30.3.增加7Layer防火牆

玄學醬發表於2017-12-18

上面僅僅對於方法控制許可權，接下來我們為程式增加7層防火牆功能

		
<?php
/* 
* =====================================
* Website: http://netkiller.github.com
* Author: neo <netkiller@msn.com>
* Email: netkiller@msn.com
* =====================================
*/
class Firewall{

	protected $status;
	protected $policy;
	protected $chain;
	protected $rule;
	protected $match;
	private $debug;
	//$get,$post,$cookie,$server;

	public function __construct() {
		$this->name 	= "Firewall";
	}

	public function __destruct() {
		//print "Destroying " . $this->name . "
";
	}
	
	public function enable(){
		$this->status = true;
	}
	public function disable(){
		$this->status = false;
	}
	
	public function get(){
		if($this->status){
			$this->chain 	= $_GET;
			return($this);
		}else{
			return($this->status);
		}			
	}
	
	public function post(){
		if($this->status){
			$this->chain 	= $_GET;
			return($this);
		}else{
			return($this->status);
		}
		$this->chain 	= $_POST;
	}
	
	public function cookie() {
		if($this->status){
			$this->chain = $_COOKIE;
			return($this);
		}else{
			return($this->status);
		}
		
	}
	
	public function server(){
		if($this->status){
			$this->chain = $_SERVER;
			return($this);
		}else{
			return($this->status);
		}
	}
	
	public function match($key, $value){
		if($this->debug) print_r($this->chain);
		$this->match = false;
		if(!array_key_exists($this->chain, $key)){
			if($this->chain[$key] == $value){
				$this->match = true;	
			}
		}
		return($this);
	}
	public function policy($p){
		$this->policy = $p;
	}
	public function counter($tm, $cnt){
		return($this);
	}
	public function allow($fun = null){
		if($this->status && $this->match){
			if($fun){
				$fun();
			}
		}
		$this->destroy();
		return($this->status);
	}
	public function deny($fun = null){
		if($this->status && $this->match){
			if($fun){
				$fun();
			}
		}
		$this->destroy();
		return($this->status);
	}
	public function debug($tmp){
		$this->debug = $tmp;
	}
	public function ip($ipaddr){
		return $this->server()->match(`REMOTE_ADDR`, $ipaddr);
	}
	public function destroy(){
		$this->chain = array();
		$this->match = false;
	}
};

#include_once(`firewall.php`)
$fw = new Firewall();

$fw->debug(true);
$fw->debug(false);
$fw->enable();
//$fw->disable();
function test(){
	echo `OK`;
};
function allow(){
	echo `allow`;
};
function deny(){
	echo `deny`;
};
//$fw->policy(`blacklist`);

$fw->ip(`192.168.3.17`)->allow(`allow`);
$fw->ip(`192.168.3.17`)->deny(`deny`);

$fw->counter(`1m`,5)->match(`id`,`1000`)->deny(`test`);

/*
$fw->ip(`172.16.0.0/24`)->allow();
$fw->ip(`172.16.0.0`,`255.255.255.0`)->allow();

$fw->header(array(`User-Agent` => `MSIE5`))->deny()
*/
$fw->get()->match(`id`,`1000`)->deny(`test`);
$fw->get()->match(`name`,`chen`)->allow(`test`);
//$fw->get()->match(array(`id` => `1000`))->deny();
/*
$fw->post()->data(array(`action`=>`/login.php`))->allow()
$fw->cookie()->data(array(`userid`=>`test`))->deny()
*/
$fw->server()->match(`HTTP_REFERER`, `http://www.mydomain.com/index.html`)->allow(`test`);
$fw->server()->match(`REQUEST_METHOD`, `GET`)->deny(`test`);

$fw->disable();
//$fw->destroy();

這裡僅僅給你一個思路，我並沒有寫完程式。例如控制IP請求次數可以如下實現，請自行改善程式

		
<?php
/* 
* =====================================
* Website: http://netkiller.github.com
* Author: neo <netkiller@msn.com>
* Email: netkiller@msn.com
* =====================================
*/
require `SharedConfigurations.php`;

$single_server = array(
    `host`     => `127.0.0.1`,
    `port`     => 6379,
    `database` => 0
);

$multiple_servers = array(
    array(
       `host`     => `127.0.0.1`,
       `port`     => 6379,
       `database` => 15,
       `alias`    => `first`,
    ),
    array(
       `host`     => `127.0.0.1`,
       `port`     => 6380,
       `database` => 15,
       `alias`    => `second`,
    ),
);


$client = new PredisClient($single_server, array(`prefix` => `fw:`));

$key=$_SERVER[`REMOTE_ADDR`];

if(!$client->exists($key)){
	$client->setex($key, 20, 1);
}else{
	$client->incrby($key,1);
}

$counter = $client->get($key);

if($counter > 10){
	echo `Deny`;
}

print_r($client->get($key));

//var_dump($client->keys(`*`));

原文出處：Netkiller 系列手札
本文作者：陳景峰
轉載請與作者聯絡，同時請務必標明文章原始出處和作者資訊及本宣告。

Quidway Eudemon 系列防火牆增加IP訪問
2010-08-26
UI防火牆
WAb防火牆與傳統防火牆
2022-12-30
防火牆
防火牆
2024-11-01
防火牆
防火牆（firewall）
2023-03-07
防火牆
SQL防火牆
2017-08-10
SQL防火牆
防火牆IPTABLES
2015-01-24
防火牆
RouterOS防火牆
2011-03-10
ROS防火牆
iptables防火牆
2024-05-22
防火牆
防火牆配置
2024-07-19
防火牆
防火牆入侵於檢測——————3、思科 PIX 防火牆和 ASA 防火牆產品線
2018-06-20
防火牆
AutoRun病毒防火牆如何使用 AutoRun病毒防火牆教程
2016-08-05
防火牆
軟體防火牆與硬體防火牆詳解
2013-02-05
防火牆
全面分析防火牆及防火牆的滲透(轉)
2007-08-13
防火牆
CentOS 防火牆操作
2019-12-26
CentOS防火牆
防火牆介紹
2023-03-07
防火牆
CentOS 7.0防火牆
2018-03-20
CentOS防火牆
linux 防火牆
2013-12-18
Linux防火牆
防火牆透明模式
2017-12-14
防火牆模式
配置防火牆示例
2014-05-06
防火牆
電影：防火牆
2006-04-19
防火牆
防火牆部署案例
2024-06-29
防火牆
ubuntu 關閉防火牆命令 ubuntu怎樣關閉防火牆
2022-02-16
Ubuntu防火牆
選用單防火牆DMZ還是雙防火牆DMZ(轉)
2007-08-13
防火牆
防火牆搜尋釋出防火牆是什麼？怎麼理解？
2023-03-07
防火牆
八種防火牆產品評測(企業級防火牆)(轉)
2007-08-11
防火牆
資料庫防火牆
2020-01-10
資料庫防火牆
Iptables防火牆應用
2020-11-06
防火牆
iptables防火牆規則
2020-12-02
防火牆
LINUX 防火牆 firewalld
2022-12-28
Linux防火牆
CentOS 7 防火牆操作
2022-02-28
CentOS防火牆
防火牆的分類
2023-03-07
防火牆
CentOS關閉防火牆
2016-12-28
CentOS防火牆
entos 7中防火牆
2017-09-02
防火牆
ADDS與防火牆
2017-11-08
防火牆
CiscoPIX防火牆配置指南
2017-11-16
防火牆
linux防火牆iptables
2015-01-11
Linux防火牆
OpenSUSE關閉防火牆
2015-04-07
防火牆
linux 防火牆配置
2015-03-27
Linux防火牆

30.3.增加7Layer防火牆

相關文章