function main()
 {
     global $real_uri, $vhost, $add_errmsg, $pri_err, $query_string;
     static $detable, $detimer;
     $t = time();
     $tmax = access_query("dosevasivetimer", 0) or $tmax = 10;
     $dmax = access_query("dosevasivemaxreqs", 0) or $dmax = 5;
     if ($t > $detimer + $tmax) {
         // Clean table on timer
         $detable = array();
         $detimer = $t;
     }
     if ($detable[$vhost . $real_uri . $query_string] >= $dmax) {
         // Discard request with DosEvasiveError if requested more than DosEvasiveMaxReqs in DocEvasiveTimer seconds
         $e = access_query("dosevasiveerror", 0) or $e = 403;
         $pri_err = $e;
         $add_errmsg = "You are not allowed to request a resource more than <b>" . (int) $dmax . "</b> times in <b>" . (int) $tmax . "</b> seconds.<br><br>";
         if ($bt = access_query("dosevasiveblocktime", 0)) {
             if (strtolower($bt) == "perm") {
                 nw_block_ip_address($GLOBALS["remote_ip"], "PERM", "mod_dosevasive");
             } else {
                 nw_block_ip_address($GLOBALS["remote_ip"], "TEMP", "mod_dosevasive", time() + $bt);
             }
         }
     }
     // Update url table
     $detable[$vhost . $real_uri . $query_string]++;
 }
Example #2
0
 function main()
 {
     global $add_errmsg, $pri_err, $remote_ip, $remote_host, $lf;
     switch (access_query("acpolicy", 0)) {
         case "deny":
             $ad = $this->fmatch("allow");
             $ad[0] = !$ad[0];
             if ($dca = access_query("acallowclass")) {
                 foreach ($dca as $dc) {
                     if ($this->classfilter($dc, $ad[1])) {
                         $ad[0] = false;
                         break;
                     }
                 }
             }
             break;
         case "allow":
         default:
             $ad = $this->fmatch("deny");
             if ($dca = access_query("acdenyclass")) {
                 foreach ($dca as $dc) {
                     if ($this->classfilter($dc, $ad[1])) {
                         $ad[0] = true;
                         break;
                     }
                 }
             }
             break;
     }
     if ($ad[0]) {
         if ($ac_class = $ad[1]) {
             if ($bea = access_query("acblockerrorclass")) {
                 foreach ($bea as $be) {
                     if (strtok($be, " ") == $ac_class) {
                         $cl_err = strtok("");
                         break;
                     }
                 }
             }
             if ($bma = access_query("acblockmessageclass")) {
                 foreach ($bma as $bm) {
                     if (strtok($bm, " ") == $ac_class) {
                         $cl_msg = strtok("");
                         break;
                     }
                 }
             }
             if ($iba = access_query("acipblockclass")) {
                 foreach ($iba as $ib) {
                     if (strtok($ib, " ") == $ac_class) {
                         $cl_ibt = strtok("");
                         break;
                     }
                 }
             }
         }
         $pri_err = $cl_err or $pri_err = (int) access_query("acblockerror", 0) or $pri_err = 403;
         $amsg = $cl_msg or $amsg = access_query("acblockmessage", 0);
         $ibt = $cl_ibt or $ibt = access_query("acipblock", 0);
         if ($ibt) {
             if ($ac_class) {
                 $ibs = "." . $ac_class;
             } else {
                 $ibs = "";
             }
             if (strtolower($ibt) == "perm") {
                 nw_block_ip_address($GLOBALS["remote_ip"], "PERM", "mod_ac" . $ibs);
             } else {
                 nw_block_ip_address($GLOBALS["remote_ip"], "TEMP", "mod_ac" . $ibs, time() + $ibt);
             }
         }
         if ($amsg) {
             $add_errmsg .= $amsg . "<br><br>";
         }
     }
 }
 function url(&$rq_err, &$out_contenttype, &$out_add_headers)
 {
     global $conf, $vhost;
     if (strpos($GLOBALS["http_uri"], "root.exe") !== false) {
         $wormid = "Nimda";
     } else {
         if ($GLOBALS["query_string"][0] == "N") {
             $wormid = "CodeRed";
         } else {
             if ($GLOBALS["query_string"][0] == "X") {
                 $wormid = "CodeRed2";
             } else {
                 $wormid = "unknown";
             }
         }
     }
     if ($bt = access_query("wormsblocktime", 0)) {
         // Block source IP address
         $bsrc = "mod_worms." . $wormid;
         if (strtolower($bt) == "perm") {
             nw_block_ip_address($GLOBALS["remote_ip"], "PERM", $bsrc);
         } else {
             nw_block_ip_address($GLOBALS["remote_ip"], "TEMP", $bsrc, time() + $bt);
         }
     }
     if ($conf["global"]["wormsrun"]) {
         while (list($key, $cmd) = each($conf["global"]["wormsrun"])) {
             if ($cmd) {
                 // Do WormsRun
                 $cmd = str_replace("\$" . "REMOTE_IP", $GLOBALS["remote_ip"], $cmd);
                 $cmd = str_replace("\$" . "REMOTE_HOST", $GLOBALS["remote_host"], $cmd);
                 exec($cmd);
             }
         }
     }
     if ($conf["global"]["wormswpoptext"]) {
         // Do WormsWpopText
         while (list($key, $msgline) = each($conf["global"]["wormswpoptext"])) {
             $msg .= $msgline . "\n";
         }
         $msg = str_replace("\$" . "SERVERNAME", $conf[$vhost]["servername"][0], $msg);
         $msg = str_replace("\$" . "SERVERADMIN", $conf[$vhost]["serveradmin"][0], $msg);
         if ($p = @popen("wpop " . $GLOBALS["remote_ip"], "w")) {
             fputs($p, $msg);
             pclose($p);
         } else {
             techo("mod_worms: unable to popen() wpop", NW_EL_WARNING);
         }
     }
     // Return 404 Not found
     $rq_err = 404;
     return "";
 }
Example #4
0
function nanoweb_init($conffile)
{
    global $conf, $themes, $cmdline_conf_overrides, $cmdline_conf_adds, $modules, $posix_av, $pcntl_av, $gz_av, $mime, $access_policy, $sysusr, $sysgrp, $icnt, $banned_ips, $srvlog_levels;
    $dc = get_defined_constants();
    foreach ($dc as $cname => $cval) {
        if (substr($cname, 0, 6) == "NW_EL_") {
            $srvlog_levels[strtolower(substr($cname, 6))] = $cval;
        }
    }
    $iconf = parseconfig(file($conffile));
    if (is_string($iconf)) {
        if ($icnt) {
            techo($iconf, NW_EL_WARNING);
            return false;
        } else {
            errexit($iconf);
        }
    } else {
        if (is_array($iconf)) {
            $conf = $iconf;
        }
    }
    $conf = cmdline_conf_upd($conf, $cmdline_conf_overrides, $cmdline_conf_adds);
    $modules = load_modules($conf);
    modules_init();
    $themes = load_themes($conf);
    ++$icnt;
    $ap_aliases = array("parseext" => "_parseext", "alias" => "_aliases", "errordocument" => "_errordocument", "errorheader" => "_errorheader");
    $access_policy = array();
    foreach ($conf["global"]["accessoverride"] as $ov_dir) {
        if ($ov_dir) {
            $access_policy[strtolower($ov_dir)] = "override";
        }
    }
    foreach ($conf["global"]["accessmerge"] as $mg_dir) {
        if ($mg_dir) {
            $access_policy[strtolower($mg_dir)] = "merge";
        }
    }
    foreach ($conf["global"]["accessblock"] as $bl_dir) {
        if ($bl_dir) {
            $access_policy[strtolower($bl_dir)] = "block";
        }
    }
    foreach ($ap_aliases as $rk => $ak) {
        if ($access_policy[$rk]) {
            $access_policy[$ak] = $access_policy[$rk];
        }
    }
    $posix_av = is_callable("posix_setuid");
    $pcntl_av = is_callable("pcntl_fork");
    $gz_av = is_callable("gzencode");
    if (count($themes) == 0) {
        techo("WARN: No theme loaded, server generated content is disabled", NW_EL_WARNING);
    }
    if ($posix_av) {
        foreach ($conf as $vconf) {
            if ($u = $vconf["user"][0]) {
                $sysusr[$u] = @posix_getpwnam($u);
            }
            if ($g = $vconf["group"][0]) {
                $sysgrp[$g] = @posix_getgrnam($g);
            }
        }
    }
    if (!$conf["global"]["singleprocessmode"][0] && (!$posix_av || !$pcntl_av || $conf["global"]["servermode"][0] == "inetd")) {
        techo("WARN: forcing single process mode", NW_EL_WARNING);
        $conf["global"]["singleprocessmode"][0] = true;
    }
    if ($conf["global"]["servermode"][0] == "inetd") {
        unset($conf["global"]["logtoconsole"]);
        unset($conf["global"]["pidfile"]);
    }
    if ($conf["global"]["singleprocessmode"][0]) {
        $conf["global"]["loggerprocess"] = 0;
        if ($conf["global"]["keepalive"][0]) {
            techo("WARN: KeepAlive should be set to 0 in single process mode", NW_EL_WARNING);
        }
    }
    if ($pcntl_av) {
        pcntl_signal(SIGTERM, "nanoweb_shutdown");
        pcntl_signal(SIGHUP, "nanoweb_reload");
    }
    $mime = array();
    if (!@is_readable($conf["global"]["mimetypes"][0])) {
        techo("WARN: unable to read mime types file (" . $conf["global"]["mimetypes"][0] . "), using internals", NW_EL_WARNING);
        $mime = array("html" => "text/html", "xml" => "text/xml", "gif" => "image/gif", "jpeg" => "image/jpeg", "png" => "image/png", "tgz" => "application/gtar");
    } else {
        if ($mimetypes = @file($conf["global"]["mimetypes"][0])) {
            foreach ($mimetypes as $s) {
                if (trim($s) && $s[0] != "#") {
                    if (ereg("([a-zA-Z0-9/.-]+)[ \t]+([a-zA-Z0-9 -]+)", $s, $res)) {
                        if ($exts = explode(" ", trim($res[2]))) {
                            foreach ($exts as $ext) {
                                if (trim($res[1]) && trim($ext)) {
                                    $mime[$ext] = trim($res[1]);
                                }
                            }
                        }
                    }
                }
            }
            unset($mimetypes);
        }
    }
    if ($at = $conf["global"]["addtype"]) {
        foreach ($at as $adt) {
            $mt = strtok(trim($adt), " ");
            while ($s = strtok(" ")) {
                $mime[ltrim($s, ".")] = $mt;
            }
        }
    }
    $conf["_complete"] = true;
    $banned_ips = array();
    if (is_array($conf["global"]["blockipaddr"])) {
        foreach ($conf["global"]["blockipaddr"] as $ip) {
            nw_block_ip_address($ip, "PERM", "config.BlockIPAddr");
        }
    }
    return true;
}