function WP_firewall_check_exclusions() { $request_string = WP_firewall_check_whitelisted_variable(); if ($request_string == false) { //nothing to do } else { // Directory traversal - check directories if (get_option('WP_firewall_exclude_directory') == 'allow') { $exclude_terms = array('#etc/passwd#', '#proc/self/environ#', '#\\.\\./#'); foreach ($exclude_terms as $preg) { foreach ($request_string as $key => $value) { if (preg_match($preg, $value)) { if (!WP_firewall_check_ip_whitelist()) { WP_firewall_send_log_message($key, $value, 'directory-traversal-attack', 'Directory Traversal'); WP_firewall_send_redirect(); } } } } } // SQL injection - check queries if (get_option('WP_firewall_exclude_queries') == 'allow') { $exclude_terms = array('#concat\\s*\\(#i', '#group_concat#i', '#union.*select#i'); foreach ($exclude_terms as $preg) { foreach ($request_string as $key => $value) { if (preg_match($preg, $value)) { if (!WP_firewall_check_ip_whitelist()) { WP_firewall_send_log_message($key, $value, 'sql-injection-attack', 'SQL Injection'); WP_firewall_send_redirect(); } } } } } // WP SQL injection - check wp terms if (get_option('WP_firewall_exclude_terms') == 'allow') { $exclude_terms = array('#wp_#i', '#user_login#i', '#user_pass#i', '#0x[0-9a-f][0-9a-f]#i', '#/\\*\\*/#'); foreach ($exclude_terms as $preg) { foreach ($request_string as $key => $value) { if (preg_match($preg, $value)) { if (!WP_firewall_check_ip_whitelist()) { WP_firewall_send_log_message($key, $value, 'wp-specific-sql-injection-attack', 'WordPress-Specific SQL Injection'); WP_firewall_send_redirect(); } } } } } // Field truncation - check ... not sure yet if (get_option('WP_firewall_exclude_spaces') == 'allow') { $exclude_terms = array('#\\s{49,}#i', '#\\x00#'); foreach ($exclude_terms as $preg) { foreach ($request_string as $key => $value) { if (preg_match('#\\s{49,}#i', $value)) { if (!WP_firewall_check_ip_whitelist()) { WP_firewall_send_log_message($key, $value, 'field-truncation-attack', 'Field Truncation'); WP_firewall_send_redirect(); } } } } } // Block executable file upload - check exluded file types if (get_option('WP_firewall_exclude_file') == 'allow') { foreach ($_FILES as $file) { $file_extensions = array('#\\.dll$#i', '#\\.rb$#i', '#\\.py$#i', '#\\.exe$#i', '#\\.php[3-6]?$#i', '#\\.pl$#i', '#\\.perl$#i', '#\\.ph[34]$#i', '#\\.phl$#i', '#\\.phtml$#i', '#\\.phtm$#i'); foreach ($file_extensions as $regex) { if (preg_match($regex, $file['name'])) { // no ip check, should there be one? WP_firewall_send_log_message('$_FILE', $file['name'], 'executable-file-upload-attack', 'Executable File Upload'); WP_firewall_send_redirect(); } } } } // Block remote file execution - check for leading http/https // This can be problematic with many plugins, as it'll break requests // starting with http/https, however, may be still be useful if (get_option('WP_firewall_exclude_http') == 'allow') { $exclude_terms = array('#^http#i', '#\\.shtml#i'); foreach ($exclude_terms as $preg) { foreach ($request_string as $key => $value) { if (preg_match($preg, $value)) { if (!WP_firewall_check_ip_whitelist()) { WP_firewall_send_log_message($key, $value, 'remote-file-execution-attack', 'Remote File Execution'); WP_firewall_send_redirect(); } } } } } } }
function WP_firewall_check_exclusions () { $request_string = WP_firewall_check_whitelisted_variable(); if($request_string == false){ } else{ if(get_option('WP_firewall_exclude_directory') == 'allow'){ $exclude_terms = array('#etc/passwd#', '#proc/self/environ#', '#\.\./#'); foreach($exclude_terms as $preg){ foreach($request_string as $key=>$value){ if(preg_match($preg, $value)){ if(!WP_firewall_check_ip_whitelist()){ WP_firewall_send_log_message($key, $value, 'directory-traversal-attack', 'Directory Traversal'); WP_firewall_send_redirect(); } } } } } if(get_option('WP_firewall_exclude_queries') == 'allow'){ $exclude_terms = array('#concat\s*\(#i', '#group_concat#i', '#union.*select#i'); foreach($exclude_terms as $preg){ foreach($request_string as $key=>$value){ if(preg_match($preg, $value) ){ if(!WP_firewall_check_ip_whitelist()){ WP_firewall_send_log_message($key, $value, 'sql-injection-attack', 'SQL Injection'); WP_firewall_send_redirect(); } } } } } if(get_option('WP_firewall_exclude_terms') == 'allow'){ $exclude_terms = array('#wp_#i', '#user_login#i', '#user_pass#i', '#0x[0-9a-f][0-9a-f]#i', '#/\*\*/#'); foreach($exclude_terms as $preg){ foreach($request_string as $key=>$value){ if(preg_match($preg, $value)){ if(!WP_firewall_check_ip_whitelist()){ WP_firewall_send_log_message($key, $value, 'wp-specific-sql-injection-attack', 'WordPress-Specific SQL Injection'); WP_firewall_send_redirect(); } } } } } if(get_option('WP_firewall_exclude_spaces') == 'allow'){ $exclude_terms = array('#\s{49,}#i','#\x00#'); foreach($exclude_terms as $preg){ foreach($request_string as $key=>$value){ if(preg_match('#\s{49,}#i', $value) ){ if(!WP_firewall_check_ip_whitelist()){ WP_firewall_send_log_message($key, $value, 'field-truncation-attack', 'Field Truncation'); WP_firewall_send_redirect(); } } } } } if(get_option('WP_firewall_exclude_file') == 'allow'){ foreach ($_FILES as $file) { $file_extensions = array('#\.dll$#i', '#\.rb$#i', '#\.py$#i', '#\.exe$#i', '#\.php[3-6]?$#i','#\.pl$#i', '#\.perl$#i', '#\.ph[34]$#i', '#\.phl$#i' , '#\.phtml$#i', '#\.phtm$#i'); foreach($file_extensions as $regex){ if(preg_match($regex, $file['name'])){ WP_firewall_send_log_message('$_FILE', $file['name'], 'executable-file-upload-attack', 'Executable File Upload'); WP_firewall_send_redirect(); } } } } if(get_option('WP_firewall_exclude_http') == 'allow'){ $exclude_terms = array('#^http#i', '#\.shtml#i'); foreach($exclude_terms as $preg){ foreach($request_string as $key=>$value){ if(preg_match($preg, $value)){ if(!WP_firewall_check_ip_whitelist()){ WP_firewall_send_log_message($key, $value, 'remote-file-execution-attack', 'Remote File Execution'); WP_firewall_send_redirect(); } } } } } } }