/**
* @param wfWAFRequest|null $request
* @return wfWAFRequest
*/
public static function createFromGlobals($request = null)
{
if (version_compare(phpversion(), '5.3.0') >= 0) {
$class = get_called_class();
$request = new $class();
} else {
$request = new self();
}
return parent::createFromGlobals($request);
}
<?php
/** @var wfRequestModel $hit */
/** @var stdClass $hitData */
$title = sprintf('Debugging #%d as False Positive', $hit->id);
$fields = array('URL' => $hit->URL, 'Timestamp' => date('r', $hit->ctime), 'IP' => wfUtils::inet_ntop($hit->IP), 'Status Code' => $hit->statusCode, 'User Agent' => $hit->UA, 'Referer' => $hit->referer);
if (isset($hitData->fullRequest)) {
$requestString = base64_decode($hitData->fullRequest);
$request = wfWAFRequest::parseString($requestString);
} else {
$request = new wfWAFRequest();
$request->setAuth(array());
$request->setBody(array());
$request->setCookies(array());
$request->setFileNames(array());
$request->setFiles(array());
$request->setHeaders(array());
$request->setHost('');
$request->setIp('');
$request->setMethod('GET');
$request->setPath('');
$request->setProtocol('http');
$request->setQueryString(array());
$request->setTimestamp('');
$request->setUri('');
$headers = array();
$urlPieces = parse_url($hit->URL);
if ($urlPieces) {
if (array_key_exists('scheme', $urlPieces)) {
$request->setProtocol($urlPieces['scheme']);
}
<?php
/*
php_value auto_prepend_file ~/wp-content/plugins/wordfence/waf/bootstrap.php
*/
require_once dirname(__FILE__) . '/init.php';
if (!defined('WFWAF_LOG_PATH')) {
define('WFWAF_LOG_PATH', WFWAF_PATH . 'logs/');
}
wfWAF::setInstance(new wfWAF(wfWAFRequest::createFromGlobals(), new wfWAFStorageFile(WFWAF_LOG_PATH . 'attack-data.php', WFWAF_LOG_PATH . 'ips.php', WFWAF_LOG_PATH . 'config.php', WFWAF_LOG_PATH . 'wafRules.rules')));
wfWAF::getInstance()->getEventBus()->attach(new wfWAFBaseObserver());
$rulesFiles = array(WFWAF_PATH . 'rules.php', WFWAF_LOG_PATH . 'rules.php');
foreach ($rulesFiles as $rulesFile) {
if (!file_exists($rulesFile)) {
@touch($rulesFile);
}
if (is_writable($rulesFile)) {
wfWAF::getInstance()->setCompiledRulesFile($rulesFile);
break;
}
}
try {
if (!file_exists(wfWAF::getInstance()->getCompiledRulesFile()) || !filesize(wfWAF::getInstance()->getCompiledRulesFile())) {
try {
wfWAF::getInstance()->updateRuleSet(file_get_contents(WFWAF_PATH . 'baseRules.rules'));
} catch (wfWAFBuildRulesException $e) {
error_log($e->getMessage());
} catch (Exception $e) {
error_log($e->getMessage());
}
}
/**
* @param wfWAFRequest $request
* @return bool|string If not blocked, returns false. Otherwise a string of the reason it was blocked or true.
*/
public function shouldBlockRequest($request)
{
// Checking the user whitelist is done before reaching this call
$ip = $request->getIP();
//Check the system whitelist
if ($this->checkForWhitelisted($ip)) {
return false;
}
//Let the plugin handle these
$wfFunc = $request->getQueryString('_wfsf');
if ($wfFunc == 'unlockEmail' || $wfFunc == 'unlockAccess') {
// Can't check validity here, let it pass through to plugin level where it can
return false;
}
$logHuman = $request->getQueryString('wordfence_logHuman');
if ($logHuman !== null) {
return false;
}
//Start block checks
$ipNum = wfWAFUtils::inet_pton($ip);
$hostname = null;
$ua = $request->getHeaders('User-Agent');
if ($ua === null) {
$ua = '';
}
$referer = $request->getHeaders('Referer');
if ($referer === null) {
$referer = '';
}
$isPaid = false;
try {
$isPaid = wfWAF::getInstance()->getStorageEngine()->getConfig('isPaid');
$pluginABSPATH = wfWAF::getInstance()->getStorageEngine()->getConfig('pluginABSPATH');
$patternBlocksJSON = wfWAF::getInstance()->getStorageEngine()->getConfig('patternBlocks');
$countryBlocksJSON = wfWAF::getInstance()->getStorageEngine()->getConfig('countryBlocks');
$otherBlocksJSON = wfWAF::getInstance()->getStorageEngine()->getConfig('otherBlocks');
} catch (Exception $e) {
// Do nothing
}
if (isset($_SERVER['SCRIPT_FILENAME']) && (strpos($_SERVER['SCRIPT_FILENAME'], $pluginABSPATH . "wp-admin/") === 0 || strpos($_SERVER['SCRIPT_FILENAME'], $pluginABSPATH . "wp-content/") === 0 || strpos($_SERVER['SCRIPT_FILENAME'], $pluginABSPATH . "wp-includes/") === 0)) {
return false;
//Rely on WordPress's own access control and blocking at the plugin level
}
// Pattern Blocks from the Advanced Blocking page (IP Range, UA, Referer)
$patternBlocks = @wfWAFUtils::json_decode($patternBlocksJSON, true);
if (is_array($patternBlocks)) {
// Instead of a long block of if/else statements, using bitshifting to generate an expected value and a found value
$ipRangeOffset = 1;
$uaPatternOffset = 2;
$refPatternOffset = 3;
foreach ($patternBlocks as $b) {
$expectedBits = 0;
$foundBits = 0;
if (!empty($b['ipRange'])) {
$expectedBits |= 1 << $ipRangeOffset;
list($start_range, $end_range) = explode('-', $b['ipRange']);
if (preg_match('/[\\.:]/', $start_range)) {
$start_range = wfWAFUtils::inet_pton($start_range);
$end_range = wfWAFUtils::inet_pton($end_range);
} else {
$start_range = wfWAFUtils::inet_pton(long2ip($start_range));
$end_range = wfWAFUtils::inet_pton(long2ip($end_range));
}
if (strcmp($ipNum, $start_range) >= 0 && strcmp($ipNum, $end_range) <= 0) {
$foundBits |= 1 << $ipRangeOffset;
}
}
if (!empty($b['hostnamePattern'])) {
$expectedBits |= 1 << $ipRangeOffset;
if ($hostname === null) {
$hostname = wfWAFUtils::reverseLookup($ip);
}
if (preg_match(wfWAFUtils::patternToRegex($b['hostnamePattern']), $hostname)) {
$foundBits |= 1 << $ipRangeOffset;
}
}
if (!empty($b['uaPattern'])) {
$expectedBits |= 1 << $uaPatternOffset;
if (wfWAFUtils::isUABlocked($b['uaPattern'], $ua)) {
$foundBits |= 1 << $uaPatternOffset;
}
}
if (!empty($b['refPattern'])) {
$expectedBits |= 1 << $refPatternOffset;
if (wfWAFUtils::isRefererBlocked($b['refPattern'], $referer)) {
$foundBits |= 1 << $refPatternOffset;
}
}
if ($foundBits === $expectedBits && $expectedBits > 0) {
return array('action' => self::WFWAF_BLOCK_UAREFIPRANGE, 'id' => $b['id']);
}
}
}
// End Pattern Blocks
// Country Blocking
if ($isPaid) {
$countryBlocks = @wfWAFUtils::json_decode($countryBlocksJSON, true);
if (is_array($countryBlocks)) {
$blockedCountries = $countryBlocks['countries'];
$bareRequestURI = wfWAFUtils::extractBareURI($request->getURI());
$bareBypassRedirURI = wfWAFUtils::extractBareURI($countryBlocks['bypassRedirURL']);
$skipCountryBlocking = false;
if ($bareBypassRedirURI && $bareRequestURI == $bareBypassRedirURI) {
// Run this before country blocking because even if the user isn't blocked we need to set the bypass cookie so they can bypass future blocks.
if ($countryBlocks['bypassRedirDest']) {
setcookie('wfCBLBypass', $countryBlocks['cookieVal'], time() + 86400 * 365, '/', null, null, true);
return array('action' => self::WFWAF_BLOCK_COUNTRY_BYPASS_REDIR);
}
}
$bareBypassViewURI = wfWAFUtils::extractBareURI($countryBlocks['bypassViewURL']);
if ($bareBypassViewURI && $bareBypassViewURI == $bareRequestURI) {
setcookie('wfCBLBypass', $countryBlocks['cookieVal'], time() + 86400 * 365, '/', null, null, true);
$skipCountryBlocking = true;
}
$bypassCookieSet = false;
$bypassCookie = $request->getCookies('wfCBLBypass');
if (isset($bypassCookie) && $bypassCookie == $countryBlocks['cookieVal']) {
$bypassCookieSet = true;
}
if (!$skipCountryBlocking && $blockedCountries && !$bypassCookieSet) {
$isAuthRequest = strpos($bareRequestURI, '/wp-login.php') !== false;
$isXMLRPC = strpos($bareRequestURI, '/xmlrpc.php') !== false;
$isUserLoggedIn = wfWAF::getInstance()->parseAuthCookie() !== false;
// If everything is checked, make sure this always runs.
if ($countryBlocks['loggedInBlocked'] && $countryBlocks['loginFormBlocked'] && $countryBlocks['restOfSiteBlocked']) {
if ($blocked = $this->checkForBlockedCountry($countryBlocks, $ip, $bareRequestURI)) {
return $blocked;
}
}
// Block logged in users.
if ($countryBlocks['loggedInBlocked'] && $isUserLoggedIn) {
if ($blocked = $this->checkForBlockedCountry($countryBlocks, $ip, $bareRequestURI)) {
return $blocked;
}
}
// Block the login form itself and any attempt to authenticate.
if ($countryBlocks['loginFormBlocked'] && $isAuthRequest) {
if ($blocked = $this->checkForBlockedCountry($countryBlocks, $ip, $bareRequestURI)) {
return $blocked;
}
}
// Block requests that aren't to the login page, xmlrpc.php, or a user already logged in.
if ($countryBlocks['restOfSiteBlocked'] && !$isAuthRequest && !$isXMLRPC && !$isUserLoggedIn) {
if ($blocked = $this->checkForBlockedCountry($countryBlocks, $ip, $bareRequestURI)) {
return $blocked;
}
}
// XMLRPC is inaccesible when public portion of the site and auth is disabled.
if ($countryBlocks['loginFormBlocked'] && $countryBlocks['restOfSiteBlocked'] && $isXMLRPC) {
if ($blocked = $this->checkForBlockedCountry($countryBlocks, $ip, $bareRequestURI)) {
return $blocked;
}
}
// Any bypasses and other block possibilities will be checked at the plugin level once WordPress loads
}
}
}
// End Country Blocking
// Other Blocks
$otherBlocks = @wfWAFUtils::json_decode($otherBlocksJSON, true);
if (is_array($otherBlocks)) {
$blockedTime = $otherBlocks['blockedTime'];
$blocks = $otherBlocks['blocks'];
$bareRequestURI = wfWAFUtils::extractBareURI($request->getURI());
$isAuthRequest = strpos($bareRequestURI, '/wp-login.php') !== false;
foreach ($blocks as $b) {
if (!$b['permanent'] && $b['blockedTime'] + $blockedTime < time()) {
continue;
}
if (base64_decode($b['IP']) != $ipNum) {
continue;
}
if ($isAuthRequest) {
return array('action' => self::WFWAF_BLOCK_WFSN);
}
return array('action' => empty($b['reason']) ? '' : $b['reason']);
}
}
// End Other Blocks
return false;
}
