Ejemplo n.º 1
0
 /**
  * {@inheritdoc}
  */
 public function checkVisitor(Visitor $visitor)
 {
     if ($this->blacklist->match($visitor->getIP())) {
         return CheckInterface::RESULT_BLOCK;
     }
     $uastring = $visitor->getUserAgent()->getUserAgentString();
     if ($this->untrustedUserAgents->match($uastring)) {
         return CheckInterface::RESULT_BLOCK;
     }
     return CheckInterface::RESULT_OKAY;
 }
Ejemplo n.º 2
0
 /**
  * {@inheritdoc}
  */
 public function insert(Visitor $visitor, ResultInterface $result)
 {
     $explanation = $result->getExplanation();
     $message = $explanation['logtext'];
     $context = $visitor->toArray();
     if ($result instanceof PositiveResult) {
         $this->logPositiveResult($message, $context);
     } elseif ($result instanceof NegativeResult) {
         $this->logNegativeResult($message, $context);
     }
 }
Ejemplo n.º 3
0
 /**
  * {@inheritdoc}
  */
 public function checkVisitor(Visitor $visitor)
 {
     foreach ($this->getBadPatterns() as $reason => $items) {
         foreach ($items as $item) {
             if ($this->match($visitor->getRequestURI(), $item['pattern'], $item['ignore_case'])) {
                 return $reason ?: CheckInterface::RESULT_BLOCK;
             }
         }
     }
     return CheckInterface::RESULT_OKAY;
 }
Ejemplo n.º 4
0
 /**
  * {@inheritdoc}
  */
 public function checkVisitor(Visitor $visitor)
 {
     $ip = $visitor->getIP();
     $revip = Utils::isIPv6($ip) ? $this->getIPv6Arpa($ip) : $this->getIPv4Arpa($ip);
     foreach ($this->lists as $list) {
         if (checkdnsrr("{$revip}.{$list}.", 'A')) {
             return CheckInterface::RESULT_BLOCK;
         }
     }
     return CheckInterface::RESULT_OKAY;
 }
Ejemplo n.º 5
0
 /**
  * {@inheritdoc}
  */
 public function checkVisitor(Visitor $visitor)
 {
     $params = http_build_query(['ip' => $visitor->getIP()]);
     $response = @simplexml_load_file(self::CHECK_URL . '?' . $params);
     if ($response === false) {
         return CheckInterface::RESULT_OKAY;
     }
     foreach ($response->appears as $appears) {
         if ($appears == 'yes') {
             return CheckInterface::RESULT_BLOCK;
         }
     }
     return CheckInterface::RESULT_OKAY;
 }
Ejemplo n.º 6
0
 /**
  * Checks if the visitor is whitelisted.
  *
  * @param \FlameCore\Gatekeeper\Visitor $visitor The visitor
  * @return bool
  */
 protected function isWhitelisted(Visitor $visitor)
 {
     if ($this->whitelist->match($visitor->getIP())) {
         return true;
     }
     $uastring = $visitor->getUserAgent()->getUserAgentString();
     if ($this->trustedUserAgents->match($uastring)) {
         return true;
     }
     return false;
 }
Ejemplo n.º 7
0
 /**
  * Analyzes user agents claiming to be Baidu Spider.
  *
  * @param \FlameCore\Gatekeeper\Visitor $visitor The visitor information
  * @return int
  * @throws \FlameCore\Gatekeeper\Exceptions\StopScreeningException
  */
 protected function checkBaiduBot(Visitor $visitor)
 {
     if (Utils::isIPv6($visitor->getIP())) {
         return CheckInterface::RESULT_OKAY;
     }
     if (Utils::matchCIDR($visitor->getIP(), ['119.63.192.0/21', '123.125.71.0/24', '180.76.0.0/16', '220.181.0.0/16'])) {
         throw new StopScreeningException();
     }
     return CheckInterface::RESULT_UNSURE;
 }
Ejemplo n.º 8
0
 /**
  * {@inheritdoc}
  */
 public function checkVisitor(Visitor $visitor)
 {
     $ip = $visitor->getIP();
     // Can't use IPv6 addresses yet
     if (Utils::isIPv6($ip)) {
         return CheckInterface::RESULT_OKAY;
     }
     $revip = $this->getIPv4Arpa($ip);
     $result = gethostbynamel("{$this->apiKey}.{$revip}.dnsbl.httpbl.org.");
     if (!empty($result)) {
         $resip = explode('.', $result[0]);
         if ($resip[0] == 127 && $resip[3] & 7 && $resip[2] >= $this->threatLevel && $resip[1] <= $this->maxAge) {
             return CheckInterface::RESULT_BLOCK;
         }
     }
     return CheckInterface::RESULT_OKAY;
 }
Ejemplo n.º 9
0
 /**
  * Analyzes the request headers.
  *
  * @param \FlameCore\Gatekeeper\Visitor $visitor
  * @return bool|string
  */
 protected function checkHeaders(Visitor $visitor)
 {
     $headers = $visitor->getRequestHeaders();
     $uastring = $visitor->getUserAgent()->getUserAgentString();
     if ($visitor->getRequestMethod() != 'POST' && empty($uastring)) {
         return 'f9f2b8b9';
     }
     // 'Range:' field exists and begins with 0. Real user-agents do not start ranges at 0. (Also blocks whois.sc bot. No big loss.)
     // Exceptions: MT (not fixable); LJ (refuses to fix; may be blocked again in the future); Facebook
     if ($this->settings['strict'] && $headers->has('Range') && strpos($headers->get('Range'), '=0-') !== false) {
         if (strncmp($uastring, 'MovableType', 11) && strncmp($uastring, 'URI::Fetch', 10) && strncmp($uastring, 'php-openid/', 11) && strncmp($uastring, 'facebookexternalhit', 19)) {
             return '7ad04a8a';
         }
     }
     // Content-Range is a response header, not a request header
     if ($headers->has('Content-Range')) {
         return '7d12528e';
     }
     // pinappleproxy is used by referrer spammers
     if ($headers->has('Via')) {
         if (stripos($headers->get('Via'), 'pinappleproxy') !== false || stripos($headers->get('Via'), 'PCNETSERVER') !== false || stripos($headers->get('Via'), 'Invisiware') !== false) {
             return '939a6fbb';
         }
     }
     // 'TE:' if present must have 'Connection: TE' (RFC 2616 14.39)
     // Blocks Microsoft ISA Server 2004 in strict mode. Contact Microsoft to obtain a hotfix.
     if ($this->settings['strict'] && $headers->has('Te')) {
         if (!preg_match('/\\bTE\\b/', $headers->get('Connection'))) {
             return '582ec5e4';
         }
     }
     // Analyze the Connection header if it exists
     if ($headers->has('Connection') && ($result = $this->checkConnectionHeader($headers->get('Connection')))) {
         return $result;
     }
     // Headers which are not seen from normal user agents; only malicious bots
     if ($headers->has('X-Aaaaaaaaaaaa') || $headers->has('X-Aaaaaaaaaa')) {
         return 'b9cc1d86';
     }
     // 'Proxy-Connection' does not exist and should never be seen in the wild.
     // - http://lists.w3.org/Archives/Public/ietf-http-wg-old/1999JanApr/0032.html
     // - http://lists.w3.org/Archives/Public/ietf-http-wg-old/1999JanApr/0040.html
     if ($this->settings['strict'] && $headers->has('Proxy-Connection')) {
         return 'b7830251';
     }
     // Analyze the Referer header if it exists
     if ($headers->has('Referer') && ($result = $this->checkRefererHeader($headers->get('Referer')))) {
         return $result;
     }
     return false;
 }
Ejemplo n.º 10
0
 /**
  * Analyzes trackbacks.
  *
  * @param \FlameCore\Gatekeeper\Visitor $visitor
  * @return bool|string
  */
 protected function checkTrackback(Visitor $visitor)
 {
     $headers = $visitor->getRequestHeaders();
     // Web browsers don't send trackbacks
     if ($visitor->isBrowser()) {
         return 'f0dcb3fd';
     }
     // Proxy servers don't send trackbacks either
     if ($headers->has('Via') || $headers->has('Max-Forwards') || $headers->has('X-Forwarded-For') || $headers->has('Client-Ip')) {
         return 'd60b87c7';
     }
     // Real WordPress trackbacks may contain 'Accept:' and have a charset defined
     if (strpos($visitor->getUserAgent()->getUserAgentString(), 'WordPress/') !== false) {
         if (strpos($headers->get('Accept'), 'charset=') === false) {
             return 'e3990b47';
         }
     }
     return false;
 }