECTION_DOS)));
553-
}
554-
Functions::redirect();
539+
540+
die(json_encode(array('success' => 0, 'message' => self::MSG_PROTECTION_DOS)));
541+
555542
return;
556543
}
557544

@@ -567,20 +554,18 @@ public function __construct()
567554
!strstr(rawurldecode($GET_QUERY_STRING), '*') ?: $stop++;
568555
if ($stop > 0) {
569556
$this->logs('Union attack', $GET_IP, $USER_AGENT, $GET_REFERER);
570-
if (self::FCONF['IS_API']) {
571-
die(json_encode(array('success' => 0, 'message' => self::MSG_PROTECTION_UNION)));
572-
}
573-
Functions::redirect();
557+
558+
die(json_encode(array('success' => 0, 'message' => self::MSG_PROTECTION_UNION)));
559+
574560
return;
575561
}
576562
}
577563

578564
if (self::FCONF['PROTECTION_CLICK_ATTACK'] and $GET_QUERY_STRING != str_replace(['/*', 'c2nyaxb0', '/*'], '*', $GET_QUERY_STRING)) {
579565
$this->logs('Click attack', $GET_IP, $USER_AGENT, $GET_REFERER);
580-
if (self::FCONF['IS_API']) {
581-
die(json_encode(array('success' => 0, 'message' => self::MSG_PROTECTION_CLICK)));
582-
}
583-
Functions::redirect();
566+
567+
die(json_encode(array('success' => 0, 'message' => self::MSG_PROTECTION_CLICK)));
568+
584569
return;
585570
}
586571

@@ -591,10 +576,9 @@ public function __construct()
591576
'ftp%20:', 'ftps:', 'f%20tps:', 'ft%20ps:', 'ftp%20s:', 'ftps%20:'];
592577
if ($GET_QUERY_STRING != str_replace($ct_rules, '*', $GET_QUERY_STRING)) {
593578
$this->logs('XSS attack', $GET_IP, $USER_AGENT, $GET_REFERER);
594-
if (self::FCONF['IS_API']) {
595-
die(json_encode(array('success' => 0, 'message' => self::MSG_PROTECTION_XSS)));
596-
}
597-
Functions::redirect();
579+
580+
die(json_encode(array('success' => 0, 'message' => self::MSG_PROTECTION_XSS)));
581+
598582
return;
599583
}
600584
}

0 commit comments

Comments
 (0)