标签:post ase top reac res int nbsp ike text
<?php
// +----------------------------------------------------------------------
// | Copyer: 小何 <2869107753@qq.com>
// +----------------------------------------------------------------------
// +----------------------------------------------------------------------
// | Title: 基本拦截
// +----------------------------------------------------------------------
/***
* _ooOoo_
* o8888888o
* 88" . "88
* (| -_- |)
* O\ = /O
* ____/`---‘\____
* . ‘ \\| |// `.
* / \\||| : |||// \
* / _||||| -:- |||||- \
* | | \\\ - /// | |
* | \_| ‘‘\---/‘‘ | |
* \ .-\__ `-` ___/-. /
* ___`. .‘ /--.--\ `. . __
* ."" ‘< `.___\_<|>_/___.‘ >‘"".
* | | : `- \`.;`\ _ /`;.`/ - ` : | |
* \ \ `-. \_ __\ /__ _/ .-` / /
* ======`-.____`-.___\_____/___.-`____.-‘======
* `=---=‘
*
* .............................................
* 佛祖保佑 永无BUG
*/
//get拦截规则
$getfilter = "\\<.+javascript:window\\[.{1}\\\\x|<.*=(&#\\d+?;?)+?>|<.*(data|src)=data:text\\/html.*>|\\b(alert\\(|confirm\\(|expression\\(|prompt\\(|benchmark\s*?\(.*\)|sleep\s*?\(.*\)|\\b(group_)?concat[\\s\\/\\*]*?\\([^\\)]+?\\)|\bcase[\s\/\*]*?when[\s\/\*]*?\([^\)]+?\)|load_file\s*?\\()|<[a-z]+?\\b[^>]*?\\bon([a-z]{4,})\s*?=|^\\+\\/v(8|9)|\\b(and|or)\\b\\s*?([\\(\\)‘\"\\d]+?=[\\(\\)‘\"\\d]+?|[\\(\\)‘\"a-zA-Z]+?=[\\(\\)‘\"a-zA-Z]+?|>|<|\s+?[\\w]+?\\s+?\\bin\\b\\s*?\(|\\blike\\b\\s+?[\"‘])|\\/\\*.*\\*\\/|<\\s*script\\b|\\bEXEC\\b|UNION.+?SELECT\s*(\(.+\)\s*|@{1,2}.+?\s*|\s+?.+?|(`|‘|\").*?(`|‘|\")\s*)|UPDATE\s*(\(.+\)\s*|@{1,2}.+?\s*|\s+?.+?|(`|‘|\").*?(`|‘|\")\s*)SET|INSERT\\s+INTO.+?VALUES|(SELECT|DELETE)@{0,2}(\\(.+\\)|\\s+?.+?\\s+?|(`|‘|\").*?(`|‘|\"))FROM(\\(.+\\)|\\s+?.+?|(`|‘|\").*?(`|‘|\"))|(CREATE|ALTER|DROP|TRUNCATE)\\s+(TABLE|DATABASE)";
//post拦截规则
$postfilter = "<.*=(&#\\d+?;?)+?>|<.*data=data:text\\/html.*>|\\b(alert\\(|confirm\\(|expression\\(|prompt\\(|benchmark\s*?\(.*\)|sleep\s*?\(.*\)|\\b(group_)?concat[\\s\\/\\*]*?\\([^\\)]+?\\)|\bcase[\s\/\*]*?when[\s\/\*]*?\([^\)]+?\)|load_file\s*?\\()|<[^>]*?\\b(onerror|onmousemove|onload|onclick|onmouseover)\\b|\\b(and|or)\\b\\s*?([\\(\\)‘\"\\d]+?=[\\(\\)‘\"\\d]+?|[\\(\\)‘\"a-zA-Z]+?=[\\(\\)‘\"a-zA-Z]+?|>|<|\s+?[\\w]+?\\s+?\\bin\\b\\s*?\(|\\blike\\b\\s+?[\"‘])|\\/\\*.*\\*\\/|<\\s*script\\b|\\bEXEC\\b|UNION.+?SELECT\s*(\(.+\)\s*|@{1,2}.+?\s*|\s+?.+?|(`|‘|\").*?(`|‘|\")\s*)|UPDATE\s*(\(.+\)\s*|@{1,2}.+?\s*|\s+?.+?|(`|‘|\").*?(`|‘|\")\s*)SET|INSERT\\s+INTO.+?VALUES|(SELECT|DELETE)(\\(.+\\)|\\s+?.+?\\s+?|(`|‘|\").*?(`|‘|\"))FROM(\\(.+\\)|\\s+?.+?|(`|‘|\").*?(`|‘|\"))|(CREATE|ALTER|DROP|TRUNCATE)\\s+(TABLE|DATABASE)";
//cookie拦截规则
$cookiefilter = "benchmark\s*?\(.*\)|sleep\s*?\(.*\)|load_file\s*?\\(|\\b(and|or)\\b\\s*?([\\(\\)‘\"\\d]+?=[\\(\\)‘\"\\d]+?|[\\(\\)‘\"a-zA-Z]+?=[\\(\\)‘\"a-zA-Z]+?|>|<|\s+?[\\w]+?\\s+?\\bin\\b\\s*?\(|\\blike\\b\\s+?[\"‘])|\\/\\*.*\\*\\/|<\\s*script\\b|\\bEXEC\\b|UNION.+?SELECT\s*(\(.+\)\s*|@{1,2}.+?\s*|\s+?.+?|(`|‘|\").*?(`|‘|\")\s*)|UPDATE\s*(\(.+\)\s*|@{1,2}.+?\s*|\s+?.+?|(`|‘|\").*?(`|‘|\")\s*)SET|INSERT\\s+INTO.+?VALUES|(SELECT|DELETE)@{0,2}(\\(.+\\)|\\s+?.+?\\s+?|(`|‘|\").*?(`|‘|\"))FROM(\\(.+\\)|\\s+?.+?|(`|‘|\").*?(`|‘|\"))|(CREATE|ALTER|DROP|TRUNCATE)\\s+(TABLE|DATABASE)";
//referer获取
$webscan_referer = empty($_SERVER[‘HTTP_REFERER‘]) ? array() : array(‘HTTP_REFERER‘=>$_SERVER[‘HTTP_REFERER‘]);
/*
参数拆分
*/
function webscan_arr_foreach($arr) {
static $str;
static $keystr;
if (!is_array($arr)) {
return $arr;
}
foreach ($arr as $key => $val ) {
$keystr=$keystr.$key;
if (is_array($val)) {
webscan_arr_foreach($val);
} else {
$str[] = $val.$keystr;
}
}
return implode($str);
}
/**
* 攻击检查拦截
*/
function webscan_StopAttack($StrFiltKey,$StrFiltValue,$ArrFiltReq) {
$StrFiltValue=webscan_arr_foreach($StrFiltValue);
if (preg_match("/".$ArrFiltReq."/is",$StrFiltValue)==1){
exit(‘您想看的代码,他不存在呢~‘);
}
if (preg_match("/".$ArrFiltReq."/is",$StrFiltKey)==1){
exit(‘您想看的代码,他不存在呢~‘);
}
}
foreach($_GET as $key=>$value) {
webscan_StopAttack($key,$value,$getfilter);
}
foreach($_POST as $key=>$value) {
webscan_StopAttack($key,$value,$postfilter);
}
foreach($_COOKIE as $key=>$value) {
webscan_StopAttack($key,$value,$cookiefilter);
}
foreach($webscan_referer as $key=>$value) {
webscan_StopAttack($key,$value,$postfilter);
}
?>
标签:post ase top reac res int nbsp ike text
原文地址:https://www.cnblogs.com/hejiabin/p/14246517.html
