<?php
/*
* Aegis_lib
* 本php为Aegis函数库,仅提供功能性函数
* 若需要实现灵活性地使用Aegis各项功能,请在引用之后合理地调用Aegis函数即可
* 若只引用此文件,但不调用Aegis函数,则WAF不会开启
* 若要傻瓜式加载本WAF,直接引用Aegis.php即可
* 作者:isd12345678
*/
function GetAbsolutePath($dir){
if($dir==="")return FALSE;
if(stripos(php_uname('s'),"windows")!==FALSE){
if(substr($dir,1,1)===":")return $dir;
$islinux=FALSE;
$dir=str_replace("\\","/",$dir);
}else {
if(substr($dir,0,1)==="/")return $dir;
$islinux=TRUE;
}
$path="";
$arr=explode("/",dirname($_SERVER['SCRIPT_FILENAME'])."/".$dir);
$_path=array();
for($i=0;$i<count($arr);$i++){
if($arr[$i]==="."){
}else if($arr[$i]===".."){
if($islinux)array_pop($_path);
else {
if(count($_path)>1)array_pop($_path);
}
}else array_push($_path,$arr[$i]);
}
for($i=0;$i<count($_path);$i++){
if($i===0){
if($islinux)$path=$path."/";
}else $path=$path."/";
$path=$path.$_path[$i];
}
$path=str_replace("//","/",$path);
return $path;
}
function DieWAF($WriteLog,$WriteDir,$reason){
if($WriteLog!==0)$content=writelog($WriteDir,"Warning",$reason);
$DieType=3;//die出方式,0:普通信息,1:炸死浏览器,2:图片和音乐,3:debug信息,其他为空白
if($DieType===0){
$n="flag:";
$n.=md5(date("m-d H-i",round(time()/1800))*1800);//30分钟变一次23333
die($n);
}else if($DieType===1){//最基础的炸死浏览器,去掉alert更邪恶,hahahaha~~~
$docu="<center><h1>========Forbidden By Aegis========<br /></h1></center>";
$d="";
for($i=0;$i<10;$i++)$d=$d.$docu;
die($d."<script>alert(\"Forbidden By Aegis\");while(1){document.writeln(\"".$docu."\");}</script>");
}else if($DieType===2){//返回pic.jpg与music.mp3,能卡死很多批量攻击脚本233333
$n="<html><body style=\"margin:0\"><img src=\"data:image/jpg;base64,";
$n.=base64_encode(file_get_contents(dirname(__FILE__)."/pic.jpg"));
$n.="\" style=\"margin:0;width:100%;height: 100%;\">";
$n.="<audio src=\"data:audio/x-wav;base64,";
$n.=base64_encode(file_get_contents(dirname(__FILE__)."/music.mp3"));
$n.="\" autoplay />";
$n.="</body></html>";
die($n);
}else if($DieType===3){//debug用,如果WAF影响了网站正常功能,可以用这个调试
$debug="<html><head><meta charset=\"utf-8\"></head><body>\n";
$debug.="Aegis die tracert:<br />\n".$GLOBALS['AegisErrorLine']."<br />\n";
$debug.="php script tracert:<br />\n".$GLOBALS['Aegistracert'];
$debug.="<br />\nreason:<br />\n";
$debug.=$reason."<br />\n";
$debug.="details:<br />\n";
$content=str_replace("\r\n", "<br />\n", $content);
$debug.=$content;
$debug.="</body></html>";
die($debug);
}else die();
}
function writelog($WriteDir,$level,$reason){
$content="IP:".$_SERVER['REMOTE_ADDR']."\r\n";
$content=$content."URL:".$_SERVER['SCRIPT_FILENAME']."\r\nGET:";
$temp=stripos($_SERVER['REQUEST_URI'],"?");
if($temp!==FALSE)$content.=substr($_SERVER['REQUEST_URI'],$temp);
$content=$content."\r\nPOST:".file_get_contents("php://input");
$first=TRUE;
$content=$content."\r\nCOOKIE:";
foreach($GLOBALS['AegisWaf_cookie'] as $key =>$value){
if($first===FALSE)$content=$content."&";
$content=$content.$key."=".$value;
$first=FALSE;
}
$contents=$content."\r\nWAF debug:\r\n";
$contents.=$reason."\r\n".$GLOBALS['AegisErrorLine']."\r\n".$GLOBALS['Aegistracert'];
$contents.="\r\n\r\n";
//如果不想要log里写出debug信息,直接$contents=$content;就行了
if(!file_exists($WriteDir.$level))mkdir($WriteDir.$level);
$filename=$WriteDir.$level."/".$level."_".date("m-d H-i",time()).".txt";
file_put_contents($filename, $contents,FILE_APPEND);
return $content;
}
function CheckVarName(){
$black=GetBlackWords();
$re=$_GET+$_POST+$_COOKIE;
foreach($re as $key =>$value){
for($i=0;$i<count($black);$i++){
if($key===$black[$i]){
$GLOBALS['AegisErrorLine'].="->".__LINE__;return TRUE;
break;
}
}
}
return FALSE;
}
function checkname_length($key,$value){
//这里是特定参数名所允许的长度
if(strtolower($key)==="username" && strlen($value)>18){$GLOBALS['AegisErrorLine'].="->".__LINE__;return TRUE;}
if(strtolower($key)==="user" && strlen($value)>18){$GLOBALS['AegisErrorLine'].="->".__LINE__;return TRUE;}
if(strtolower($key)==="name" && strlen($value)>18){$GLOBALS['AegisErrorLine'].="->".__LINE__;return TRUE;}
if(strtolower($key)==="password" && strlen($value)>18){$GLOBALS['AegisErrorLine'].="->".__LINE__;return TRUE;}
if(strtolower($key)==="passwd" && strlen($value)>18){$GLOBALS['AegisErrorLine'].="->".__LINE__;return TRUE;}
if(strtolower($key)==="file" && strlen($value)>32){$GLOBALS['AegisErrorLine'].="->".__LINE__;return TRUE;}
if(strtolower($key)==="page" && strlen($value)>32){$GLOBALS['AegisErrorLine'].="->".__LINE__;return TRUE;}
return false;
}
function SmartLength(){
foreach($_GET as $key => $value)if(checkname_length($key,$value)===TRUE){$GLOBALS['AegisErrorLine'].="->".__LINE__;return TRUE;}
foreach($_POST as $key => $value)if(checkname_length($key,$value)===TRUE){$GLOBALS['AegisErrorLine'].="->".__LINE__;return TRUE;}
foreach($_COOKIE as $key => $value)if(checkname_length($key,$value)===TRUE){$GLOBALS['AegisErrorLine'].="->".__LINE__;return TRUE;}
return false;
}
function filterwords($key,$value){
if($key==="source")return FALSE;//白名单变量名
$j=1;while($j!==0)$value=str_ireplace("%25", "%", $value,$j);
$value=urldecode($value);
$defence=FALSE;
$resulta=SqlAstAnalysis("select * from tables where id='".$value."';");
$resultb=SqlAstAnalysis("select * from tables where id=".$value.";");
$resultc=SqlAstAnalysis("select * from tables where id=\"".$value."\";");
$num=-1;$p=-1;
if($resulta!==FALSE){if($resulta['num']>$num){$num=$resulta['num'];$p=0;}}
if($resultb!==FALSE){if($resultb['num']>$num){$num=$resultb['num'];$p=1;}}
if($resultc!==FALSE){if($resultc['num']>$num){$num=$resultc['num'];$p=2;}}
if($p<0)return FALSE;
else if($p===0)$result=$resulta;
else if($p===1)$result=$resultb;
else if($p===2)$result=$resultc;
if($result['num']===1){
if(substr($value,0,1)==="'"){
$defence=TRUE;
$GLOBALS['AegisErrorLine'].="->".__LINE__."(".$value.")";
$value="′".substr($value,0,1-strlen($value));
}
if(substr($value,0,1)==="\""){
$defence=TRUE;
$GLOBALS['AegisErrorLine'].="->".__LINE__."(".$value.")";
$value="″".substr($value,0,1-strlen($value));
}
if($result['tips']===TRUE){
$defence=TRUE;
$value=str_ireplace("#", "#", $value);
$value=str_ireplace("--", "——", $value);
$value=str_ireplace("/*", "/x", $value);
$GLOBALS['AegisErrorLine'].="->".__LINE__;
}
}
else{
$sqlwords=array("select","insert","update","delete","drop","truncate",
"'","(","into outfile","into dumpfi1e"," or ","load_file");
$switchwords=array("se1ect","insart","updata","de1ete","jrop","truncata",
"′","〔","into outfi1e","into dumpfi1e"," 0r ","load_fi1e");
for($i=0;$i<count($sqlwords);$i++){
$value=str_ireplace($sqlwords[$i], $switchwords[$i], $value,$j);
if($j!==0){
$defence=TRUE;
$GLOBALS['AegisErrorLine'].="->".__LINE__."(".$sqlwords[$i].")";break;
}
}
}
$sqlwords=array("insert","update","delete","drop","truncate","into outfile","into dumpfi1e","load_file");
$switchwords=array("insart","updata","de1ete","jrop","truncata","into outfi1e","into dumpfi1e","load_fi1e");
for($i=0;$i<count($sqlwords);$i++){
$value=str_ireplace($sqlwords[$i], $switchwords[$i], $value,$j);
if($j!==0){
$defence=TRUE;
$GLOBALS['AegisErrorLine'].="->".__LINE__."(".$sqlwords[$i].")";break;
}
}
$arr=array($value,$defence);
return $arr;
}
function CheckSqlWord($SqlCheckDown,$WriteLog,$WriteDir){
$defence=FALSE;
if(isse
评论0
最新资源