Tag:div rip frame matching == union function referer empty
<?php//judge whether to turn on the protection Rule $localtime=date (' y-m-d h:i:s:ms ', Time ()); Echo $localtime. ' <br> ';//error_reporting (E_error); $isopen = 1;if (isset ($_get[' Op_sec_rule_open ')) $isopen =intval ($_get[' Op_sec_rule_open ']); When the parameter value is between 20~2048, check function stopattack ($StrFiltKey, $StrFiltValue, $ArrFiltReq, $data = ' get ') {if (Is_array ($ Strfiltvalue) {$StrFiltValue =implode ($StrFiltValue);} $length = strlen ($StrFiltValue), if ($length > && $length < 2048) {if (Preg_match ("/". $ArrFiltReq. " /is ", $StrFiltValue) ==1) {$sec _method = $_server[' Request_method ']; $sec _referer = "; if (Isset ($_server[' Http_referer '))) $sec _referer = $_server[' Http_referer ']; $sec _uri = $_server["Request_uri"]; $sec _host = $_server["Http_host"]; $sec _payload = "; if ($data = = ' Post ') {foreach ($_post as $key = + $value) {if (Empty ($sec _payload)) {$sec _payload = $key. ' = '. $value;} else{$sec _payload = $payload. ' & '. $key. ' = '. $value;} }}else if ($data = = ' Cookie ') {foreach ($_cookie as $key = = $value) {if (Empty ($sec _payload)) {$sec _payload = $key. ' = '. $value;} else{$sec _payload = $sec _payload. '; '. $key. ' = '. $value;} }} $arr = Array (' method ' = = $sec _method, ' referer ' = + $sec _referer, ' host ' and ' = ' $sec _host, ' url ' = + $sec _uri, ' Payload ' = $sec _payload, ' datatype ' and $data); $sec _data = Json_encode ($arr); After the match succeeds, only the record is temporarily not terminated $sec _server = ' http://website80/alert_v1.php?param= '. $sec _data; File_get_contents ($sec _server); Print "Vdian security Notice:illegal operation!"; Exit (); }}}if ($isopen = = 1) {$getfilter = "<i?frame\\b|<\\s*script\\b|<.+?>| Union.+? Select| Select.+? from "; $postfilter =" <\\s*script\\b| Union.+? Select| Select.+? from "; $cookiefilter =" union.+? Select| Select.+? From "; foreach ($_get as $key = = $value) {stopattack ($key, $value, $getfilter);} foreach ($_post as $key = = $value) {stopattack ($key, $value, $postfilter, $data = ' POST ');} foreach ($_cookie as $key = $value) {stopattack ($key, $value, $cookiefilter, $data = ' COOKIE ');} Unset ($getfilter); unset ($postfilter); Unset ($cOokiefilter);} Unset ($isopen); $localtime =date (' y-m-d h:i:s:ms ', Time ()); Echo $localtime. ' <br> ';? >
PHP Security Protection Code