/** * {@inheritdoc} */ public function checkVisitor(Visitor $visitor) { if ($visitor->getRequestMethod() == 'POST') { if ($result = $this->checkPostRequest($visitor)) { return $result; } } return CheckInterface::RESULT_OKAY; }
/** * Analyzes the request headers. * * @param \FlameCore\Gatekeeper\Visitor $visitor * @return bool|string */ protected function checkHeaders(Visitor $visitor) { $headers = $visitor->getRequestHeaders(); $uastring = $visitor->getUserAgent()->getUserAgentString(); if ($visitor->getRequestMethod() != 'POST' && empty($uastring)) { return 'f9f2b8b9'; } // 'Range:' field exists and begins with 0. Real user-agents do not start ranges at 0. (Also blocks whois.sc bot. No big loss.) // Exceptions: MT (not fixable); LJ (refuses to fix; may be blocked again in the future); Facebook if ($this->settings['strict'] && $headers->has('Range') && strpos($headers->get('Range'), '=0-') !== false) { if (strncmp($uastring, 'MovableType', 11) && strncmp($uastring, 'URI::Fetch', 10) && strncmp($uastring, 'php-openid/', 11) && strncmp($uastring, 'facebookexternalhit', 19)) { return '7ad04a8a'; } } // Content-Range is a response header, not a request header if ($headers->has('Content-Range')) { return '7d12528e'; } // pinappleproxy is used by referrer spammers if ($headers->has('Via')) { if (stripos($headers->get('Via'), 'pinappleproxy') !== false || stripos($headers->get('Via'), 'PCNETSERVER') !== false || stripos($headers->get('Via'), 'Invisiware') !== false) { return '939a6fbb'; } } // 'TE:' if present must have 'Connection: TE' (RFC 2616 14.39) // Blocks Microsoft ISA Server 2004 in strict mode. Contact Microsoft to obtain a hotfix. if ($this->settings['strict'] && $headers->has('Te')) { if (!preg_match('/\\bTE\\b/', $headers->get('Connection'))) { return '582ec5e4'; } } // Analyze the Connection header if it exists if ($headers->has('Connection') && ($result = $this->checkConnectionHeader($headers->get('Connection')))) { return $result; } // Headers which are not seen from normal user agents; only malicious bots if ($headers->has('X-Aaaaaaaaaaaa') || $headers->has('X-Aaaaaaaaaa')) { return 'b9cc1d86'; } // 'Proxy-Connection' does not exist and should never be seen in the wild. // - http://lists.w3.org/Archives/Public/ietf-http-wg-old/1999JanApr/0032.html // - http://lists.w3.org/Archives/Public/ietf-http-wg-old/1999JanApr/0040.html if ($this->settings['strict'] && $headers->has('Proxy-Connection')) { return 'b7830251'; } // Analyze the Referer header if it exists if ($headers->has('Referer') && ($result = $this->checkRefererHeader($headers->get('Referer')))) { return $result; } return false; }