foreach ($rulesFiles as $rulesFile) {
if (!file_exists($rulesFile)) {
@touch($rulesFile);
}
@chmod($rulesFile, 0664);
if (is_writable($rulesFile)) {
wfWAF::getInstance()->setCompiledRulesFile($rulesFile);
break;
}
}
if (!file_exists(wfWAF::getInstance()->getCompiledRulesFile()) || !filesize(wfWAF::getInstance()->getCompiledRulesFile())) {
try {
if (is_writable(wfWAF::getInstance()->getCompiledRulesFile()) && wfWAF::getInstance()->getStorageEngine()->getConfig('apiKey') !== null && wfWAF::getInstance()->getStorageEngine()->getConfig('createInitialRulesDelay') < time()) {
$event = new wfWAFCronFetchRulesEvent(time() - 60);
$event->setWaf(wfWAF::getInstance());
$event->fire();
wfWAF::getInstance()->getStorageEngine()->setConfig('createInitialRulesDelay', time() + 5 * 60);
}
} catch (wfWAFBuildRulesException $e) {
// Log this somewhere
error_log($e->getMessage());
} catch (Exception $e) {
// Suppress this
error_log($e->getMessage());
}
}
if (WFWAF_DEBUG && file_exists(wfWAF::getInstance()->getStorageEngine()->getRulesDSLCacheFile())) {
try {
wfWAF::getInstance()->updateRuleSet(file_get_contents(wfWAF::getInstance()->getStorageEngine()->getRulesDSLCacheFile()), false);
} catch (wfWAFBuildRulesException $e) {
$GLOBALS['wfWAFDebugBuildException'] = $e;
/**
*
*/
public function run()
{
$this->loadRules();
if ($this->isDisabled()) {
$this->eventBus->wafDisabled();
return;
}
$this->runMigrations();
$request = $this->getRequest();
if ($request->getBody('wfwaf-false-positive-verified') && $this->currentUserCanWhitelist() && wfWAFUtils::hash_equals($request->getBody('wfwaf-false-positive-nonce'), $this->getAuthCookieValue('nonce', ''))) {
$urlParams = wfWAFUtils::json_decode($request->getBody('wfwaf-false-positive-params'), true);
if (is_array($urlParams) && $urlParams) {
$whitelistCount = 0;
foreach ($urlParams as $urlParam) {
$path = isset($urlParam['path']) ? $urlParam['path'] : false;
$paramKey = isset($urlParam['paramKey']) ? $urlParam['paramKey'] : false;
$ruleID = isset($urlParam['ruleID']) ? $urlParam['ruleID'] : false;
if ($path && $paramKey && $ruleID) {
$this->whitelistRuleForParam($path, $paramKey, $ruleID, array('timestamp' => time(), 'description' => 'Whitelisted by via false positive dialog', 'ip' => $request->getIP()));
$whitelistCount++;
}
}
exit("Successfully whitelisted {$whitelistCount} params.");
}
}
$ip = $this->getRequest()->getIP();
if ($this->isIPBlocked($ip)) {
$this->eventBus->prevBlocked($ip);
$e = new wfWAFBlockException();
$this->blockAction($e);
}
try {
$this->eventBus->beforeRunRules();
$this->runRules();
$this->eventBus->afterRunRules();
} catch (wfWAFAllowException $e) {
// Do nothing
$this->eventBus->allow($ip, $e);
} catch (wfWAFBlockException $e) {
$this->eventBus->block($ip, $e);
$this->blockAction($e);
} catch (wfWAFBlockXSSException $e) {
$this->eventBus->blockXSS($ip, $e);
$this->blockXSSAction($e);
} catch (wfWAFBlockSQLiException $e) {
$this->eventBus->blockSQLi($ip, $e);
$this->blockAction($e);
}
$this->runCron();
// Check if this is signed request and update ruleset.
$ping = $this->getRequest()->getBody('ping');
$pingResponse = $this->getRequest()->getBody('ping_response');
$wfIP = $this->isWordfenceIP($this->getRequest()->getIP());
$pingIsApiKey = wfWAFUtils::hash_equals($ping, sha1($this->getStorageEngine()->getConfig('apiKey')));
if ($ping && $pingResponse && $pingIsApiKey && $this->verifySignedRequest($this->getRequest()->getBody('signature'), $this->getStorageEngine()->getConfig('apiKey'))) {
// $this->updateRuleSet(base64_decode($this->getRequest()->body('ping')));
$event = new wfWAFCronFetchRulesEvent(time() - 2);
$event->setWaf($this);
$event->fire();
header('Content-type: text/plain');
$pingResponse = preg_replace('/[a-zA-Z0-9]/', '', $this->getRequest()->getBody('ping_response'));
exit('Success: ' . sha1($this->getStorageEngine()->getConfig('apiKey') . $pingResponse));
}
}
public static function ajax_updateWAFRules_callback()
{
$event = new wfWAFCronFetchRulesEvent(time() - 2);
$event->setWaf(wfWAF::getInstance());
$event->fire();
return self::_getWAFData();
}
protected function runMigrations()
{
$currentVersion = $this->getStorageEngine()->getConfig('version');
if (!$currentVersion || version_compare($currentVersion, WFWAF_VERSION) === -1) {
if (!$currentVersion) {
$cron = array(new wfWAFCronFetchRulesEvent(time() + 86400 * ($this->getStorageEngine()->getConfig('isPaid') ? 0.5 : 7)), new wfWAFCronFetchIPListEvent(time() + 86400));
$this->getStorageEngine()->setConfig('cron', $cron);
}
// Any migrations to newer versions go here.
if ($currentVersion === '1.0.0') {
$cron = $this->getStorageEngine()->getConfig('cron');
if (is_array($cron)) {
$cron[] = new wfWAFCronFetchIPListEvent(time() + 86400);
}
$this->getStorageEngine()->setConfig('cron', $cron);
}
if (version_compare($currentVersion, '1.0.2') === -1) {
$event = new wfWAFCronFetchRulesEvent(time() - 2);
$event->setWaf($this);
$event->fire();
}
$this->getStorageEngine()->setConfig('version', WFWAF_VERSION);
}
}