static function getrules_blacklist()
{
global $aio_wp_security;
$aiowps_server = AIOWPSecurity_Utility::get_server_type();
$rules = '';
if ($aio_wp_security->configs->get_value('aiowps_enable_blacklisting') == '1') {
//Let's do the list of blacklisted IPs first
$hosts = explode(PHP_EOL, $aio_wp_security->configs->get_value('aiowps_banned_ip_addresses'));
if (!empty($hosts) && !(sizeof($hosts) == 1 && trim($hosts[0]) == '')) {
if ($aiowps_server == 'apache' || $aiowps_server == 'litespeed') {
$rules .= AIOWPSecurity_Utility_Htaccess::$ip_blacklist_marker_start . PHP_EOL;
//Add feature marker start
$rules .= "Order allow,deny" . PHP_EOL . "Allow from all" . PHP_EOL;
}
$phosts = array();
foreach ($hosts as $host) {
$host = trim($host);
if (!in_array($host, $phosts)) {
if (strstr($host, '*')) {
$parts = array_reverse(explode('.', $host));
$netmask = 32;
foreach ($parts as $part) {
if (strstr(trim($part), '*')) {
$netmask = $netmask - 8;
}
}
$dhost = trim(str_replace('*', '0', implode('.', array_reverse($parts))) . '/' . $netmask);
if (strlen($dhost) > 4) {
if ($aiowps_server == 'apache' || $aiowps_server == 'litespeed') {
$trule = "Deny from " . $dhost . PHP_EOL;
if (trim($trule) != 'Deny From') {
$rules .= $trule;
}
} else {
$rules .= "\tdeny " . $dhost . ';' . PHP_EOL;
}
}
} else {
$dhost = trim($host);
if (strlen($dhost) > 4) {
if ($aiowps_server == 'apache' || $aiowps_server == 'litespeed') {
$rules .= "Deny from " . $dhost . PHP_EOL;
} else {
$rules .= "\tdeny " . $dhost . ";" . PHP_EOL;
}
}
}
}
$phosts[] = $host;
}
$rules .= AIOWPSecurity_Utility_Htaccess::$ip_blacklist_marker_end . PHP_EOL;
//Add feature marker end
}
//Now let's do the user agent list
$user_agents = explode(PHP_EOL, $aio_wp_security->configs->get_value('aiowps_banned_user_agents'));
if (!empty($user_agents) && !(sizeof($user_agents) == 1 && trim($user_agents[0]) == '')) {
if ($aiowps_server == 'apache' || $aiowps_server == 'litespeed') {
$rules .= AIOWPSecurity_Utility_Htaccess::$user_agent_blacklist_marker_start . PHP_EOL;
//Add feature marker start
//Start mod_rewrite rules
$rules .= "<IfModule mod_rewrite.c>" . PHP_EOL . "RewriteEngine On" . PHP_EOL . PHP_EOL;
$count = 1;
foreach ($user_agents as $agent) {
$agent_escaped = quotemeta($agent);
$pattern = '/\\s/';
//Find spaces in the string
$replacement = '\\s';
//Replace spaces with \s so apache can understand
$agent_sanitized = preg_replace($pattern, $replacement, $agent_escaped);
$rules .= "RewriteCond %{HTTP_USER_AGENT} ^" . trim($agent_sanitized);
if ($count < sizeof($user_agents)) {
$rules .= " [NC,OR]" . PHP_EOL;
$count++;
} else {
$rules .= " [NC]" . PHP_EOL;
}
}
$rules .= "RewriteRule ^(.*)\$ - [F,L]" . PHP_EOL . PHP_EOL;
} else {
$count = 1;
$alist = '';
foreach ($user_agents as $agent) {
$alist .= trim($agent);
if ($count < sizeof($user_agents)) {
$alist .= '|';
$count++;
}
}
$rules .= "\tif (\$http_user_agent ~* " . $alist . ") { return 403; }" . PHP_EOL;
}
}
//close mod_rewrite
if (strlen($aio_wp_security->configs->get_value('aiowps_banned_user_agents')) > 0) {
if ($aiowps_server == 'apache' || $aiowps_server == 'litespeed') {
$rules .= "</IfModule>" . PHP_EOL;
$rules .= AIOWPSecurity_Utility_Htaccess::$user_agent_blacklist_marker_end . PHP_EOL;
//Add feature marker end
}
}
}
return implode(PHP_EOL, array_diff(explode(PHP_EOL, $rules), array('Deny from ', 'Deny from')));
}
static function create_htaccess_logs_dir()
{
global $aio_wp_security;
$aiowps_log_dir = AIO_WP_SECURITY_PATH . '/logs';
$server_type = AIOWPSecurity_Utility::get_server_type();
//Only create .htaccess if server is the right type
if ($server_type == 'apache' || $server_type == 'litespeed') {
$file = $aiowps_log_dir . '/.htaccess';
if (!file_exists($file)) {
//Write some rules which will stop people from viewing the log files publicly
$rules = '';
$rules .= 'order deny,allow' . PHP_EOL;
$rules .= 'deny from all' . PHP_EOL;
$write_result = file_put_contents($file, $rules);
if ($write_result === false) {
$aio_wp_security->debug_logger->log_debug("Creation of .htaccess file in " . $aiowps_log_dir . " directory failed!", 4);
}
}
}
}
