Posted By

cerxx on 11/07/18


Tagged

tools hosts


Versions (?)

Protecting the site from scanning and chaotic intensive requests


 / Published in: PHP
 

URL: https://habr.com/post/234729/

One of the methods to protect the site from scanning and chaotic intense requests, which is to count the number of requests in a certain period of time and set a time delay when the threshold is exceeded. In particular, this method makes inefficient or even useless a way to crack a password by iterating, because the time spent on the search will be too large.

  1. <?php
  2. /**
  3.  * Class proverki i blokirovki ip-adresa.
  4.  */
  5. class TBlockIp {
  6. /**
  7.   * Vremia blokirovki v sekundakh.
  8.   */
  9. const blockSeconds = 60;
  10. /**
  11.   * Interval vremeni zaprosov stranitc.
  12.   */
  13. const intervalSeconds = 15;
  14. /**
  15.   * Kolichestvo zaprosov stranitcy` v interval vremeni.
  16.   */
  17. const intervalTimes = 3;
  18. /**
  19.   * Flag podcliucheniia vsegda aktivny`kh pol`zovatelei`.
  20.   */
  21. const isAlwaysActive = true;
  22. /**
  23.   * Flag podcliucheniia vsegda zablokirovanny`kh pol`zovatelei`.
  24.   */
  25. const isAlwaysBlock = true;
  26. /**
  27.   * Put` k direktorii ke`shirovaniia aktivny`kh pol`zovatelei`.
  28.   */
  29. const pathActive = 'active';
  30. /**
  31.   * Put` k direktorii ke`shirovaniia zablokirovanny`kh pol`zovatelei`.
  32.   */
  33. const pathBlock = 'block';
  34. /**
  35.   * Flag absoliutny`kh putei` k direktoriiam.
  36.   */
  37. const pathIsAbsolute = false;
  38. /**
  39.   * Spisok vsegda aktivny`kh pol`zovatelei`.
  40.   */
  41. public static $alwaysActive = array(
  42. '172.16.1.1',
  43. );
  44.  
  45. /**
  46.   * Spisok vsegda zablokirovanny`kh pol`zovatelei`.
  47.   */
  48. public static $alwaysBlock = array(
  49. '172.16.1.1',
  50. );
  51.  
  52. /**
  53.   * Metod proverki ip-adresa na aktivnost` i blokirovku.
  54.   */
  55. public static function checkIp() {
  56.  
  57. // Poluchenie ip-adresa
  58. $ip_address = self::_getIp();
  59.  
  60. // Propuskaem vsegda aktivny`kh pol`zovatelei`
  61. if (in_array($ip_address, self::$alwaysActive) && self::isAlwaysActive) {
  62. return;
  63. }
  64.  
  65. // Blokiruem vsegda zablokirovanny`kh pol`zovatelei`
  66. if (in_array($ip_address, self::$alwaysBlock) && self::isAlwaysBlock) {
  67. echo '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">';
  68. echo '<html xmlns="http://www.w3.org/1999/xhtml">';
  69. echo '<head>';
  70. echo '<title>?? ?????????????</title>';
  71. echo '<meta http-equiv="content-type" content="text/html; charset=utf-8" />';
  72. echo '</head>';
  73. echo '<body>';
  74. echo '<p style="background:#ccc;border:solid 1px #aaa;margin:30px au-to;padding:20px;text-align:center;width:700px">';
  75. echo '?? ????????????? ?????????????? ???????.<br />';
  76. echo '</p>';
  77. echo '</body>';
  78. echo '</html>';
  79. }
  80.  
  81. // Ustanovka putei` k direktoriiam
  82. $path_active = self::pathActive;
  83. $path_block = self::pathBlock;
  84.  
  85. // Privedenie putei` k direktoriiam k absoliutnomu vidu
  86. if (!self::pathIsAbsolute) {
  87. $path_active = str_replace('\\' , '/', dirname(__FILE__) . '/' . $path_active . '/');
  88. $path_block = str_replace('\\' , '/', dirname(__FILE__) . '/' . $path_block . '/');
  89. }
  90.  
  91. // Proverka vozmozhnosti zapisi v direktorii
  92. if (!is_writable($path_active)) {
  93. die('?????????? ??????????? ???????? ????????????? ?? ??????? ??? ??????? ??? ??????.');
  94. }
  95. if (!is_writable($path_block)) {
  96. die('?????????? ??????????? ??????????????? ????????????? ?? ??????? ??? ??????? ??? ??????.');
  97. }
  98.  
  99. // Proverka aktivny`kh ip-adresov
  100. $is_active = false;
  101. if ($dir = opendir($path_active)) {
  102. while (false !== ($filename = readdir($dir))) {
  103. // Vy`biraetsia ip + vremia aktivatcii e`togo ip
  104. if (preg_match('#^(\d{1,3}.\d{1,3}.\d{1,3}.\d{1,3})_(\d+)$#', $filename, $matches)) {
  105. if ($matches[2] >= time() - self::intervalSeconds) {
  106. if ($matches[1] == $ip_address) {
  107. $times = intval(trim(file_get_contents($path_active . $filename)));
  108. if ($times >= self::intervalTimes - 1) {
  109. touch($path_block . $filename);
  110. unlink($path_active . $filename);
  111. } else {
  112. file_put_contents($path_active . $filename, $times + 1);
  113. }
  114. $is_active = true;
  115. }
  116. } else {
  117. unlink($path_active . $filename);
  118. }
  119. }
  120. }
  121. closedir($dir);
  122. }
  123.  
  124. // Proverka zablokirovanny`kh ip-adresov
  125. $is_block = false;
  126. if ($dir = opendir($path_block)) {
  127. while (false !== ($filename = readdir($dir))) {
  128. // Vy`biraetsia ip + vremia blokirovki e`togo ip
  129. if (preg_match('#^(\d{1,3}.\d{1,3}.\d{1,3}.\d{1,3})_(\d+)$#', $filename, $matches)) {
  130. if ($matches[2] >= time() - self::blockSeconds) {
  131. if ($matches[1] == $ip_address) {
  132. $is_block = true;
  133. $time_block = $matches[2] - (time() - self::blockSeconds) + 1;
  134. }
  135. } else {
  136. unlink($path_block . $filename);
  137. }
  138. }
  139. }
  140. closedir($dir);
  141. }
  142.  
  143. // ip-adres zablokirovan
  144. if ($is_block) {
  145. header('HTTP/1.0 502 Bad Gateway');
  146. echo '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">';
  147. echo '<html xmlns="http://www.w3.org/1999/xhtml">';
  148. echo '<head>';
  149. echo '<title>502 Bad Gateway</title>';
  150. echo '<meta http-equiv="content-type" content="text/html; charset=utf-8" />';
  151. echo '</head>';
  152. echo '<body>';
  153. echo '<h1 style="text-align:center">502 Bad Gateway</h1>';
  154. echo '<p style="background:#ccc;border:solid 1px #aaa;margin:30px au-to;padding:20px;text-align:center;width:700px">';
  155. echo '? ?????????, ?? ???????? ?????????????, ??-?? ??????? ??????? ??????? ?????.<br />';
  156. echo '??? ???????? ?????????. ????? ' . $time_block . ' ??????(?) ?? ?????? ????????????? ??????????????.';
  157. echo '</p>';
  158. echo '</body>';
  159. echo '</html>';
  160. }
  161.  
  162. // Sozdanie identifikatora aktivnogo ip-adresa
  163. if (!$is_active) {
  164. touch($path_active . $ip_address . '_' . time());
  165. }
  166. }
  167.  
  168.  
  169. /**
  170.   * Metod polucheniia tekushchego ip-adresa iz peremenny`kh servera.
  171.   */
  172. private static function _getIp() {
  173.  
  174. // ip-adres po umolchaniiu
  175. $ip_address = '127.0.0.1';
  176.  
  177. // Massiv vozmozhny`kh ip-adresov
  178. $addrs = array();
  179.  
  180. // Sbor danny`kh vozmozhny`kh ip-adresov
  181. if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) {
  182. // Proveriaetsia massiv ip-clienta ustanovlenny`kh prozrachny`mi proksi-serverami
  183. foreach (array_reverse(explode(',', $_SERVER['HTTP_X_FORWARDED_FOR'])) as $value) {
  184. $value = trim($value);
  185. // Sobiraetsia ip-clienta
  186. if (preg_match('#^\d{1,3}.\d{1,3}.\d{1,3}.\d{1,3}$#', $value)) {
  187. $addrs[] = $value;
  188. }
  189. }
  190. }
  191. // Sobiraetsia ip-clienta
  192. if (isset($_SERVER['HTTP_CLIENT_IP'])) {
  193. $addrs[] = $_SERVER['HTTP_CLIENT_IP'];
  194. }
  195. // Sobiraetsia ip-clienta
  196. if (isset($_SERVER['HTTP_X_CLUSTER_CLIENT_IP'])) {
  197. $addrs[] = $_SERVER['HTTP_X_CLUSTER_CLIENT_IP'];
  198. }
  199. // Sobiraetsia ip-clienta
  200. if (isset($_SERVER['HTTP_PROXY_USER'])) {
  201. $addrs[] = $_SERVER['HTTP_PROXY_USER'];
  202. }
  203. // Sobiraetsia ip-clienta
  204. if (isset($_SERVER['REMOTE_ADDR'])) {
  205. $addrs[] = $_SERVER['REMOTE_ADDR'];
  206. }
  207.  
  208. // Fil`tratciia vozmozhny`kh ip-adresov, dlia vy`iavlenie nuzhnogo
  209. foreach ($addrs as $value) {
  210. // Vy`biraetsia ip-clienta
  211. if (preg_match('#^(\d{1,3}).(\d{1,3}).(\d{1,3}).(\d{1,3})$#', $value, $matches)) {
  212. $value = $matches[1] . '.' . $matches[2] . '.' . $matches[3] . '.' . $matches[4];
  213. if ('...' != $value) {
  214. $ip_address = $value;
  215. break;
  216. }
  217. }
  218. }
  219.  
  220. // Vozvrat poluchennogo ip-adresa
  221. return $ip_address;
  222. }
  223.  
  224. }
  225.  
  226. // Proverka tekushchego ip-adresa
  227. TBlockIp::checkIp();

Report this snippet  

Comments

RSS Icon Subscribe to comments
Posted By: Helga on November 13, 2018

Sometimes it is very hard to put forward fresh ideas about the analyzed matter while writing an essay. Students often lack time to do all their projects within the specified time frames. Here is the solution - order essays from this website!

You need to login to post a comment.