function WP_firewall_check_exclusions()
{
$request_string = WP_firewall_check_whitelisted_variable();
if ($request_string == false) {
//nothing to do
} else {
// Directory traversal - check directories
if (get_option('WP_firewall_exclude_directory') == 'allow') {
$exclude_terms = array('#etc/passwd#', '#proc/self/environ#', '#\\.\\./#');
foreach ($exclude_terms as $preg) {
foreach ($request_string as $key => $value) {
if (preg_match($preg, $value)) {
if (!WP_firewall_check_ip_whitelist()) {
WP_firewall_send_log_message($key, $value, 'directory-traversal-attack', 'Directory Traversal');
WP_firewall_send_redirect();
}
}
}
}
}
// SQL injection - check queries
if (get_option('WP_firewall_exclude_queries') == 'allow') {
$exclude_terms = array('#concat\\s*\\(#i', '#group_concat#i', '#union.*select#i');
foreach ($exclude_terms as $preg) {
foreach ($request_string as $key => $value) {
if (preg_match($preg, $value)) {
if (!WP_firewall_check_ip_whitelist()) {
WP_firewall_send_log_message($key, $value, 'sql-injection-attack', 'SQL Injection');
WP_firewall_send_redirect();
}
}
}
}
}
// WP SQL injection - check wp terms
if (get_option('WP_firewall_exclude_terms') == 'allow') {
$exclude_terms = array('#wp_#i', '#user_login#i', '#user_pass#i', '#0x[0-9a-f][0-9a-f]#i', '#/\\*\\*/#');
foreach ($exclude_terms as $preg) {
foreach ($request_string as $key => $value) {
if (preg_match($preg, $value)) {
if (!WP_firewall_check_ip_whitelist()) {
WP_firewall_send_log_message($key, $value, 'wp-specific-sql-injection-attack', 'WordPress-Specific SQL Injection');
WP_firewall_send_redirect();
}
}
}
}
}
// Field truncation - check ... not sure yet
if (get_option('WP_firewall_exclude_spaces') == 'allow') {
$exclude_terms = array('#\\s{49,}#i', '#\\x00#');
foreach ($exclude_terms as $preg) {
foreach ($request_string as $key => $value) {
if (preg_match('#\\s{49,}#i', $value)) {
if (!WP_firewall_check_ip_whitelist()) {
WP_firewall_send_log_message($key, $value, 'field-truncation-attack', 'Field Truncation');
WP_firewall_send_redirect();
}
}
}
}
}
// Block executable file upload - check exluded file types
if (get_option('WP_firewall_exclude_file') == 'allow') {
foreach ($_FILES as $file) {
$file_extensions = array('#\\.dll$#i', '#\\.rb$#i', '#\\.py$#i', '#\\.exe$#i', '#\\.php[3-6]?$#i', '#\\.pl$#i', '#\\.perl$#i', '#\\.ph[34]$#i', '#\\.phl$#i', '#\\.phtml$#i', '#\\.phtm$#i');
foreach ($file_extensions as $regex) {
if (preg_match($regex, $file['name'])) {
// no ip check, should there be one?
WP_firewall_send_log_message('$_FILE', $file['name'], 'executable-file-upload-attack', 'Executable File Upload');
WP_firewall_send_redirect();
}
}
}
}
// Block remote file execution - check for leading http/https
// This can be problematic with many plugins, as it'll break requests
// starting with http/https, however, may be still be useful
if (get_option('WP_firewall_exclude_http') == 'allow') {
$exclude_terms = array('#^http#i', '#\\.shtml#i');
foreach ($exclude_terms as $preg) {
foreach ($request_string as $key => $value) {
if (preg_match($preg, $value)) {
if (!WP_firewall_check_ip_whitelist()) {
WP_firewall_send_log_message($key, $value, 'remote-file-execution-attack', 'Remote File Execution');
WP_firewall_send_redirect();
}
}
}
}
}
}
}
function WP_firewall_check_exclusions () {
$request_string = WP_firewall_check_whitelisted_variable();
if($request_string == false){
} else{
if(get_option('WP_firewall_exclude_directory') == 'allow'){
$exclude_terms = array('#etc/passwd#', '#proc/self/environ#', '#\.\./#');
foreach($exclude_terms as $preg){
foreach($request_string as $key=>$value){
if(preg_match($preg, $value)){
if(!WP_firewall_check_ip_whitelist()){
WP_firewall_send_log_message($key, $value,
'directory-traversal-attack', 'Directory Traversal');
WP_firewall_send_redirect();
}
}
}
}
}
if(get_option('WP_firewall_exclude_queries') == 'allow'){
$exclude_terms = array('#concat\s*\(#i', '#group_concat#i',
'#union.*select#i');
foreach($exclude_terms as $preg){
foreach($request_string as $key=>$value){
if(preg_match($preg, $value) ){
if(!WP_firewall_check_ip_whitelist()){
WP_firewall_send_log_message($key, $value,
'sql-injection-attack', 'SQL Injection');
WP_firewall_send_redirect();
}
}
}
}
}
if(get_option('WP_firewall_exclude_terms') == 'allow'){
$exclude_terms = array('#wp_#i', '#user_login#i',
'#user_pass#i', '#0x[0-9a-f][0-9a-f]#i', '#/\*\*/#');
foreach($exclude_terms as $preg){
foreach($request_string as $key=>$value){
if(preg_match($preg, $value)){
if(!WP_firewall_check_ip_whitelist()){
WP_firewall_send_log_message($key, $value,
'wp-specific-sql-injection-attack', 'WordPress-Specific SQL Injection');
WP_firewall_send_redirect();
}
}
}
}
}
if(get_option('WP_firewall_exclude_spaces') == 'allow'){
$exclude_terms = array('#\s{49,}#i','#\x00#');
foreach($exclude_terms as $preg){
foreach($request_string as $key=>$value){
if(preg_match('#\s{49,}#i', $value) ){
if(!WP_firewall_check_ip_whitelist()){
WP_firewall_send_log_message($key, $value,
'field-truncation-attack', 'Field Truncation');
WP_firewall_send_redirect();
}
}
}
}
}
if(get_option('WP_firewall_exclude_file') == 'allow'){
foreach ($_FILES as $file) {
$file_extensions =
array('#\.dll$#i', '#\.rb$#i', '#\.py$#i',
'#\.exe$#i', '#\.php[3-6]?$#i','#\.pl$#i',
'#\.perl$#i', '#\.ph[34]$#i', '#\.phl$#i' ,
'#\.phtml$#i', '#\.phtm$#i');
foreach($file_extensions as $regex){
if(preg_match($regex, $file['name'])){
WP_firewall_send_log_message('$_FILE', $file['name'],
'executable-file-upload-attack', 'Executable File Upload');
WP_firewall_send_redirect();
}
}
}
}
if(get_option('WP_firewall_exclude_http') == 'allow'){
$exclude_terms = array('#^http#i', '#\.shtml#i');
foreach($exclude_terms as $preg){
foreach($request_string as $key=>$value){
if(preg_match($preg, $value)){
if(!WP_firewall_check_ip_whitelist()){
WP_firewall_send_log_message($key, $value,
'remote-file-execution-attack', 'Remote File Execution');
WP_firewall_send_redirect();
}
}
}
}
}
}
}
