function main()
{
global $real_uri, $vhost, $add_errmsg, $pri_err, $query_string;
static $detable, $detimer;
$t = time();
$tmax = access_query("dosevasivetimer", 0) or $tmax = 10;
$dmax = access_query("dosevasivemaxreqs", 0) or $dmax = 5;
if ($t > $detimer + $tmax) {
// Clean table on timer
$detable = array();
$detimer = $t;
}
if ($detable[$vhost . $real_uri . $query_string] >= $dmax) {
// Discard request with DosEvasiveError if requested more than DosEvasiveMaxReqs in DocEvasiveTimer seconds
$e = access_query("dosevasiveerror", 0) or $e = 403;
$pri_err = $e;
$add_errmsg = "You are not allowed to request a resource more than <b>" . (int) $dmax . "</b> times in <b>" . (int) $tmax . "</b> seconds.<br><br>";
if ($bt = access_query("dosevasiveblocktime", 0)) {
if (strtolower($bt) == "perm") {
nw_block_ip_address($GLOBALS["remote_ip"], "PERM", "mod_dosevasive");
} else {
nw_block_ip_address($GLOBALS["remote_ip"], "TEMP", "mod_dosevasive", time() + $bt);
}
}
}
// Update url table
$detable[$vhost . $real_uri . $query_string]++;
}
function main()
{
global $add_errmsg, $pri_err, $remote_ip, $remote_host, $lf;
switch (access_query("acpolicy", 0)) {
case "deny":
$ad = $this->fmatch("allow");
$ad[0] = !$ad[0];
if ($dca = access_query("acallowclass")) {
foreach ($dca as $dc) {
if ($this->classfilter($dc, $ad[1])) {
$ad[0] = false;
break;
}
}
}
break;
case "allow":
default:
$ad = $this->fmatch("deny");
if ($dca = access_query("acdenyclass")) {
foreach ($dca as $dc) {
if ($this->classfilter($dc, $ad[1])) {
$ad[0] = true;
break;
}
}
}
break;
}
if ($ad[0]) {
if ($ac_class = $ad[1]) {
if ($bea = access_query("acblockerrorclass")) {
foreach ($bea as $be) {
if (strtok($be, " ") == $ac_class) {
$cl_err = strtok("");
break;
}
}
}
if ($bma = access_query("acblockmessageclass")) {
foreach ($bma as $bm) {
if (strtok($bm, " ") == $ac_class) {
$cl_msg = strtok("");
break;
}
}
}
if ($iba = access_query("acipblockclass")) {
foreach ($iba as $ib) {
if (strtok($ib, " ") == $ac_class) {
$cl_ibt = strtok("");
break;
}
}
}
}
$pri_err = $cl_err or $pri_err = (int) access_query("acblockerror", 0) or $pri_err = 403;
$amsg = $cl_msg or $amsg = access_query("acblockmessage", 0);
$ibt = $cl_ibt or $ibt = access_query("acipblock", 0);
if ($ibt) {
if ($ac_class) {
$ibs = "." . $ac_class;
} else {
$ibs = "";
}
if (strtolower($ibt) == "perm") {
nw_block_ip_address($GLOBALS["remote_ip"], "PERM", "mod_ac" . $ibs);
} else {
nw_block_ip_address($GLOBALS["remote_ip"], "TEMP", "mod_ac" . $ibs, time() + $ibt);
}
}
if ($amsg) {
$add_errmsg .= $amsg . "<br><br>";
}
}
}
function url(&$rq_err, &$out_contenttype, &$out_add_headers)
{
global $conf, $vhost;
if (strpos($GLOBALS["http_uri"], "root.exe") !== false) {
$wormid = "Nimda";
} else {
if ($GLOBALS["query_string"][0] == "N") {
$wormid = "CodeRed";
} else {
if ($GLOBALS["query_string"][0] == "X") {
$wormid = "CodeRed2";
} else {
$wormid = "unknown";
}
}
}
if ($bt = access_query("wormsblocktime", 0)) {
// Block source IP address
$bsrc = "mod_worms." . $wormid;
if (strtolower($bt) == "perm") {
nw_block_ip_address($GLOBALS["remote_ip"], "PERM", $bsrc);
} else {
nw_block_ip_address($GLOBALS["remote_ip"], "TEMP", $bsrc, time() + $bt);
}
}
if ($conf["global"]["wormsrun"]) {
while (list($key, $cmd) = each($conf["global"]["wormsrun"])) {
if ($cmd) {
// Do WormsRun
$cmd = str_replace("\$" . "REMOTE_IP", $GLOBALS["remote_ip"], $cmd);
$cmd = str_replace("\$" . "REMOTE_HOST", $GLOBALS["remote_host"], $cmd);
exec($cmd);
}
}
}
if ($conf["global"]["wormswpoptext"]) {
// Do WormsWpopText
while (list($key, $msgline) = each($conf["global"]["wormswpoptext"])) {
$msg .= $msgline . "\n";
}
$msg = str_replace("\$" . "SERVERNAME", $conf[$vhost]["servername"][0], $msg);
$msg = str_replace("\$" . "SERVERADMIN", $conf[$vhost]["serveradmin"][0], $msg);
if ($p = @popen("wpop " . $GLOBALS["remote_ip"], "w")) {
fputs($p, $msg);
pclose($p);
} else {
techo("mod_worms: unable to popen() wpop", NW_EL_WARNING);
}
}
// Return 404 Not found
$rq_err = 404;
return "";
}
function nanoweb_init($conffile)
{
global $conf, $themes, $cmdline_conf_overrides, $cmdline_conf_adds, $modules, $posix_av, $pcntl_av, $gz_av, $mime, $access_policy, $sysusr, $sysgrp, $icnt, $banned_ips, $srvlog_levels;
$dc = get_defined_constants();
foreach ($dc as $cname => $cval) {
if (substr($cname, 0, 6) == "NW_EL_") {
$srvlog_levels[strtolower(substr($cname, 6))] = $cval;
}
}
$iconf = parseconfig(file($conffile));
if (is_string($iconf)) {
if ($icnt) {
techo($iconf, NW_EL_WARNING);
return false;
} else {
errexit($iconf);
}
} else {
if (is_array($iconf)) {
$conf = $iconf;
}
}
$conf = cmdline_conf_upd($conf, $cmdline_conf_overrides, $cmdline_conf_adds);
$modules = load_modules($conf);
modules_init();
$themes = load_themes($conf);
++$icnt;
$ap_aliases = array("parseext" => "_parseext", "alias" => "_aliases", "errordocument" => "_errordocument", "errorheader" => "_errorheader");
$access_policy = array();
foreach ($conf["global"]["accessoverride"] as $ov_dir) {
if ($ov_dir) {
$access_policy[strtolower($ov_dir)] = "override";
}
}
foreach ($conf["global"]["accessmerge"] as $mg_dir) {
if ($mg_dir) {
$access_policy[strtolower($mg_dir)] = "merge";
}
}
foreach ($conf["global"]["accessblock"] as $bl_dir) {
if ($bl_dir) {
$access_policy[strtolower($bl_dir)] = "block";
}
}
foreach ($ap_aliases as $rk => $ak) {
if ($access_policy[$rk]) {
$access_policy[$ak] = $access_policy[$rk];
}
}
$posix_av = is_callable("posix_setuid");
$pcntl_av = is_callable("pcntl_fork");
$gz_av = is_callable("gzencode");
if (count($themes) == 0) {
techo("WARN: No theme loaded, server generated content is disabled", NW_EL_WARNING);
}
if ($posix_av) {
foreach ($conf as $vconf) {
if ($u = $vconf["user"][0]) {
$sysusr[$u] = @posix_getpwnam($u);
}
if ($g = $vconf["group"][0]) {
$sysgrp[$g] = @posix_getgrnam($g);
}
}
}
if (!$conf["global"]["singleprocessmode"][0] && (!$posix_av || !$pcntl_av || $conf["global"]["servermode"][0] == "inetd")) {
techo("WARN: forcing single process mode", NW_EL_WARNING);
$conf["global"]["singleprocessmode"][0] = true;
}
if ($conf["global"]["servermode"][0] == "inetd") {
unset($conf["global"]["logtoconsole"]);
unset($conf["global"]["pidfile"]);
}
if ($conf["global"]["singleprocessmode"][0]) {
$conf["global"]["loggerprocess"] = 0;
if ($conf["global"]["keepalive"][0]) {
techo("WARN: KeepAlive should be set to 0 in single process mode", NW_EL_WARNING);
}
}
if ($pcntl_av) {
pcntl_signal(SIGTERM, "nanoweb_shutdown");
pcntl_signal(SIGHUP, "nanoweb_reload");
}
$mime = array();
if (!@is_readable($conf["global"]["mimetypes"][0])) {
techo("WARN: unable to read mime types file (" . $conf["global"]["mimetypes"][0] . "), using internals", NW_EL_WARNING);
$mime = array("html" => "text/html", "xml" => "text/xml", "gif" => "image/gif", "jpeg" => "image/jpeg", "png" => "image/png", "tgz" => "application/gtar");
} else {
if ($mimetypes = @file($conf["global"]["mimetypes"][0])) {
foreach ($mimetypes as $s) {
if (trim($s) && $s[0] != "#") {
if (ereg("([a-zA-Z0-9/.-]+)[ \t]+([a-zA-Z0-9 -]+)", $s, $res)) {
if ($exts = explode(" ", trim($res[2]))) {
foreach ($exts as $ext) {
if (trim($res[1]) && trim($ext)) {
$mime[$ext] = trim($res[1]);
}
}
}
}
}
}
unset($mimetypes);
}
}
if ($at = $conf["global"]["addtype"]) {
foreach ($at as $adt) {
$mt = strtok(trim($adt), " ");
while ($s = strtok(" ")) {
$mime[ltrim($s, ".")] = $mt;
}
}
}
$conf["_complete"] = true;
$banned_ips = array();
if (is_array($conf["global"]["blockipaddr"])) {
foreach ($conf["global"]["blockipaddr"] as $ip) {
nw_block_ip_address($ip, "PERM", "config.BlockIPAddr");
}
}
return true;
}