/** * Analyzes the request headers. * * @param \FlameCore\Gatekeeper\Visitor $visitor * @return bool|string */ protected function checkHeaders(Visitor $visitor) { $headers = $visitor->getRequestHeaders(); $uastring = $visitor->getUserAgent()->getUserAgentString(); if ($visitor->getRequestMethod() != 'POST' && empty($uastring)) { return 'f9f2b8b9'; } // 'Range:' field exists and begins with 0. Real user-agents do not start ranges at 0. (Also blocks whois.sc bot. No big loss.) // Exceptions: MT (not fixable); LJ (refuses to fix; may be blocked again in the future); Facebook if ($this->settings['strict'] && $headers->has('Range') && strpos($headers->get('Range'), '=0-') !== false) { if (strncmp($uastring, 'MovableType', 11) && strncmp($uastring, 'URI::Fetch', 10) && strncmp($uastring, 'php-openid/', 11) && strncmp($uastring, 'facebookexternalhit', 19)) { return '7ad04a8a'; } } // Content-Range is a response header, not a request header if ($headers->has('Content-Range')) { return '7d12528e'; } // pinappleproxy is used by referrer spammers if ($headers->has('Via')) { if (stripos($headers->get('Via'), 'pinappleproxy') !== false || stripos($headers->get('Via'), 'PCNETSERVER') !== false || stripos($headers->get('Via'), 'Invisiware') !== false) { return '939a6fbb'; } } // 'TE:' if present must have 'Connection: TE' (RFC 2616 14.39) // Blocks Microsoft ISA Server 2004 in strict mode. Contact Microsoft to obtain a hotfix. if ($this->settings['strict'] && $headers->has('Te')) { if (!preg_match('/\\bTE\\b/', $headers->get('Connection'))) { return '582ec5e4'; } } // Analyze the Connection header if it exists if ($headers->has('Connection') && ($result = $this->checkConnectionHeader($headers->get('Connection')))) { return $result; } // Headers which are not seen from normal user agents; only malicious bots if ($headers->has('X-Aaaaaaaaaaaa') || $headers->has('X-Aaaaaaaaaa')) { return 'b9cc1d86'; } // 'Proxy-Connection' does not exist and should never be seen in the wild. // - http://lists.w3.org/Archives/Public/ietf-http-wg-old/1999JanApr/0032.html // - http://lists.w3.org/Archives/Public/ietf-http-wg-old/1999JanApr/0040.html if ($this->settings['strict'] && $headers->has('Proxy-Connection')) { return 'b7830251'; } // Analyze the Referer header if it exists if ($headers->has('Referer') && ($result = $this->checkRefererHeader($headers->get('Referer')))) { return $result; } return false; }
/** * Analyzes user agents claiming to be Safari. * * @param \FlameCore\Gatekeeper\Visitor $visitor The visitor information * @return int|string */ protected function checkSafari(Visitor $visitor) { if (!$visitor->getRequestHeaders()->has('Accept')) { return '17566707'; } return CheckInterface::RESULT_OKAY; }
/** * Analyzes trackbacks. * * @param \FlameCore\Gatekeeper\Visitor $visitor * @return bool|string */ protected function checkTrackback(Visitor $visitor) { $headers = $visitor->getRequestHeaders(); // Web browsers don't send trackbacks if ($visitor->isBrowser()) { return 'f0dcb3fd'; } // Proxy servers don't send trackbacks either if ($headers->has('Via') || $headers->has('Max-Forwards') || $headers->has('X-Forwarded-For') || $headers->has('Client-Ip')) { return 'd60b87c7'; } // Real WordPress trackbacks may contain 'Accept:' and have a charset defined if (strpos($visitor->getUserAgent()->getUserAgentString(), 'WordPress/') !== false) { if (strpos($headers->get('Accept'), 'charset=') === false) { return 'e3990b47'; } } return false; }