標籤:div rip frame 匹配 == union function referer empty
<?php//判斷是否開啟防護規則$localtime=date(‘y-m-d H:i:s:ms‘,time());echo $localtime . ‘<br>‘;//error_reporting(E_ERROR); $isopen = 1;if(isset($_GET[‘op_sec_rule_open‘]))$isopen =intval($_GET[‘op_sec_rule_open‘]); //當參數值在20~2048 之間時,進行檢查function StopAttack($StrFiltKey,$StrFiltValue,$ArrFiltReq,$data=‘get‘){ if(is_array($StrFiltValue)){$StrFiltValue=implode($StrFiltValue);} $length = strlen($StrFiltValue);if($length > 20 && $length < 2048){if (preg_match("/".$ArrFiltReq."/is",$StrFiltValue)==1){ $sec_method = $_SERVER[‘REQUEST_METHOD‘]; $sec_referer = ‘‘; if(isset($_SERVER[‘HTTP_REFERER‘])) $sec_referer = $_SERVER[‘HTTP_REFERER‘]; $sec_uri = $_SERVER["REQUEST_URI"]; $sec_host = $_SERVER["HTTP_HOST"]; $sec_payload = ‘‘; if($data == ‘post‘) { foreach($_POST as $key=>$value){ if(empty($sec_payload)){$sec_payload = $key.‘=‘.$value;}else{$sec_payload =$payload.‘&‘.$key.‘=‘.$value;} } }else if($data == ‘cookie‘) { foreach($_COOKIE as $key=>$value){ if(empty($sec_payload)){$sec_payload = $key.‘=‘.$value;}else{$sec_payload =$sec_payload.‘;‘.$key.‘=‘.$value;} } } $arr = array (‘method‘=>$sec_method,‘referer‘=>$sec_referer,‘host‘=>$sec_host,‘url‘=>$sec_uri,‘payload‘=>$sec_payload,‘datatype‘ => $data); $sec_data = json_encode($arr); // 匹配成功後,只記錄暫時不終止 $sec_server = ‘http://website80/alert_v1.php?param=‘.$sec_data; //file_get_contents($sec_server); print "vdian security notice:Illegal operation!"; //exit(); } }}if($isopen == 1){$getfilter="<i?frame\\b|<\\s*script\\b|<.+?>|UNION.+?SELECT|SELECT.+?FROM";$postfilter="<\\s*script\\b|UNION.+?SELECT|SELECT.+?FROM";$cookiefilter="UNION.+?SELECT|SELECT.+?FROM";foreach($_GET as $key=>$value){ StopAttack($key,$value,$getfilter);}foreach($_POST as $key=>$value){ StopAttack($key,$value,$postfilter,$data=‘post‘);}foreach($_COOKIE as $key=>$value){ StopAttack($key,$value,$cookiefilter,$data=‘cookie‘);}unset($getfilter);unset($postfilter);unset($cookiefilter);}unset($isopen);$localtime=date(‘y-m-d H:i:s:ms‘,time());echo $localtime . ‘<br>‘;?>
php安全防護代碼
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
