// +---------------------------------------------------------------------- namespace com; use think\Request; class Scan { private $webscan_switch = 1; //提交方式拦截(1开启拦截,0关闭拦截,post,get,cookie,referre选择需要拦截的方式) private $webscan_post = 1; private $webscan_get = 1; private $webscan_cookie = 1; private $webscan_referre = 1; private $webscan_white_directory = 'admin'; private $webscan_white_url = array('index.php' => 'm=admin'); //get拦截规则 private $getfilter = "<[^>]*?=[^>]*?&#[^>]*?>|iframe|\\b(alert\\(|confirm\\(|expression\\(|prompt\\()|<[^>]*?\\b(onerror|onmousemove|ondblclick|onmousedown|onmouseup|onmouseout|onscroll|onfocus|onsubmit|onblur|onchange|onload|onclick|onmouseover)\\b[^>]*?>|^\\+\\/v(8|9)|\\b(and|or)\\b\\s*?([\\(\\)'\"\\d]+?=[\\(\\)'\"\\d]+?|[\\(\\)'\"a-zA-Z]+?=[\\(\\)'\"a-zA-Z]+?|>|<|\s+?[\\w]+?\\s+?\\bin\\b\\s*?\(|\\blike\\b\\s+?[\"'])|\\/\\*.+?\\*\\/|<\\s*script\\b|<\\s*object\\b|\\bEXEC\\b|UNION.+?SELECT|UPDATE.+?SET|INSERT\\s+INTO.+?VALUES|INTO.+?FILE|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)\\s+(TABLE|DATABASE)"; //post拦截规则 private $postfilter = "<[^>]*?=[^>]*?&#[^>]*?>|iframe|\\b(alert\\(|confirm\\(|expression\\(|prompt\\()|<[^>]*?\\b(onerror|onmousemove|ondblclick|onmousedown|onmouseup|onmouseout|onscroll|onfocus|onsubmit|onblur|onchange|onload|onclick|onmouseover)\\b[^>]*?>|\\b(and|or)\\b\\s*?([\\(\\)'\"\\d]+?=[\\(\\)'\"\\d]+?|[\\(\\)'\"a-zA-Z]+?=[\\(\\)'\"a-zA-Z]+?|>|<|\s+?[\\w]+?\\s+?\\bin\\b\\s*?\(|\\blike\\b\\s+?[\"'])|\\/\\*.+?\\*\\/|<\\s*script\\b|<\\s*object\\b|\\bEXEC\\b|UNION.+?SELECT|UPDATE.+?SET|INSERT\\s+INTO.+?VALUES|INTO.+?FILE|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)\\s+(TABLE|DATABASE)"; //cookie拦截规则 private $cookiefilter = "\\b(and|or)\\b\\s*?([\\(\\)'\"\\d]+?=[\\(\\)'\"\\d]+?|[\\(\\)'\"a-zA-Z]+?=[\\(\\)'\"a-zA-Z]+?|>|<|\s+?[\\w]+?\\s+?\\bin\\b\\s*?\(|\\blike\\b\\s+?[\"'])|\\/\\*.+?\\*\\/|<\\s*script\\b|<\\s*object\\b|\\bEXEC\\b|UNION.+?SELECT|UPDATE.+?SET|INSERT\\s+INTO.+?VALUES|INTO.+?FILE|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)\\s+(TABLE|DATABASE)"; /** * 记录日志 */ public function webscan_slog($logs) { // var_dump(RUNTIME_PATH);die(); $string = "\r\n================\r\n".implode("\r\n", $logs); file_put_contents(RUNTIME_PATH.'input_error.txt', $string, FILE_APPEND); } /** * 参数拆分 */ public function webscan_arr_foreach($arr) { static $str; if (!is_array($arr)) { return $arr; } foreach ($arr as $key => $val ) { if (is_array($val)) { $this->webscan_arr_foreach($val); } else { $str[] = $val; } } return implode($str); } /** * 获取ip */ public function get_client_ip($type = 0) { $_SERVER = input('server.'); $type = $type ? 1 : 0; static $ip = NULL; if ($ip !== NULL) return $ip[$type]; if ($_SERVER['HTTP_X_REAL_IP']) {//nginx 代理模式下，获取客户端真实IP $ip=$_SERVER['HTTP_X_REAL_IP']; } elseif (isset($_SERVER['HTTP_CLIENT_IP'])) {//客户端的ip $ip = $_SERVER['HTTP_CLIENT_IP']; } elseif (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) {//浏览当前页面的用户计算机的网关 $arr = explode(',', $_SERVER['HTTP_X_FORWARDED_FOR']); $pos = array_search('unknown',$arr); if(false !== $pos) unset($arr[$pos]); $ip = trim($arr[0]); } elseif (isset($_SERVER['REMOTE_ADDR'])) { $ip = $_SERVER['REMOTE_ADDR'];//浏览当前页面的用户计算机的ip地址 } else { $ip = $_SERVER['REMOTE_ADDR']; } // IP地址合法验证 $long = sprintf("%u",ip2long($ip)); $ip = $long ? array($ip, $long) : array('0.0.0.0', 0); return $ip[$type]; } /** * 攻击检查拦截 */ public function webscan_StopAttack($StrFiltKey, $StrFiltValue, $ArrFiltReq, $method) { $_SERVER = input('server.'); // var_dump($_SERVER) ;die(); $StrFiltValue = $this->webscan_arr_foreach($StrFiltValue); if (preg_match("/".$ArrFiltReq."/is",$StrFiltValue) == 1){ $this->webscan_slog(array('ip' => $this->get_client_ip(),'time'=>strftime("%Y-%m-%d %H:%M:%S"),'page'=>$_SERVER["PHP_SELF"],'method'=>$method,'rkey'=>$StrFiltKey,'rdata'=>$StrFiltValue,'user_agent'=>$_SERVER['HTTP_USER_AGENT'],'request_url'=>$_SERVER["REQUEST_URI"])); header('Content-Type:application/json; charset=utf-8'); exit(json_encode(['code'=>107,'error'=>'插入了被禁用的标签！'])); } if (preg_match("/".$ArrFiltReq."/is",$StrFiltKey) == 1){ $this->webscan_slog(array('ip' => $this->get_client_ip(),'time'=>strftime("%Y-%m-%d %H:%M:%S"),'page'=>$_SERVER["PHP_SELF"],'method'=>$method,'rkey'=>$StrFiltKey,'rdata'=>$StrFiltKey,'user_agent'=>$_SERVER['HTTP_USER_AGENT'],'request_url'=>$_SERVER["REQUEST_URI"])); header('Content-Type:application/json; charset=utf-8'); exit(json_encode(['code'=>107,'error'=>'插入了被禁用的标签！'])); } } public function webscan_Check() { $request = Request::instance(); //var_dump(input('server.HTTP_REFERER'));die(); //referer获取 //$webscan_referer = empty(input('server.HTTP_REFERER')) ? array() : array('HTTP_REFERER'=>input('server.HTTP_REFERER')); return ; if ($this->webscan_switch) { if ($this->webscan_get) { foreach($request->get() as $key=>$value) { $this->webscan_StopAttack($key, $value, $this->getfilter, "GET"); } } if ($this->webscan_post) { // $module = strtolower($request->module()); // $un_strip_arr = array('knowledge','template'); foreach ($request->post() as $key=>$value) { //过滤post数据 html标签 // if (!in_array($module, $un_strip_arr)) { $request->param($key,'','strip_tags,strtolower'); // } $this->webscan_StopAttack($key, $value, $this->postfilter, "POST"); } } if ($this->webscan_cookie) { foreach($request->cookie() as $key=>$value) { $this->webscan_StopAttack($key, $value, $this->cookiefilter, "COOKIE"); } } if ($this->webscan_referre) { foreach($webscan_referer as $key=>$value) { $this->webscan_StopAttack($key, $value, $this->postfilter, "REFERRER"); } } } } }