Translator Text API | Microsoft Azure | Always ERROR 401000 - azure

I tried to test Microsoft Translator API Text v3.0 but failed with 401 Access denied. I do standard cURL requests (HTTP POST) using PHP 7.3.
$key = "************************"; // secret key here (from the Azure Portal)
$host = "https://api.cognitive.microsofttranslator.com";
$path = "/translate?api-version=3.0";
$params = "&to=en&from=bg";
$text = "За мен лично хора, които задават такива въпроси са несъобразителни.";
$requestBody = array(
array(
'Text' => $text,
),
);
$content = json_encode($requestBody);
if (!function_exists('com_create_guid')) {
function com_create_guid()
{
return sprintf('%04x%04x-%04x-%04x-%04x-%04x%04x%04x',
mt_rand(0, 0xffff), mt_rand(0, 0xffff),
mt_rand(0, 0xffff),
mt_rand(0, 0x0fff) | 0x4000,
mt_rand(0, 0x3fff) | 0x8000,
mt_rand(0, 0xffff), mt_rand(0, 0xffff), mt_rand(0, 0xffff)
);
}
}
$curl_headers = array(
'Content-type: application/json',
'Content-length: ' . strlen($content),
'Ocp-Apim-Subscription-Key: ' . $key,
'X-ClientTraceId: ' . com_create_guid()
);
$url = $host . $path . $params;
$ch = curl_init();
$curl_content = array('content', $content);
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_HTTPHEADER, $curl_headers);
//curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
//curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($ch, CURLOPT_POSTFIELDS, $content);
// Receive server response ...
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
//curl_setopt($ch, CURLINFO_HEADER_OUT, TRUE);
$result = curl_exec($ch);
//dd(curl_getinfo($ch, CURLINFO_HEADER_OUT));
if (curl_exec($ch) === false) {
dd(curl_error($ch));
}
Laravel 5.6, the code is placed on api.php route file.
Response Code:
"{"error":{"code":401000,"message":"The request is not authorized because credentials are missing or invalid."}}"
Where is the mistake? Should I enable any settings on the developer portal and so on?


Maybe this can help. In the official documentation you can find two examples of CURL requests. The difference between the two is that the second one has also the parameter region. Only the second request works in my case. Maybe the region parameter is essential.

Related

Rust: View entire Command::New command arguement structs as its passed to terminal / correct my arguements

I am not getting the correct response from the server running the following
Command::new("curl")
.args(&["-X",
"POST",
"--header",
&("Authorization: Bearer ".to_owned() + &return_token("auth")),
"--header",
"Content-Type: application/json",
"-d",
parameters,
"https://api.tdameritrade.com/v1/accounts/CORRECT_ACCOUNT_#/orders",
])
.output()
.unwrap()
.stdout;
Command::new("curl")
.arg("-X")
.arg("POST")
.arg("--header")
.arg("Authorization: Bearer ".to_owned() + &return_token("auth"))
.arg("--header")
.arg("Content-Type: application/json")
.arg("-d")
.arg(parameters)
.arg("https://api.tdameritrade.com/v1/accounts/CORRECT_ACCOUNT_#/orders")
.output()
.unwrap()
.stdout;
However.... the following works fine if I run it in terminal. I form the following using let line = "curl -X POST --header \"Authorization: Bearer ".to_owned() + &return_token("auth") + "\" --header \"Content-Type: application/json\" -d " + parameters + " \"https://api.tdameritrade.com/v1/accounts/CORRECT_ACCOUNT_#/orders\"";
curl -X POST --header "Authorization: Bearer LONG_RANDOM_AUTH_TOKEN" --header "Content-Type: application/json" -d "{
\"complexOrderStrategyType\": \"NONE\",
\"orderType\": \"LIMIT\",
\"session\": \"NORMAL\",
\"price\": \"0.01\",
\"duration\": \"DAY\",
\"orderStrategyType\": \"SINGLE\",
\"orderLegCollection\": [
{
\"instruction\": \"BUY_TO_OPEN\",
\"quantity\": 1,
\"instrument\": {
\"symbol\": \"SPY_041621P190\",
\"assetType\": \"OPTION\"
}
}
]
}" "https://api.tdameritrade.com/v1/accounts/CORRECT_ACCOUNT_#/orders"
"parameters" can be seen above in JSON.
How can do I view the formation of the command that Command::New is making or correct my args?
EDIT Ive tried using a single quote around the JSON and not escaping the double quotes, which also works in the terminal.
EDIT Example included. I found this : https://github.com/rust-lang/rust/issues/29494 && https://users.rust-lang.org/t/std-process-is-escaping-a-raw-string-literal-when-i-dont-want-it-to/19441/14
However Im in linux...
fn main() {
// None of the following work
let parameters = r#"{"complexOrderStrategyType":"NONE","orderType":"LIMIT","session":"NORMAL","price":"0.01","duration":"DAY","orderStrategyType":"SINGLE","orderLegCollection":[{"instruction":"BUY_TO_OPEN","quantity":1,"instrument":{"symbol":"SPY_041621P190","assetType":"OPTION"}}]}"#;
// OR
let parameters = "'{\"complexOrderStrategyType\":\"NONE\",\"orderType\": \"LIMIT\",\"session\": \"NORMAL\",\"price\": \"0.01\",\"duration\": \"DAY\",\"orderStrategyType\": \"SINGLE\",\"orderLegCollection\": [{\"instruction\": \"BUY_TO_OPEN\",\"quantity\": 1,\"instrument\": {\"symbol\": \"SPY_041621P190\",\"assetType\": \"OPTION\"}}]}'";
// OR
let parameters = "{\"complexOrderStrategyType\":\"NONE\",\"orderType\": \"LIMIT\",\"session\": \"NORMAL\",\"price\": \"0.01\",\"duration\": \"DAY\",\"orderStrategyType\": \"SINGLE\",\"orderLegCollection\": [{\"instruction\": \"BUY_TO_OPEN\",\"quantity\": 1,\"instrument\": {\"symbol\": \"SPY_041621P190\",\"assetType\": \"OPTION\"}}]}";
// OR
let parameters = "{'complexOrderStrategyType':'NONE','orderType': 'LIMIT','session': 'NORMAL','price': '0.01','duration': 'DAY','orderStrategyType': 'SINGLE','orderLegCollection': [{'instruction': 'BUY_TO_OPEN','quantity': 1,'instrument': {'symbol': 'SPY_041621P190','assetType': 'OPTION'}}]}";
println!("{:?}", str::from_utf8(&curl(parameters, "ORDER")).unwrap());
fn curl(parameters: &str, request_type: &str) -> Vec<u8> {
let mut output = Vec::new();
if request_type == "ORDER" {
output = Command::new("curl")
.args(&[
"-X",
"POST",
"--header",
"Authorization: Bearer AUTH_KEY_NOT_INCLUDED",
"--header",
"Content-Type: application/json",
"-d",
parameters,
"https://api.tdameritrade.com/v1/accounts/ACCOUNT_NUMBER_NOT_INCLUDED/orders",
])
.output()
.unwrap()
.stdout;
}
output
}
}

For reasons unknown... changing the --header switch / flag to -H solved the problem. As shown in the following. Spoke with a friend and apparently the shortened form may take different parameters.
let parameters = "{
\"complexOrderStrategyType\": \"NONE\",
\"orderType\": \"LIMIT\",
\"session\": \"NORMAL\",
\"price\": \"0.01\",
\"duration\": \"DAY\",
\"orderStrategyType\": \"SINGLE\",
\"orderLegCollection\": [
{
\"instruction\": \"BUY_TO_OPEN\",
\"quantity\": 1,
\"instrument\": {
\"symbol\": \"SPY_041621P190\",
\"assetType\": \"OPTION\"
}
}
]
}";
Command::new("curl")
.args(&["-X",
"POST",
"-H",
&("Authorization: Bearer ".to_owned() + &return_token("auth")),
"-H",
"Content-Type: application/json",
"-d",
parameters,
"https://api.tdameritrade.com/v1/accounts/ACCOUNT/orders",
])
.output()
.unwrap()
.stdout;

Powershell: How can I POST excel (.xlsx) files in a multipart/form-data request?

I'm trying to POST some data to an Express server using Multer as the file upload middleware.
The request includes a few text fields, an API (.yaml) file and an .xlsx file. I can successfully post the .yaml file and the text fields, but not the excel file.
Below is how I have constructed the multipart/form-data call:
# ----- BUILD & EXECUTE API CALL ------
# Set up the boundary, separator and file encoding to use
$boundary = [System.Guid]::NewGuid().ToString()
$LF = "`r`n"
$enc = [System.Text.Encoding]::GetEncoding("iso-8859-1")
# Get the filename of the .yaml file
$apiFileName = Split-Path $apiFilePath -leaf
# Encode the .yaml file contents
$apiDefBin = [IO.File]::ReadAllBytes("$apiFilePath")
$apiDefEnc = $enc.GetString($apiDefBin)
# Get the filename of the .xlsx file
$excelFileName = Split-Path $excelFilePath -leaf
# Encode the .xlsx file contents
$excelBin = [IO.File]::ReadAllBytes("$excelFilePath")
$excelEnc = $enc.GetString($excelBin)
# Build the body of the multipart request
$bodyLines = (
"--$boundary",
'Content-Disposition: form-data; name="textField"',
'',
"$textField",
"--$boundary",
"Content-Disposition: form-data; name=`"apiDef`"; filename=`"$apiFileName`"",
'Content-Type: application/octet-stream',
$apiDefEnc,
"--$boundary--",
"Content-Disposition: form-data; name=`"excelFile`"; filename=`"$excelFileName`"",
'Content-Type: application/octet-stream',
$excelFileEnc,
"--$boundary--"
) -join $LF
# Execute the call
Invoke-WebRequest $url `
-Verbose `
-Method Post `
-TimeoutSec 60 `
-ContentType "multipart/form-data; boundary=$boundary" `
-Body $bodylines
The request seems successful:
I am printing req.body and req.files on the server, to see what was posted:
{ textField: 'some text here' }
{ apiDef:
[ { fieldname: 'apiDef',
originalname: 'api-def.yaml',
encoding: '7bit',
mimetype: 'application/octet-stream',
destination: 'temp',
filename: 'api-def.yaml',
path: 'temp\\api-def.yaml',
size: 2276 } ] }
So the .yaml file is successfully posted, as is the text field. However, the excel file is not sent.
I have tried changing the content-type, and researched if there is another encoding I should be using, but to no avail.
Is what I'm trying to do possible? What am I doing wrong?

Try taking the two dashes out after the boundary in the line above just before the upload of the xlsx file?
$apiDefEnc,
"--$boundary--", <------ THIS BIT
"Content-Disposition: form-data; name="excelFile"; filename="$excelFileName"",
'Content-Type: application/octet-stream',

Zingchart PHP wrapper issue

I am attempting to set up Zingchart using the PHP wrapper module.
Server:
Distributor ID: Ubuntu
Description: Ubuntu 16.04.3 LTS
Release: 16.04
Codename: xenial
Running as a VM under VMWare
I am receiving an error with the example code when calling the ZC->connect method.
Thus:
<HTML>
<HEAD>
<script src="zingchart.min.js"></script>
</HEAD>
<BODY>
<h3>Simple Bar Chart (Database)</h3>
<div id="myChart"></div>
<?php
include 'zc.php';
use ZingChart\PHPWrapper\ZC;
$servername = "localhost";
$username = "nasuser";
$password = "password";
$db = "nas";
$myQuery = "SELECT run_time, time_total from stats";
// ################################ CHART 1 ################################
// This chart will use data pulled from our database
$zc = new ZC("myChart", "bar");
$zc->connect($servername, "3306", $username, $password, $db);
$data = $zc->query($myQuery, true);
$zc->closeConnection();
$zc->setSeriesData($data);
$zc->setSeriesText($zc->getFieldNames());
$zc->render();
?>
</BODY></HTML>
Error:
# php index.php
PHP Fatal error: Uncaught Error: Class 'ZingChart\PHPWrapper\mysqli' not found in /var/www/html/zc.php:69
Stack trace:
#0 /var/www/html/index.php(22): ZingChart\PHPWrapper\ZC->connect('localhost', '3306', 'nasuser', 'password', 'nas')
Line 69 is:
$this->mysqli = new mysqli($host, $username, $password, $dbName, $port);
Running:
# php -m | grep -i mysql
mysqli
mysqlnd
pdo_mysql
Seems to indicate that I have the relevant packages installed. Indeed, if I attempt a normal PHP connection it works:
<?php
$servername = "localhost";
$username = "nasuser";
$password = "password";
$dbname = "nas";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$sql = "SELECT * from stats limit 10;";
$result = $conn->query($sql);
if ($result->num_rows > 0) {
// output data of each row
while($row = $result->fetch_assoc()) {
echo "id: " . $row["stat_id"]. "<br>";
}
} else {
echo "0 results";
}
$conn->close();
?>
Output:
# php db.php
id: 1<br>id: 2<br>id: 3<br>id: 4<br>id: 5<br>id: 6<br>id: 7<br>id: 8<br>id: 9<br>id: 10<br>
Any ideas?
Thanks.

I've encountered the same problem!
There's kind of problem with import on the mysqli.
I changed the
$this->mysqli = new mysqli($host, $username, $password, $dbName, $port);
from ZC.php to
$this->mysqli = new \mysqli($host,$username,$password, $dbName, $port);
and worked.

Unificationengine not working with instagram

When I am sharing a message on instagram by UnificationEngine then I am getting this error:
Exception in UEUser.php line 74: The password you entered is incorrect. Please try again in UEUser.php line 74
at UEUser->add_connection('instagramBoard', 'instagram', '4544942713.7da612b.4de7a5a78fb0491dba2b27a60dc1749d') i
My Code is:
$app = new UEApp("APP_KEY","APP_SECRATE");
$user = new UEUser("USER_KEY", "USER_SECREATE");
$con = $access_token ."#instagram.com/?username=rajneesh8239&password=testing1";
$connection = $user->add_connection("instagramBoard", "instagram", $con);
$options = array(
"receivers" => array(
array(
"name"=> "Me"
)
),
"message"=>array(
"subject"=>"Transparentcom testing fine",
"body"=> "",
"image"=> '',
"link"=>array(
"uri"=> '',
"description"=> "",
"title"=>"Click here for view"
)
)
);
//Send the message and get their uris
$uris = $connection->send_message($options);
CURL error:
vagrant#homestead:~/Code/laravel$ curl -XPOST https://apiv2.unificationengine.c
om/v2/user/create -u 590f402bd2a043f98823eb1940b2ab:a62c855ae17b5cacb355abfbcc3a93 --data '{}'
{"status":200,"info":"200 OK","uri":"user://0e4946b0-9e60-4e0f-b54-f4e39ab5b0b:0490d37c-e284-422e-b8de-00b5f81ff81#"}
vagrant#homestead:~/Code/laravel$ curl -XPOST https://apiv2.unificationengine.c
om/v2/connection/add -u 0e494b0-9e-4e0f-ab54-f4eab53b0b:04937c-e284-422e-b8de-003b5f81ff81 --data '{"uri":"instagram://4544942713.7da612b.4de7a5a78fb0491dba2b327a60dc1749d#instagram.com", "name":"instagram"}'
{"status":500,"info":"incorrect Password"}

Please use this code like this way, You need to just change this line like this way.
$con = $access_token."#instagram.com/?username=rajneesh8239&password=testing1";
$connection = $user->add_connection("instagramBoard", "instagram", $con);
Please check with code

The sure way to protect against XSS?

I've looked through the questions and I haven't seen anyone ask this yet.
What is the for sure method to remove any sort of XSS attempts in some user submitted content? I know that < and > should be converted to < and > respectively but I've heard mention that encoding differences can get around this too.
Supposing a whitelist, what are all the steps to completely clean some user submitted content to ensure that no XSS vulnerabilities exist?

There is no absolute security concering XSS since people find new attack vectors every day. Sometimes XSS is even a browser bug you cant do anything about (excep some workarounds).
To get the idea of the complexity look at this (incomplete) xss attack cheat sheet.
http://ha.ckers.org/xss.html
Guess you should make yourself a XSS expert or hire one to reach your goal.
You can start by inspecting the attack vectors from the given link above, try to understand why it can work and make sure you prevent it.
Another great way of preventing XSS is to make sure you accept only stuff you expect instead of blocking stuff you know is bad. (i.e. whitelisting instead of blacklisting)

http://htmlpurifier.org/ - HTMLPurifier could be of help
ps: don't create your own code, there is no way you can cover all the issues. rely on the continually developed libraries such as HTMLPurifier.

Old Question, but XSS isn't old, its still up to date....
So, i would recommend you to have a look for the OWASP XSS Prevention Cheat Sheet and for a good overview the OWASP XSS overview
And if you need a really good way for escaping, have a look for the ESAPI Encoder API

Some of the holes I've seen fixed in different frameworks have been so unreal I don't get how they were found out. If you want to be 100% sure don't let users post content.

Proving a negative is a difficult proposition - as googletorp points out, the only 100% solution is to not have the problem in the first place.
Functionally, the xss attack cheat sheet at ha.ckers.org is a good place to start, as is a whitelisting approach - rather than disallowing things known to be bad, only allow things known to be good.

PHP-Firewall
against XSS etc
http://www.php-firewall.info/
http://code.google.com/p/php-firewall/
<?php
/************************************************************************/
/* PHP Firewall: Universal Firewall for WebSite */
/* ============================================ */
/* Write by Cyril Levert */
/* Copyright (c) 2009-2010 */
/* http://www.php-firewall.info */
/* dev#php-maximus.org */
/* Others projects: */
/* CMS PHP Maximus ( with mysql database ) www.php-maximus.org */
/* Blog PHP Minimus ( with mysqli database ) www.php-minimus.org */
/* Mini CMS PHP Nanomus ( without database ) www.php-nanomus.org */
/* Stop Spam Referer ( without database ) www.stop-spam-referer.info */
/* Twitter clone ( PHP Kweeker CMS ) www.twitter.php-minimus.org */
/* PHP Firewall ( without database ) www.php-firewall.info */
/* Personnal blog www.cyril-levert.info */
/* Release version 1.0.3 */
/* Release date : 12-04-2010 */
/* */
/* This program is free software. */
/************************************************************************/
/** IP Protected */
$IP_ALLOW = array();
/** configuration define */
define('PHP_FIREWALL_LANGUAGE', 'english' );
define('PHP_FIREWALL_ADMIN_MAIL', '' );
define('PHP_FIREWALL_PUSH_MAIL', false );
define('PHP_FIREWALL_LOG_FILE', 'logs' );
define('PHP_FIREWALL_PROTECTION_UNSET_GLOBALS', true );
define('PHP_FIREWALL_PROTECTION_RANGE_IP_DENY', true );
define('PHP_FIREWALL_PROTECTION_RANGE_IP_SPAM', false );
define('PHP_FIREWALL_PROTECTION_URL', true );
define('PHP_FIREWALL_PROTECTION_REQUEST_SERVER', true );
define('PHP_FIREWALL_PROTECTION_SANTY', true );
define('PHP_FIREWALL_PROTECTION_BOTS', true );
define('PHP_FIREWALL_PROTECTION_REQUEST_METHOD', true );
define('PHP_FIREWALL_PROTECTION_DOS', true );
define('PHP_FIREWALL_PROTECTION_UNION_SQL', true );
define('PHP_FIREWALL_PROTECTION_CLICK_ATTACK', true );
define('PHP_FIREWALL_PROTECTION_XSS_ATTACK', true );
define('PHP_FIREWALL_PROTECTION_COOKIES', false );
define('PHP_FIREWALL_PROTECTION_POST', false );
define('PHP_FIREWALL_PROTECTION_GET', false );
define('PHP_FIREWALL_PROTECTION_SERVER_OVH', true );
define('PHP_FIREWALL_PROTECTION_SERVER_KIMSUFI', true );
define('PHP_FIREWALL_PROTECTION_SERVER_DEDIBOX', true );
define('PHP_FIREWALL_PROTECTION_SERVER_DIGICUBE', true );
define('PHP_FIREWALL_PROTECTION_SERVER_OVH_BY_IP', true );
define('PHP_FIREWALL_PROTECTION_SERVER_KIMSUFI_BY_IP', true );
define('PHP_FIREWALL_PROTECTION_SERVER_DEDIBOX_BY_IP', true );
define('PHP_FIREWALL_PROTECTION_SERVER_DIGICUBE_BY_IP', true );
/** end configuration */
/** IPS PROTECTED */
if ( count( $IP_ALLOW ) > 0 ) {
if ( in_array( $_SERVER['REMOTE_ADDR'], $IP_ALLOW ) ) return;
}
/** END IPS PROTECTED */
/** LANGUAGE */
if ( PHP_FIREWALL_LANGUAGE === 'french' ) {
define('_PHPF_PROTECTION_DEDIBOX', 'Protection contre les serveurs DEDIBOX active, cette IP range n\'est pas autorisée !');
define('_PHPF_PROTECTION_DEDIBOX_IP', 'Protection contre les serveurs DEDIBOX active, cette IP range n\'est pas autorisée !');
define('_PHPF_PROTECTION_DIGICUBE', 'Protection contre les serveurs DIGICUBE active, this IP range is not allowed !');
define('_PHPF_PROTECTION_DIGICUBE_IP', 'Protection contre les serveurs DIGICUBE active, cette IP n\'est pas autorisée !');
define('_PHPF_PROTECTION_KIMSUFI', 'Protection contre les serveurs KIMSUFI active, cette IP range n\'est pas autorisée !');
define('_PHPF_PROTECTION_OVH', 'Protection contre les serveurs OVH active, cette IP range n\'est pas autorisée !');
define('_PHPF_PROTECTION_BOTS', 'Attaque Bot détectée ! stop it ...');
define('_PHPF_PROTECTION_CLICK', 'Click attaque détectée ! stop it .....');
define('_PHPF_PROTECTION_DOS', 'Invalide user agent ! Stop it ...');
define('_PHPF_PROTECTION_OTHER_SERVER', 'Poster depuis un autre serveur est interdit !');
define('_PHPF_PROTECTION_REQUEST', 'Méthode de requête interdite ! Stop it ...');
define('_PHPF_PROTECTION_SANTY', 'Attaque Santy detectée ! Stop it ...');
define('_PHPF_PROTECTION_SPAM', 'Protection SPAM IPs active, cette IP range n\'est pas autorisée !');
define('_PHPF_PROTECTION_SPAM_IP', 'Protection SPAM IPs active, cette IP range n\'est pas autorisée !');
define('_PHPF_PROTECTION_UNION', 'Attaque Union détectée ! stop it ......');
define('_PHPF_PROTECTION_URL', 'Protection url active, string non autorisée !');
define('_PHPF_PROTECTION_XSS', 'Attaque XSS détectée ! stop it ...');
} else {
define('_PHPF_PROTECTION_DEDIBOX', 'Protection DEDIBOX Server active, this IP range is not allowed !');
define('_PHPF_PROTECTION_DEDIBOX_IP', 'Protection DEDIBOX Server active, this IP is not allowed !');
define('_PHPF_PROTECTION_DIGICUBE', 'Protection DIGICUBE Server active, this IP range is not allowed !');
define('_PHPF_PROTECTION_DIGICUBE_IP', 'Protection DIGICUBE Server active, this IP is not allowed !');
define('_PHPF_PROTECTION_KIMSUFI', 'Protection KIMSUFI Server active, this IP range is not allowed !');
define('_PHPF_PROTECTION_OVH', 'Protection OVH Server active, this IP range is not allowed !');
define('_PHPF_PROTECTION_BOTS', 'Bot attack detected ! stop it ...');
define('_PHPF_PROTECTION_CLICK', 'Click attack detected ! stop it .....');
define('_PHPF_PROTECTION_DOS', 'Invalid user agent ! Stop it ...');
define('_PHPF_PROTECTION_OTHER_SERVER', 'Posting from another server not allowed !');
define('_PHPF_PROTECTION_REQUEST', 'Invalid request method check ! Stop it ...');
define('_PHPF_PROTECTION_SANTY', 'Attack Santy detected ! Stop it ...');
define('_PHPF_PROTECTION_SPAM', 'Protection SPAM IPs active, this IP range is not allowed !');
define('_PHPF_PROTECTION_SPAM_IP', 'Protection died IPs active, this IP range is not allowed !');
define('_PHPF_PROTECTION_UNION', 'Union attack detected ! stop it ......');
define('_PHPF_PROTECTION_URL', 'Protection url active, string not allowed !');
define('_PHPF_PROTECTION_XSS', 'XSS attack detected ! stop it ...');
}
/** END LANGUAGE*/
if ( PHP_FIREWALL_ACTIVATION === true ) {
FUNCTION PHP_FIREWALL_unset_globals() {
if ( ini_get('register_globals') ) {
$allow = array('_ENV' => 1, '_GET' => 1, '_POST' => 1, '_COOKIE' => 1, '_FILES' => 1, '_SERVER' => 1, '_REQUEST' => 1, 'GLOBALS' => 1);
foreach ($GLOBALS as $key => $value) {
if ( ! isset( $allow[$key] ) ) unset( $GLOBALS[$key] );
}
}
}
if ( PHP_FIREWALL_PROTECTION_UNSET_GLOBALS === true ) PHP_FIREWALL_unset_globals();
/** fonctions de base */
FUNCTION PHP_FIREWALL_get_env($st_var) {
global $HTTP_SERVER_VARS;
if(isset($_SERVER[$st_var])) {
return strip_tags( $_SERVER[$st_var] );
} elseif(isset($_ENV[$st_var])) {
return strip_tags( $_ENV[$st_var] );
} elseif(isset($HTTP_SERVER_VARS[$st_var])) {
return strip_tags( $HTTP_SERVER_VARS[$st_var] );
} elseif(getenv($st_var)) {
return strip_tags( getenv($st_var) );
} elseif(function_exists('apache_getenv') && apache_getenv($st_var, true)) {
return strip_tags( apache_getenv($st_var, true) );
}
return '';
}
FUNCTION PHP_FIREWALL_get_referer() {
if( PHP_FIREWALL_get_env('HTTP_REFERER') )
return PHP_FIREWALL_get_env('HTTP_REFERER');
return 'no referer';
}
FUNCTION PHP_FIREWALL_get_ip() {
if ( PHP_FIREWALL_get_env('HTTP_X_FORWARDED_FOR') ) {
return PHP_FIREWALL_get_env('HTTP_X_FORWARDED_FOR');
} elseif ( PHP_FIREWALL_get_env('HTTP_CLIENT_IP') ) {
return PHP_FIREWALL_get_env('HTTP_CLIENT_IP');
} else {
return PHP_FIREWALL_get_env('REMOTE_ADDR');
}
}
FUNCTION PHP_FIREWALL_get_user_agent() {
if(PHP_FIREWALL_get_env('HTTP_USER_AGENT'))
return PHP_FIREWALL_get_env('HTTP_USER_AGENT');
return 'none';
}
FUNCTION PHP_FIREWALL_get_query_string() {
if( PHP_FIREWALL_get_env('QUERY_STRING') )
return str_replace('%09', '%20', PHP_FIREWALL_get_env('QUERY_STRING'));
return '';
}
FUNCTION PHP_FIREWALL_get_request_method() {
if(PHP_FIREWALL_get_env('REQUEST_METHOD'))
return PHP_FIREWALL_get_env('REQUEST_METHOD');
return 'none';
}
FUNCTION PHP_FIREWALL_gethostbyaddr() {
if ( PHP_FIREWALL_PROTECTION_SERVER_OVH === true OR PHP_FIREWALL_PROTECTION_SERVER_KIMSUFI === true OR PHP_FIREWALL_PROTECTION_SERVER_DEDIBOX === true OR PHP_FIREWALL_PROTECTION_SERVER_DIGICUBE === true ) {
if ( # empty( $_SESSION['PHP_FIREWALL_gethostbyaddr'] ) ) {
return $_SESSION['PHP_FIREWALL_gethostbyaddr'] = #gethostbyaddr( PHP_FIREWALL_get_ip() );
} else {
return strip_tags( $_SESSION['PHP_FIREWALL_gethostbyaddr'] );
}
}
}
/** bases define */
define('PHP_FIREWALL_GET_QUERY_STRING', strtolower( PHP_FIREWALL_get_query_string() ) );
define('PHP_FIREWALL_USER_AGENT', PHP_FIREWALL_get_user_agent() );
define('PHP_FIREWALL_GET_IP', PHP_FIREWALL_get_ip() );
define('PHP_FIREWALL_GET_HOST', PHP_FIREWALL_gethostbyaddr() );
define('PHP_FIREWALL_GET_REFERER', PHP_FIREWALL_get_referer() );
define('PHP_FIREWALL_GET_REQUEST_METHOD', PHP_FIREWALL_get_request_method() );
define('PHP_FIREWALL_REGEX_UNION','#\w?\s?union\s\w*?\s?(select|all|distinct|insert|update|drop|delete)#is');
FUNCTION PHP_FIREWALL_push_email( $subject, $msg ) {
$headers = "From: PHP Firewall: ".PHP_FIREWALL_ADMIN_MAIL." <".PHP_FIREWALL_ADMIN_MAIL.">\r\n"
."Reply-To: ".PHP_FIREWALL_ADMIN_MAIL."\r\n"
."Priority: urgent\r\n"
."Importance: High\r\n"
."Precedence: special-delivery\r\n"
."Organization: PHP Firewall\r\n"
."MIME-Version: 1.0\r\n"
."Content-Type: text/plain\r\n"
."Content-Transfer-Encoding: 8bit\r\n"
."X-Priority: 1\r\n"
."X-MSMail-Priority: High\r\n"
."X-Mailer: PHP/" . phpversion() ."\r\n"
."X-PHPFirewall: 1.0 by PHPFirewall\r\n"
."Date:" . date("D, d M Y H:s:i") . " +0100\n";
if ( PHP_FIREWALL_ADMIN_MAIL != '' )
#mail( PHP_FIREWALL_ADMIN_MAIL, $subject, $msg, $headers );
}
FUNCTION PHP_FIREWALL_LOGS( $type ) {
$f = fopen( dirname(__FILE__).'/'.PHP_FIREWALL_LOG_FILE.'.txt', 'a');
$msg = date('j-m-Y H:i:s')." | $type | IP: ".PHP_FIREWALL_GET_IP." ] | DNS: ".gethostbyaddr(PHP_FIREWALL_GET_IP)." | Agent: ".PHP_FIREWALL_USER_AGENT." | URL: ".PHP_FIREWALL_REQUEST_URI." | Referer: ".PHP_FIREWALL_GET_REFERER."\n\n";
fputs($f, $msg);
fclose($f);
if ( PHP_FIREWALL_PUSH_MAIL === true ) {
PHP_FIREWALL_push_email( 'Alert PHP Firewall '.strip_tags( $_SERVER['SERVER_NAME'] ) , "PHP Firewall logs of ".strip_tags( $_SERVER['SERVER_NAME'] )."\n".str_replace('|', "\n", $msg ) );
}
}
if ( PHP_FIREWALL_PROTECTION_SERVER_OVH === true ) {
if ( stristr( PHP_FIREWALL_GET_HOST ,'ovh') ) {
PHP_FIREWALL_LOGS( 'OVH Server list' );
die( _PHPF_PROTECTION_OVH );
}
}
if ( PHP_FIREWALL_PROTECTION_SERVER_OVH_BY_IP === true ) {
$ip = explode('.', PHP_FIREWALL_GET_IP );
if ( $ip[0].'.'.$ip[1] == '87.98' or $ip[0].'.'.$ip[1] == '91.121' or $ip[0].'.'.$ip[1] == '94.23' or $ip[0].'.'.$ip[1] == '213.186' or $ip[0].'.'.$ip[1] == '213.251' ) {
PHP_FIREWALL_LOGS( 'OVH Server IP' );
die( _PHPF_PROTECTION_OVH );
}
}
if ( PHP_FIREWALL_PROTECTION_SERVER_KIMSUFI === true ) {
if ( stristr( PHP_FIREWALL_GET_HOST ,'kimsufi') ) {
PHP_FIREWALL_LOGS( 'KIMSUFI Server list' );
die( _PHPF_PROTECTION_KIMSUFI );
}
}
if ( PHP_FIREWALL_PROTECTION_SERVER_DEDIBOX === true ) {
if ( stristr( PHP_FIREWALL_GET_HOST ,'dedibox') ) {
PHP_FIREWALL_LOGS( 'DEDIBOX Server list' );
die( _PHPF_PROTECTION_DEDIBOX );
}
}
if ( PHP_FIREWALL_PROTECTION_SERVER_DEDIBOX_BY_IP === true ) {
$ip = explode('.', PHP_FIREWALL_GET_IP );
if ( $ip[0].'.'.$ip[1] == '88.191' ) {
PHP_FIREWALL_LOGS( 'DEDIBOX Server IP' );
die( _PHPF_PROTECTION_DEDIBOX_IP );
}
}
if ( PHP_FIREWALL_PROTECTION_SERVER_DIGICUBE === true ) {
if ( stristr( PHP_FIREWALL_GET_HOST ,'digicube') ) {
PHP_FIREWALL_LOGS( 'DIGICUBE Server list' );
die( _PHPF_PROTECTION_DIGICUBE );
}
}
if ( PHP_FIREWALL_PROTECTION_SERVER_DIGICUBE_BY_IP === true ) {
$ip = explode('.', PHP_FIREWALL_GET_IP );
if ( $ip[0].'.'.$ip[1] == '95.130' ) {
PHP_FIREWALL_LOGS( 'DIGICUBE Server IP' );
die( _PHPF_PROTECTION_DIGICUBE_IP );
}
}
if ( PHP_FIREWALL_PROTECTION_RANGE_IP_SPAM === true ) {
$ip_array = array('24', '186', '189', '190', '200', '201', '202', '209', '212', '213', '217', '222' );
$range_ip = explode('.', PHP_FIREWALL_GET_IP );
if ( in_array( $range_ip[0], $ip_array ) ) {
PHP_FIREWALL_LOGS( 'IPs Spam list' );
die( _PHPF_PROTECTION_SPAM );
}
}
if ( PHP_FIREWALL_PROTECTION_RANGE_IP_DENY === true ) {
$ip_array = array('0', '1', '2', '5', '10', '14', '23', '27', '31', '36', '37', '39', '42', '46', '49', '50', '100', '101', '102', '103', '104', '105', '106', '107', '114', '172', '176', '177', '179', '181', '185', '192', '223', '224' );
$range_ip = explode('.', PHP_FIREWALL_GET_IP );
if ( in_array( $range_ip[0], $ip_array ) ) {
PHP_FIREWALL_LOGS( 'IPs reserved list' );
die( _PHPF_PROTECTION_SPAM_IP );
}
}
if ( PHP_FIREWALL_PROTECTION_COOKIES === true ) {
$ct_rules = Array('applet', 'base', 'bgsound', 'blink', 'embed', 'expression', 'frame', 'javascript', 'layer', 'link', 'meta', 'object', 'onabort', 'onactivate', 'onafterprint', 'onafterupdate', 'onbeforeactivate', 'onbeforecopy', 'onbeforecut', 'onbeforedeactivate', 'onbeforeeditfocus', 'onbeforepaste', 'onbeforeprint', 'onbeforeunload', 'onbeforeupdate', 'onblur', 'onbounce', 'oncellchange', 'onchange', 'onclick', 'oncontextmenu', 'oncontrolselect', 'oncopy', 'oncut', 'ondataavailable', 'ondatasetchanged', 'ondatasetcomplete', 'ondblclick', 'ondeactivate', 'ondrag', 'ondragend', 'ondragenter', 'ondragleave', 'ondragover', 'ondragstart', 'ondrop', 'onerror', 'onerrorupdate', 'onfilterchange', 'onfinish', 'onfocus', 'onfocusin', 'onfocusout', 'onhelp', 'onkeydown', 'onkeypress', 'onkeyup', 'onlayoutcomplete', 'onload', 'onlosecapture', 'onmousedown', 'onmouseenter', 'onmouseleave', 'onmousemove', 'onmouseout', 'onmouseover', 'onmouseup', 'onmousewheel', 'onmove', 'onmoveend', 'onmovestart', 'onpaste', 'onpropertychange', 'onreadystatechange', 'onreset', 'onresize', 'onresizeend', 'onresizestart', 'onrowenter', 'onrowexit', 'onrowsdelete', 'onrowsinserted', 'onscroll', 'onselect', 'onselectionchange', 'onselectstart', 'onstart', 'onstop', 'onsubmit', 'onunload', 'script', 'style', 'title', 'vbscript', 'xml');
if ( PHP_FIREWALL_PROTECTION_COOKIES === true ) {
foreach($_COOKIE as $value) {
$check = str_replace($ct_rules, '*', $value);
if( $value != $check ) {
PHP_FIREWALL_LOGS( 'Cookie protect' );
unset( $value );
}
}
}
if ( PHP_FIREWALL_PROTECTION_POST === true ) {
foreach( $_POST as $value ) {
$check = str_replace($ct_rules, '*', $value);
if( $value != $check ) {
PHP_FIREWALL_LOGS( 'POST protect' );
unset( $value );
}
}
}
if ( PHP_FIREWALL_PROTECTION_GET === true ) {
foreach( $_GET as $value ) {
$check = str_replace($ct_rules, '*', $value);
if( $value != $check ) {
PHP_FIREWALL_LOGS( 'GET protect' );
unset( $value );
}
}
}
}
/** protection de l'url */
if ( PHP_FIREWALL_PROTECTION_URL === true ) {
$ct_rules = array( 'absolute_path', 'ad_click', 'alert(', 'alert%20', ' and ', 'basepath', 'bash_history', '.bash_history', 'cgi-', 'chmod(', 'chmod%20', '%20chmod', 'chmod=', 'chown%20', 'chgrp%20', 'chown(', '/chown', 'chgrp(', 'chr(', 'chr=', 'chr%20', '%20chr', 'chunked', 'cookie=', 'cmd', 'cmd=', '%20cmd', 'cmd%20', '.conf', 'configdir', 'config.php', 'cp%20', '%20cp', 'cp(', 'diff%20', 'dat?', 'db_mysql.inc', 'document.location', 'document.cookie', 'drop%20', 'echr(', '%20echr', 'echr%20', 'echr=', '}else{', '.eml', 'esystem(', 'esystem%20', '.exe', 'exploit', 'file\://', 'fopen', 'fwrite', '~ftp', 'ftp:', 'ftp.exe', 'getenv', '%20getenv', 'getenv%20', 'getenv(', 'grep%20', '_global', 'global_', 'global[', 'http:', '_globals', 'globals_', 'globals[', 'grep(', 'g\+\+', 'halt%20', '.history', '?hl=', '.htpasswd', 'http_', 'http-equiv', 'http/1.', 'http_php', 'http_user_agent', 'http_host', '&icq', 'if{', 'if%20{', 'img src', 'img%20src', '.inc.php', '.inc', 'insert%20into', 'ISO-8859-1', 'ISO-', 'javascript\://', '.jsp', '.js', 'kill%20', 'kill(', 'killall', '%20like', 'like%20', 'locate%20', 'locate(', 'lsof%20', 'mdir%20', '%20mdir', 'mdir(', 'mcd%20', 'motd%20', 'mrd%20', 'rm%20', '%20mcd', '%20mrd', 'mcd(', 'mrd(', 'mcd=', 'mod_gzip_status', 'modules/', 'mrd=', 'mv%20', 'nc.exe', 'new_password', 'nigga(', '%20nigga', 'nigga%20', '~nobody', 'org.apache', '+outfile+', '%20outfile%20', '*/outfile/*',' outfile ','outfile', 'password=', 'passwd%20', '%20passwd', 'passwd(', 'phpadmin', 'perl%20', '/perl', 'phpbb_root_path','*/phpbb_root_path/*','p0hh', 'ping%20', '.pl', 'powerdown%20', 'rm(', '%20rm', 'rmdir%20', 'mv(', 'rmdir(', 'phpinfo()', '<?php', 'reboot%20', '/robot.txt' , '~root', 'root_path', 'rush=', '%20and%20', '%20xorg%20', '%20rush', 'rush%20', 'secure_site, ok', 'select%20', 'select from', 'select%20from', '_server', 'server_', 'server[', 'server-info', 'server-status', 'servlet', 'sql=', '<script', '<script>', '</script','script>','/script', 'switch{','switch%20{', '.system', 'system(', 'telnet%20', 'traceroute%20', '.txt', 'union%20', '%20union', 'union(', 'union=', 'vi(', 'vi%20', 'wget', 'wget%20', '%20wget', 'wget(', 'window.open', 'wwwacl', ' xor ', 'xp_enumdsn', 'xp_availablemedia', 'xp_filelist', 'xp_cmdshell', '$_request', '$_get', '$request', '$get', '&aim', '/etc/password','/etc/shadow', '/etc/groups', '/etc/gshadow', '/bin/ps', 'uname\x20-a', '/usr/bin/id', '/bin/echo', '/bin/kill', '/bin/', '/chgrp', '/usr/bin', 'bin/python', 'bin/tclsh', 'bin/nasm', '/usr/x11r6/bin/xterm', '/bin/mail', '/etc/passwd', '/home/ftp', '/home/www', '/servlet/con', '?>', '.txt');
$check = str_replace($ct_rules, '*', PHP_FIREWALL_GET_QUERY_STRING );
if( PHP_FIREWALL_GET_QUERY_STRING != $check ) {
PHP_FIREWALL_LOGS( 'URL protect' );
die( _PHPF_PROTECTION_URL );
}
}
/** Posting from other servers in not allowed */
if ( PHP_FIREWALL_PROTECTION_REQUEST_SERVER === true ) {
if ( PHP_FIREWALL_GET_REQUEST_METHOD == 'POST' ) {
if (isset($_SERVER['HTTP_REFERER'])) {
if ( ! stripos( $_SERVER['HTTP_REFERER'], $_SERVER['HTTP_HOST'], 0 ) ) {
PHP_FIREWALL_LOGS( 'Posting another server' );
die( _PHPF_PROTECTION_OTHER_SERVER );
}
}
}
}
/** protection contre le vers santy */
if ( PHP_FIREWALL_PROTECTION_SANTY === true ) {
$ct_rules = array('rush','highlight=%','perl','chr(','pillar','visualcoder','sess_');
$check = str_replace($ct_rules, '*', strtolower(PHP_FIREWALL_REQUEST_URI) );
if( strtolower(PHP_FIREWALL_REQUEST_URI) != $check ) {
PHP_FIREWALL_LOGS( 'Santy' );
die( _PHPF_PROTECTION_SANTY );
}
}
/** protection bots */
if ( PHP_FIREWALL_PROTECTION_BOTS === true ) {
$ct_rules = array( '#nonymouse', 'addresses.com', 'ideography.co.uk', 'adsarobot', 'ah-ha', 'aktuelles', 'alexibot', 'almaden', 'amzn_assoc', 'anarchie', 'art-online', 'aspseek', 'assort', 'asterias', 'attach', 'atomz', 'atspider', 'autoemailspider', 'backweb', 'backdoorbot', 'bandit', 'batchftp', 'bdfetch', 'big.brother', 'black.hole', 'blackwidow', 'blowfish', 'bmclient', 'boston project', 'botalot', 'bravobrian', 'buddy', 'bullseye', 'bumblebee ', 'builtbottough', 'bunnyslippers', 'capture', 'cegbfeieh', 'cherrypicker', 'cheesebot', 'chinaclaw', 'cicc', 'civa', 'clipping', 'collage', 'collector', 'copyrightcheck', 'cosmos', 'crescent', 'custo', 'cyberalert', 'deweb', 'diagem', 'digger', 'digimarc', 'diibot', 'directupdate', 'disco', 'dittospyder', 'download accelerator', 'download demon', 'download wonder', 'downloader', 'drip', 'dsurf', 'dts agent', 'dts.agent', 'easydl', 'ecatch', 'echo extense', 'efp#gmx.net', 'eirgrabber', 'elitesys', 'emailsiphon', 'emailwolf', 'envidiosos', 'erocrawler', 'esirover', 'express webpictures', 'extrac', 'eyenetie', 'fastlwspider', 'favorg', 'favorites sweeper', 'fezhead', 'filehound', 'filepack.superbr.org', 'flashget', 'flickbot', 'fluffy', 'frontpage', 'foobot', 'galaxyBot', 'generic', 'getbot ', 'getleft', 'getright', 'getsmart', 'geturl', 'getweb', 'gigabaz', 'girafabot', 'go-ahead-got-it', 'go!zilla', 'gornker', 'grabber', 'grabnet', 'grafula', 'green research', 'harvest', 'havindex', 'hhjhj#yahoo', 'hloader', 'hmview', 'homepagesearch', 'htmlparser', 'hulud', 'http agent', 'httpconnect', 'httpdown', 'http generic', 'httplib', 'httrack', 'humanlinks', 'ia_archiver', 'iaea', 'ibm_planetwide', 'image stripper', 'image sucker', 'imagefetch', 'incywincy', 'indy', 'infonavirobot', 'informant', 'interget', 'internet explore', 'infospiders', 'internet ninja', 'internetlinkagent', 'interneteseer.com', 'ipiumbot', 'iria', 'irvine', 'jbh', 'jeeves', 'jennybot', 'jetcar', 'joc web spider', 'jpeg hunt', 'justview', 'kapere', 'kdd explorer', 'kenjin.spider', 'keyword.density', 'kwebget', 'lachesis', 'larbin', 'laurion(dot)com', 'leechftp', 'lexibot', 'lftp', 'libweb', 'links aromatized', 'linkscan', 'link*sleuth', 'linkwalker', 'libwww', 'lightningdownload', 'likse', 'lwp','mac finder', 'mag-net', 'magnet', 'marcopolo', 'mass', 'mata.hari', 'mcspider', 'memoweb', 'microsoft url control', 'microsoft.url', 'midown', 'miixpc', 'minibot', 'mirror', 'missigua', 'mister.pix', 'mmmtocrawl', 'moget', 'mozilla/2', 'mozilla/3.mozilla/2.01', 'mozilla.*newt', 'multithreaddb', 'munky', 'msproxy', 'nationaldirectory', 'naverrobot', 'navroad', 'nearsite', 'netants', 'netcarta', 'netcraft', 'netfactual', 'netmechanic', 'netprospector', 'netresearchserver', 'netspider', 'net vampire', 'newt', 'netzip', 'nicerspro', 'npbot', 'octopus', 'offline.explorer', 'offline explorer', 'offline navigator', 'opaL', 'openfind', 'opentextsitecrawler', 'orangebot', 'packrat', 'papa foto', 'pagegrabber', 'pavuk', 'pbwf', 'pcbrowser', 'personapilot', 'pingalink', 'pockey', 'program shareware', 'propowerbot/2.14', 'prowebwalker', 'proxy', 'psbot', 'psurf', 'puf', 'pushsite', 'pump', 'qrva', 'quepasacreep', 'queryn.metasearch', 'realdownload', 'reaper', 'recorder', 'reget', 'replacer', 'repomonkey', 'rma', 'robozilla', 'rover', 'rpt-httpclient', 'rsync', 'rush=', 'searchexpress', 'searchhippo', 'searchterms.it', 'second street research', 'seeker', 'shai', 'sitecheck', 'sitemapper', 'sitesnagger', 'slysearch', 'smartdownload', 'snagger', 'spacebison', 'spankbot', 'spanner', 'spegla', 'spiderbot', 'spiderengine', 'sqworm', 'ssearcher100', 'star downloader', 'stripper', 'sucker', 'superbot', 'surfwalker', 'superhttp', 'surfbot', 'surveybot', 'suzuran', 'sweeper', 'szukacz/1.4', 'tarspider', 'takeout', 'teleport', 'telesoft', 'templeton', 'the.intraformant', 'thenomad', 'tighttwatbot', 'titan', 'tocrawl/urldispatcher','toolpak', 'traffixer', 'true_robot', 'turingos', 'turnitinbot', 'tv33_mercator', 'uiowacrawler', 'urldispatcherlll', 'url_spider_pro', 'urly.warning ', 'utilmind', 'vacuum', 'vagabondo', 'vayala', 'vci', 'visualcoders', 'visibilitygap', 'vobsub', 'voideye', 'vspider', 'w3mir', 'webauto', 'webbandit', 'web.by.mail', 'webcapture', 'webcatcher', 'webclipping', 'webcollage', 'webcopier', 'webcopy', 'webcraft#bea', 'web data extractor', 'webdav', 'webdevil', 'webdownloader', 'webdup', 'webenhancer', 'webfetch', 'webgo', 'webhook', 'web.image.collector', 'web image collector', 'webinator', 'webleacher', 'webmasters', 'webmasterworldforumbot', 'webminer', 'webmirror', 'webmole', 'webreaper', 'websauger', 'websaver', 'website.quester', 'website quester', 'websnake', 'websucker', 'web sucker', 'webster', 'webreaper', 'webstripper', 'webvac', 'webwalk', 'webweasel', 'webzip', 'wget', 'widow', 'wisebot', 'whizbang', 'whostalking', 'wonder', 'wumpus', 'wweb', 'www-collector-e', 'wwwoffle', 'wysigot', 'xaldon', 'xenu', 'xget', 'x-tractor', 'zeus' );
$check = str_replace($ct_rules, '*', strtolower(PHP_FIREWALL_USER_AGENT) );
if( strtolower(PHP_FIREWALL_USER_AGENT) != $check ) {
PHP_FIREWALL_LOGS( 'Bots attack' );
die( _PHPF_PROTECTION_BOTS );
}
}
/** Invalid request method check */
if ( PHP_FIREWALL_PROTECTION_REQUEST_METHOD === true ) {
if(strtolower(PHP_FIREWALL_GET_REQUEST_METHOD)!='get' AND strtolower(PHP_FIREWALL_GET_REQUEST_METHOD)!='head' AND strtolower(PHP_FIREWALL_GET_REQUEST_METHOD)!='post' AND strtolower(PHP_FIREWALL_GET_REQUEST_METHOD)!='put') {
PHP_FIREWALL_LOGS( 'Invalid request' );
die( _PHPF_PROTECTION_REQUEST );
}
}
/** protection dos attaque */
if ( PHP_FIREWALL_PROTECTION_DOS === true ) {
if ( !defined('PHP_FIREWALL_USER_AGENT') || PHP_FIREWALL_USER_AGENT == '-' ) {
PHP_FIREWALL_LOGS( 'Dos attack' );
die( _PHPF_PROTECTION_DOS );
}
}
/** protection union sql attaque */
if ( PHP_FIREWALL_PROTECTION_UNION_SQL === true ) {
$stop = 0;
$ct_rules = array( '*/from/*', '*/insert/*', '+into+', '%20into%20', '*/into/*', ' into ', 'into', '*/limit/*', 'not123exists*', '*/radminsuper/*', '*/select/*', '+select+', '%20select%20', ' select ', '+union+', '%20union%20', '*/union/*', ' union ', '*/update/*', '*/where/*' );
$check = str_replace($ct_rules, '*', PHP_FIREWALL_GET_QUERY_STRING );
if( PHP_FIREWALL_GET_QUERY_STRING != $check ) $stop++;
if (preg_match(PHP_FIREWALL_REGEX_UNION, PHP_FIREWALL_GET_QUERY_STRING)) $stop++;
if (preg_match('/([OdWo5NIbpuU4V2iJT0n]{5}) /', rawurldecode( PHP_FIREWALL_GET_QUERY_STRING ))) $stop++;
if (strstr(rawurldecode( PHP_FIREWALL_GET_QUERY_STRING ) ,'*')) $stop++;
if ( !empty( $stop ) ) {
PHP_FIREWALL_LOGS( 'Union attack' );
die( _PHPF_PROTECTION_UNION );
}
}
/** protection click attack */
if ( PHP_FIREWALL_PROTECTION_CLICK_ATTACK === true ) {
$ct_rules = array( '/*', 'c2nyaxb0', '/*' );
if( PHP_FIREWALL_GET_QUERY_STRING != str_replace($ct_rules, '*', PHP_FIREWALL_GET_QUERY_STRING ) ) {
PHP_FIREWALL_LOGS( 'Click attack' );
die( _PHPF_PROTECTION_CLICK );
}
}
/** protection XSS attack */
if ( PHP_FIREWALL_PROTECTION_XSS_ATTACK === true ) {
$ct_rules = array( 'http\:\/\/', 'https\:\/\/', 'cmd=', '&cmd', 'exec', 'concat', './', '../', 'http:', 'h%20ttp:', 'ht%20tp:', 'htt%20p:', 'http%20:', 'https:', 'h%20ttps:', 'ht%20tps:', 'htt%20ps:', 'http%20s:', 'https%20:', 'ftp:', 'f%20tp:', 'ft%20p:', 'ftp%20:', 'ftps:', 'f%20tps:', 'ft%20ps:', 'ftp%20s:', 'ftps%20:', '.php?url=' );
$check = str_replace($ct_rules, '*', PHP_FIREWALL_GET_QUERY_STRING );
if( PHP_FIREWALL_GET_QUERY_STRING != $check ) {
PHP_FIREWALL_LOGS( 'XSS attack' );
die( _PHPF_PROTECTION_XSS );
}
}
}

Resources