Hanson.xyz Dev
68 lines
1.9 KiB
PHP
Executable File
68 lines
1.9 KiB
PHP
Executable File
<?php
|
|
namespace AIOWPS\Firewall;
|
|
|
|
/**
|
|
* Rule that blocks certain kinds of data from the request string
|
|
*/
|
|
class Rule_Block_Request_Strings_6g extends Rule {
|
|
|
|
/**
|
|
* Implements the action to be taken
|
|
*/
|
|
use Action_Forbid_and_Exit_Trait;
|
|
|
|
/**
|
|
* Construct our rule
|
|
*/
|
|
public function __construct() {
|
|
// Set the rule's metadata
|
|
$this->name = 'Block request strings';
|
|
$this->family = '6G';
|
|
$this->priority = 0;
|
|
}
|
|
|
|
/**
|
|
* Determines whether the rule is active
|
|
*
|
|
* @return boolean
|
|
*/
|
|
public function is_active() {
|
|
global $aiowps_firewall_config;
|
|
return (bool) $aiowps_firewall_config->get_value('aiowps_6g_block_request');
|
|
}
|
|
|
|
/**
|
|
* The condition to be satisfied for the rule to apply
|
|
*
|
|
* @return boolean
|
|
*/
|
|
public function is_satisfied() {
|
|
|
|
if (empty($_SERVER['REQUEST_URI'])) return Rule::NOT_SATISFIED;
|
|
|
|
// ensure we get the request uri without the query string
|
|
// phpcs:ignore WordPress.Security.ValidatedSanitizedInput.MissingUnslash, WordPress.Security.ValidatedSanitizedInput.InputNotSanitized -- PCP warning. Sanitizing will interfere with 6g rules.
|
|
$uri = (string) parse_url($_SERVER['REQUEST_URI'], PHP_URL_PATH);
|
|
|
|
if ('' == $uri) return Rule::NOT_SATISFIED;
|
|
|
|
//Patterns to match against
|
|
$patterns = array(
|
|
'/[a-z0-9]{2000,}/i',
|
|
'#(https?|ftp|php):/#i',
|
|
'#(base64_encode)(.*)(\()#i',
|
|
'#(=\'|=\%27|/\'/?)\.#i',
|
|
'#/(\$(\&)?|\*|\"|\.|,|&|&?)/?$#i',
|
|
'#(\{0\}|\(/\(|\.\.\.|\+\+\+|\\"\\")#i',
|
|
'#(~|`|<|>|:|;|,|%|\|\s|\{|\}|\[|\]|\|)#i',
|
|
'#/(=|\$&|_mm|cgi-|etc/passwd|muieblack)#i',
|
|
'#(&pws=0|_vti_|\(null\)|\{\$itemURL\}|echo(.*)kae|etc/passwd|eval\(|self/environ)#i',
|
|
'#\.(aspx?|bash|bak?|cfg|cgi|dll|exe|git|hg|ini|jsp|log|mdb|out|sql|svn|swp|tar|rar|rdf)$#i',
|
|
'#/(^$|(wp-)?config|mobiquo|phpinfo|shell|sqlpatch|thumb|thumb_editor|thumbopen|timthumb|webshell)\.php#i',
|
|
);
|
|
|
|
return Rule_Utils::contains_pattern(rawurldecode($uri), $patterns);
|
|
}
|
|
|
|
}
|