0x1 前言

最近一段时间typecho出了不少漏洞xss等这里加个简单的Waf来防御,用的是360Webscan-0.1.3.4的规则,只针对未登入的用户进行拦截,因为我的博客实际情况就只有我一个用户

0x02 添加Waf

首先在/var/Widget/Login.php 加上下列代码

    /** 登入设置Session **/
    session_start();
    $_SESSION['WAF'] = 1;

52265-6i6pau77o3e.png

然后在/config.inc.php加上包含waf文件的代码

/** 包含Waf文件 **/
session_start();
if(!$_SESSION['WAF']){
  include_once '文件名.php';  
}

46311-rqnixr86r5q.png

然后就WAF文件本体,保存到网站根目录然后修改包含的文件名即可

<?php
//禁止直接访问
if (strtolower(basename(__FILE__)) == strtolower(basename($_SERVER['PHP_SELF']))) {
    header('HTTP/1.0 403 Forbidden');
    exit;
}

webscan_error();

//拦截开关(1为开启,0关闭)
$webscan_switch=1;

//提交方式拦截(1开启拦截,0关闭拦截,post,get,cookie,referre选择需要拦截的方式)
$webscan_post=1;
$webscan_get=1;
$webscan_cookie=1;
$webscan_referre=1;

//后台白名单,后台操作将不会拦截,添加"|"隔开
$adminurl=__TYPECHO_ADMIN_DIR__;
$webscan_white_directory=str_replace('/','\/',$adminurl);

//url白名单,可以自定义添加url白名单
$webscan_white_url = array();

//防护脚本版本号
define("WEBSCAN_VERSION", '0.1.3.4');

$getfilter = "\\<.+javascript:window\\[.{1}\\\\x|<.*=(&#\\d+?;?)+?>|<.*(data|src)=data:text\\/html.*>|\\b(alert\\(|confirm\\(|expression\\(|prompt\\(|benchmark\s*?\(.*\)|sleep\s*?\(.*\)|\\b(group_)?concat[\\s\\/\\*]*?\\([^\\)]+?\\)|\bcase[\s\/\*]*?when[\s\/\*]*?\([^\)]+?\)|load_file\s*?\\()|<[a-z]+?\\b[^>]*?\\bon([a-z]{4,})\s*?=|^\\+\\/v(8|9)|\\b(and|or)\\b\\s*?([\\(\\)'\"\\d]+?=[\\(\\)'\"\\d]+?|[\\(\\)'\"a-zA-Z]+?=[\\(\\)'\"a-zA-Z]+?|>|<|\s+?[\\w]+?\\s+?\\bin\\b\\s*?\(|\\blike\\b\\s+?[\"'])|\\/\\*.*\\*\\/|<\\s*script\\b|\\bEXEC\\b|UNION.+?SELECT\s*(\(.+\)\s*|@{1,2}.+?\s*|\s+?.+?|(`|'|\").*?(`|'|\")\s*)|UPDATE\s*(\(.+\)\s*|@{1,2}.+?\s*|\s+?.+?|(`|'|\").*?(`|'|\")\s*)SET|INSERT\\s+INTO.+?VALUES|(SELECT|DELETE)@{0,2}(\\(.+\\)|\\s+?.+?\\s+?|(`|'|\").*?(`|'|\"))FROM(\\(.+\\)|\\s+?.+?|(`|'|\").*?(`|'|\"))|(CREATE|ALTER|DROP|TRUNCATE)\\s+(TABLE|DATABASE)";
//post拦截规则
$postfilter = "<.*=(&#\\d+?;?)+?>|<.*data=data:text\\/html.*>|\\b(alert\\(|confirm\\(|expression\\(|prompt\\(|benchmark\s*?\(.*\)|sleep\s*?\(.*\)|\\b(group_)?concat[\\s\\/\\*]*?\\([^\\)]+?\\)|\bcase[\s\/\*]*?when[\s\/\*]*?\([^\)]+?\)|load_file\s*?\\()|<[^>]*?\\b(onerror|onmousemove|onload|onclick|onmouseover)\\b|\\b(and|or)\\b\\s*?([\\(\\)'\"\\d]+?=[\\(\\)'\"\\d]+?|[\\(\\)'\"a-zA-Z]+?=[\\(\\)'\"a-zA-Z]+?|>|<|\s+?[\\w]+?\\s+?\\bin\\b\\s*?\(|\\blike\\b\\s+?[\"'])|\\/\\*.*\\*\\/|<\\s*script\\b|\\bEXEC\\b|UNION.+?SELECT\s*(\(.+\)\s*|@{1,2}.+?\s*|\s+?.+?|(`|'|\").*?(`|'|\")\s*)|UPDATE\s*(\(.+\)\s*|@{1,2}.+?\s*|\s+?.+?|(`|'|\").*?(`|'|\")\s*)SET|INSERT\\s+INTO.+?VALUES|(SELECT|DELETE)(\\(.+\\)|\\s+?.+?\\s+?|(`|'|\").*?(`|'|\"))FROM(\\(.+\\)|\\s+?.+?|(`|'|\").*?(`|'|\"))|(CREATE|ALTER|DROP|TRUNCATE)\\s+(TABLE|DATABASE)";
//cookie拦截规则
$cookiefilter = "benchmark\s*?\(.*\)|sleep\s*?\(.*\)|load_file\s*?\\(|\\b(and|or)\\b\\s*?([\\(\\)'\"\\d]+?=[\\(\\)'\"\\d]+?|[\\(\\)'\"a-zA-Z]+?=[\\(\\)'\"a-zA-Z]+?|>|<|\s+?[\\w]+?\\s+?\\bin\\b\\s*?\(|\\blike\\b\\s+?[\"'])|\\/\\*.*\\*\\/|<\\s*script\\b|\\bEXEC\\b|UNION.+?SELECT\s*(\(.+\)\s*|@{1,2}.+?\s*|\s+?.+?|(`|'|\").*?(`|'|\")\s*)|UPDATE\s*(\(.+\)\s*|@{1,2}.+?\s*|\s+?.+?|(`|'|\").*?(`|'|\")\s*)SET|INSERT\\s+INTO.+?VALUES|(SELECT|DELETE)@{0,2}(\\(.+\\)|\\s+?.+?\\s+?|(`|'|\").*?(`|'|\"))FROM(\\(.+\\)|\\s+?.+?|(`|'|\").*?(`|'|\"))|(CREATE|ALTER|DROP|TRUNCATE)\\s+(TABLE|DATABASE)";

//referer获取
$webscan_referer = empty($_SERVER['HTTP_REFERER']) ? array() : array('HTTP_REFERER'=>$_SERVER['HTTP_REFERER']);

/**
 *   关闭用户错误提示
 */
function webscan_error() {
  if (ini_get('display_errors')) {
    ini_set('display_errors', '0');
  }
}

/**
 *  参数拆分
 */
function webscan_arr_foreach($arr) {
  static $str;
  static $keystr;
  if (!is_array($arr)) {
    return $arr;
  }
  foreach ($arr as $key => $val ) {
    $keystr=$keystr.$key;
    if (is_array($val)) {

      webscan_arr_foreach($val);
    } else {

      $str[] = $val.$keystr;
    }
  }
  return implode($str);
}


/**
 *  防护提示页
 */
function webscan_pape(){
$pape1=<<<HTML
<!DOCTYPE html>
<html lang="zh-cn">
<script src="https://cdn.bootcss.com/jquery/2.0.2/jquery.min.js" type="text/javascript"></script>
<script src="https://static.runoob.com/assets/jquery/jquery.growl/javascripts/jquery.growl.js" type="text/javascript"></script>
<link href="https://static.runoob.com/assets/jquery/jquery.growl/stylesheets/jquery.growl.css" rel="stylesheet" type="text/css"/>
<head>
  <meta charset="utf-8">
    <meta name="viewport" content="width=device-width,initial-scale=1.0,maximum-scale=1.0,minimum-scale=1.0,user-scalable=no">
  <meta name="data-spm" content="a3c0e" />
  <title>405</title>
<!-- aHR0cHM6Ly9ibG9nLm1vNjAuY24vaW5kZXgucGhwL2FyY2hpdmVzL1R5cGVjaG8tYWRkLXdhZi5odG1s -->
  <style>
    html, body, div, a, h2, p { margin: 0; padding: 0;  }
    a { text-decoration: none; color: #3b6ea3;  }
    .container { width: 1000px; margin: auto; color: #696969; }
    .header { padding: 50px 0; }
    .header .message { height: 36px; padding-left: 120px; background: url(https://errors.aliyun.com/images/TB1TpamHpXXXXaJXXXXeB7nYVXX-104-162.png) no-repeat 0 -128px; line-height: 36px; }
    .main { padding: 50px 0; background: #f4f5f7; }
    .main img { position: relative; left: 120px; }
    .footer { margin-top: 30px; text-align: right; }
    .footer a { padding: 8px 30px; border-radius: 10px; border: 1px solid #4babec; }
    .footer a:hover { opacity: .8; }
    .alert-shadow { display: none; position: absolute; top: 0; left: 0; width: 100%; height: 100%; background: #999; opacity: .5; }
    .alert { display: none; position: absolute; top: 200px; left: 50%; width: 600px; margin-left: -300px; padding-bottom: 25px; border: 1px solid #ddd; box-shadow: 0 2px 2px 1px rgba(0, 0, 0, .1); background: #fff; font-size: 14px; color: #696969; }
    .alert h2 {  margin: 0 2px; padding: 10px 15px 5px 15px; font-size: 14px; font-weight: normal; border-bottom: 1px solid #ddd; }
    .alert a { display: block; position: absolute; right: 10px; top: 8px; width: 30px; height: 20px; text-align: center; }
    .alert p {  padding: 20px 15px; }
  </style>
</head>

<body data-spm="7663354">
  <div data-spm="1998410538">
    <div class="header">
      <div class="container">
        <div class="message">
          很抱歉,由于您访问的URL有可能对网站造成安全威胁,您的访问被阻断。
          <div>您的请求ID是: <strong id="reqid">
</strong></div>
        </div>
      </div>
    </div>
    <div class="main">
      <div class="container">
        <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAApQAAAB1CAMAAADHloEAAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAwBQTFRF4u32aX2EVZvJ6fPt5ObooqiqkZiZzfPR19rcjpaXnqWm6Orsq7GygcXy7O7wmaChfcHv0vTVqK6wr9S5yc3P0+7YTKnoneOl5Ojtq9bzrbO09f325efqZoGO3uHjlZ2eYIuktNS+sba4gYqLipKT7O7y3N/hVdVhtNnzhI2OjuKXTajlvezCWdZly87QtOi70tXXuNvzg4uM4uTmUtVf1Ov72t3gcHp7fIWG2tzeUa7t6u3xpauswcXHvsPE4eTnvMHDc3x9z9LUV7DtxcnLWZW75+ruW5O2ms7xpqytdH1+tbq8uL2/xPHIub7A8/n+gd6LxsrM3uDistv3X4yorrO1zNDSU67tcr7wnKKkwcbHnrTBY7bvcXt85fLpgMPvn6anu8DCs7i60tbab3h5tLm7dn+Aho+Qt7y94+Xn0NTZaWlpTNNZ4+fss7S1////vL2+4eLkz9DRfHx8eoOEjo6PoaGieYKD8vT2hYWF2Nnbbnd4cnJy6+zu7vDy1dja3eDipKqrxsbIl5iYqqqrb3l6eIGC+/3/8/T2zOf66PD2d4CBn9L18vT37vDzbXh5a3p/8fP19PX3Tafk1tnb8vP20ub1T63sk8rxe8Hx7/Dy6ezw8vX1foeI8vP1e4SF6vH27/Hzj5eY6OvvZYOTl8zx8PL0sLW35unub7zw1NfZf4iJuem/6+3v8fL0v8TFsLa3t9331fXYztHTjJSVz+n6lcvx8PTz09bY6uzulJucl+KgkeSZ7/H0hMbyqrCxUNRdhIyN5OfsVa/tsre5p62vYoif6+7xf92J8PL18fL1yMvN2NvdiJCRc6rOiMjycYuZsNfz3vHjb4qYnqqv7PPww+P57vf9stjz8PH0a7rvleKe8PHzsOe34ePlk830udTC6uzvl56fkuGbq7GzluWdZ7jvveD4w8jJedyEk5qb5+/21NjdqOaw8/X35/T87fDz7e/y7O3v4vHm5entddt/5+nr7O3wv+/D7e/x2Nvg3+Lk4OPlS6vsbXd49PX3fsTrRwAAAQB0Uk5T////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////AFP3ByUAABLnSURBVHja7J0NfBTlnccjL5EklLQ2INIonMQgtVCkNKTylgBKTTTotUiDUKBggEycnRd2yA67KLubdM8oEgQpIFKwBQVfi20V9agWaltKr3ft9a7XXu9quTtOvRfuvJzIZeeeZ95n9pmdmd2dTZh5/p+PYXf2mXXnt9/5P////3nZEsHS9h4/VV5aWn7f/F4BG7YiWonVC8Ou2pSWrX5cBRYqu6VSvz/f8LVVZe/Obm6YuvfJQGpwpKlnU+7W03TKFsrmmWmdNTVg7rJYb98LpW2aWhMrXwniXXxVOj87aQflO+YzyjF6lva5021mudZV/Q5D6dJG2kD5cuYpJzB80DqfH/XcwU79kYvnD6AkfvcLGMqCQlmJOmcrJlKoOLqwpbL0yMKpG7aobrLcQuOm5ucwlIWDciH6pPlBR/Li8UNdStg4sk869spka5VbN2AoCwVlqhF90saAMznsdJdOjZppMMeuqs8mc2l18KBsa5291Z3Nbm2zh3KulcZnAs3kpRqjGm0NgnCmJ/vNX1kROCjfvLR3izvbe+lNeyjftJK4LMhMVh/KCBrnjphu0yOtvf3JwEHpPmbZYA9ltaXEmy8Gl8m9qzL16J64wi5O6lkYNCin17o+sXa6LZRV1hIfDS6Uy1bkFr3XXBc0KB9EvJR6Xr25Ea8+aA9li7XCywLL5LyaHFPKzVtTgYfyTHnpofI5h0En/OL4svEn63KA8nprhVuC6yjX5lro2HhPwKFMnROzwaYTG+pehmPXXfXr3UPZbC1wYEfAK8bnXn5rfS7YUC6RA5/N+5XyWdN611DOsdZ36gBc6ujRowde7531uUMZGFeJhnIaQrqJO91CudNa388V9yqHfuauSR3QJt317NCBlLtz7oo8Riq2bgkylFsRgc/MkW6h7G20UvdAcZG8ekaHZj94bQCxfLJlZh5QTv5ZgKEcVboZkf2NH+USSmGV/YS3ItizUzqMNunvB85TNuTjKRvnBhbKJ7f0HUJCWdHrEspLVur2Fe8Cn3itI9P++P0BS77zgTK9alQwoUzRDafLN6LqZPWrWuoOu4ISPXMtnZ5dRCbv6kDZvxafyudeWX3fHfeMywvK0r5AQtl5piZLIW168yhXUF5ERlA9ncW7vtc60Pbpoqr8aktrWc2xppmN9Zs25wOlKdkMCpRTbUoW47a4gVI4inqP2uJd3rMdVlbEuDI1p6YpXRBb8UIQodxgNwjWOMcVlIjx765pxbu6v55iCeWkouXgIyp70gWytatTAYSy2bZ3OVTtCkph535TWaOIflK4usPaflukz/DCsXTBbO2yAHrKindtdWmqcgelcPicru/qPlXUAuUkhcB/ulMqVU6683W1XvnVotSAljSlC2iTW6oDB+WDDqawtLiEEqDeMl7cjuDAOw3FLWl8VmUyFPoEpHLGd0Ihlcp/szn70o4CfIQX16YLak3HZg8LGJS1Z+1laXANJbC9f/rAA9c9X+yL+7HC350hkUrIZOgzysH/sTm7vW5X3p/gnu50oa3r2MJgQTmszFaT+qO5QDkwpqY5Mz4BqZwC/16pDjnOeMIGyvaP8r2N/q8s7YG13ZdXTW1ee9FsXiGg7DxlP3/qonsoq0ccP3N+4Zn5PytuQDRUy2pEKj9lYLKj46/soGx//0JeH+DgVWlvbOvBPD7VmuJBuaYg2betqzxw3F1JqPrukScmqnFV18Tx46oKsC7P2c3+jx0mKo1MdnzSgap/yOdjzl/hEZTpq3qD4ykF4ZU3sxaFZp5KuYCyYvW7iCGdxvFz8813nN3sf6KvAE2BfvJThrrlJ528SR7O/dVWr5hMN1YFqE4pCHUn1zV2WVhT6TJ1GaI9lF8YblkN6Zlde3l4yvY1eYw2z097Z2XzggSl0DnvzJFzSxB27oi+57WDstbGTQz/fVFjyu/kFFO2f5RH8LZ3q4dQpps7gwSlQ8sOZec5+9LG9cXLvidBJq+ccmVIrlc6zL7b5+VTqhy20Uso91/CULqD8oGJTnRdV1fMOiXwkTMglR86rlO+/795/d/vTntqPh4Gl6Cc7H6UYNhkayjvcCqsx5Ne1BGd1+V+G0aWjkd0avPcKOWUt1Cuq/A5lMfu3vmAO9t59zFLKF3EUie9DSrVse/XP5R67Rkfflod+/5vj6Ut9xbKmTt9DmVX94GN7uxAd5cVlJVupB3u6dVlmyX0R6+lne4tlOn1PoeykPtTVrp7A0+pHND5lN0eQzkSQ+kUytNu38HTJHwgZ557DWUZhtIhlMvcv4Wnu2UM4Bodr6Gsx1DaZioilMNymU79qofXN4CrGQ94DOUm30I5PE9lZhuhXGfZ8Nprr7VcOOrlBQ7cuu9SV0Jm0cfCun0L5fEj12eze++9N9vLLx6Zb4ASXS/e/qMhN/VDu2nIj7ajGni7lGygdsgY6ZQuoM+YrPoErfsWOq3svZtXLhWl+uHKm9+zbCUYoEQt29u+SFJcsjGLELLv9/YSh179A/1eQr8t0jrGFodI2uuDtnf8imTf+lXDkb/+8Kuf79ZJtfvnv0K2Gr7qjgodlHMR0k14rN9oj03IbOT1RKyhz8q7rs348We/Wixtd3Y5QevLNznQB2lLfMpk6msrNiMNIRW64YrmlAZl5mLSR2/tz7RbHzU3O1uMix09evQTxRR3lINVeA71QZpfl9tW9eQtlbqTZwliP8pHh/SjbEjGW/lxk/lUgz2TTvVBzUn16TShupoCSFVTq0A5O+M1HdwL9izQAW5ueMSP8l6y3Ybg1n603eoAyvKDvmSyorUgUpVXyFBmDPZOUIl8aXEoFFr80nLlwIQgjE6kmm24mtBvZQ7iSn/+wGXvfTMLItWK9eIcr5K+jLxSyXEWLA5JtvgZJUQ15ZhdOS2F2fXg4FZ43svZ8+7HLJV+zDYHb33Vl1BO7SmQVJvEFY4lU83HFynnvRQKPfxM//KHQ6HvKocWmdrmssf8qPfbB7nE57Puj7Go39oW2e2U4U9HWbuuYFKdhXlKibkut12pvy0ATIoPAJVKBz7GxPdq159/x4b29sEOZW+2UdztY7IoPcbGVY7r9SOTo1oLKFX5KADlSXMFTjlrTygkJTnLQ6E9ysEv51l0O/hR++CHUqg4lKVCiRD4K39noY+5cO7PaefNXQWUauYdAErzTOshOiilB8/ooBxibHy72297zWBfUS8XOCx/yTeNqHF87Otq1D0kG5PTR/iSyWk9BZWq+6hQYv4trTFaNUhG8dehxZrTNflal5+/etDvPSLbdZZ7joxBCB0KfQmtj8GOTfMlk9WTCyzV2b4S0yDjFRlv9A9KbCnaFYbWrn+s8Q9rLgtPCXz6SXSfdAVS6D+7Ba2PYVZVrS+ZtP6Fm5yl2lpimpt5rfmNQJrzku6pYabWKveXcPH9yyCmhHZ4PrIypOrzz19aihC632om28Zmv/5EY5vltL4cpUp3lwjCiNt1e0l/K5PJh/XPv6XN8j1xJpdr+N2IywNKQfivuesyf3xN0Wf534Q+f0um0Dp99BOi207P8+3WGJa7/OQklVg4k5ZD1J1fUlmzv21thqdcbmJSxLux/mzl9VW57iG1q+4ygVJIPV87Z/WLJ+p7ujX7pZJFAoWB1Gah+38pttqkWs/+yubVVX0+3q3l5U0WS2d/YSPVLyzO6y4zb3BVYnaU/2E8UIBNVndcznMSSvTx0ef/wix0f4mALW+pMl5ZamDw16FrDM+XBl7qpXqpQ2ahsT6FkCoDyo8bIPyuqff+eOCV1vT5869nCI31KYhUGVBe05/Nrgm80jp9gNQmobE+BZEqA8qHdmdhcvdDgVf6PZ0+H/uXW7A+HkiVGW1+MUv3/UWstFEfk2F9CiJVJpQPLbCEcgF2BCZ9jIb1KYxUiLz8Rv0Y48N7dM9uxDoD+1tLpbE+hZEKVSz6nsUbfQ+rLNo3sD7eSoWC8pGVyDda+QgWWbTOPVgfT6VCltUfQQH+Daw51qc4UlmM9dxoDlEX4HhJb3/5Q6yPd1JZDUB+89v6utIt3/4mVtekz26sj1dSWY+KP6RslbV05c241IH1KaJUNrNaHn/8cawp1qfIUuGpVtgGnWEosWEosWHDUGLDUGLD5g8o+QhvfM4yyHZUOKZvJQiRKP4KMZSFMiaqx47kjK+SrP5JRHlEs7xAiAZP5qO8EE7irxBDWQhjCc0ogdM9oxnxHy5MooilTf4zzsbCFP4KMZQFsliU1j2jo7pemaAFRgFWxy/0jJRgdIwkH46LdOLvEUOZvyUN/TV0jBFOgzKSAKBFEH07pYs9Sc3B4j4cQ5m/xdm4FhtKQaPaERN0MgLYIxOZUNIsrXAoH4tCSDkSf48YyryzHEIkkAyLfThHkEYogSNNCglwkCIM0SfNsnIOrvX7NK07FRuGMlcjiSilskVHiAgZVoNICUoQZIo+UGB0npKKcmYoSY4E7SIM/h4xlPkZFWXCYcX/kfEwz5k8JU8KHCuFlFxCgjIOUyGGMUEZA+k4E6UNSVOOtmMHZiHgMWWY0rNlgBLkLwlOiBNx9SUIpYSjGcokjDv5GBHL8+P03vDUW289dcNPMQ4YSgSUJMGJLxERlreFkmJFGpm8RnV2/ee+sffLNnbfhV0YCQylSJ5ajZTSaCoCHgA8AXJchOMi4L+EHkpSOpEjeDGsjCRy/RipN2Z9cL/JPpi1LYWxCCKULAniQUKp5HDGOiPDJmjxH0AuKbeJs+pfkmAlpyqnQhyXc+99v4Xh+DKIUA4SG4tmcqyuCc86yKKYrKlWXC4OJHmMWw5QxiKaz4qjv4044aNKtdZ33zZLiywNUAqsLjjgNX1oLqxvZJ5QoleJUZI2lg44bIpmcZsxOAnKcCQmi6nphtaQkVqQvigN3qbEkfDX6XbsU6B82njBmoOj9cX8MBRXnEUCHxi1ovTPZckEA8b+N8PIh3ST8qzEGU1QDqCMReSRZv1UsDArhA0JiKYwTURiPoLyDfHZDuXpbXJ3SxgHlBQxSUJUJyyJkYxqbRhLKNnMNn43Rq+BTCEdTTiHEqQdCc7gBCiCoWPGt2TU1yOEP276p2QK/1162jtLwvIpuQ9mze1RUMJ5oaw+pKHE8VHxDbRvh46S0FMyRHCG6UEXQwmxMAVilyRlpNAhlAIDx6F1X4Mkq5FzVWFzCHW5mthhj511QTuyTQclJaqRFO/3ZMwCSrGRAcpEQlaPEW9dcTITC3oujgtTRIAGRBkiwcIUhKB58IfSpnUxQMcwB0VxlOg4g5L3C5PCLBhP7so4tE8nAS1OqeOlrsEcUwIxxOnIBigjiqdUUiQ54uGhpxSCBCUfpZJhIcwBrFSCeMeeEoaOfCaUkvhRCUrIOcdxCeU7YX0C5TbjoZ+AQ7MUCeCcOgZ6tyRr4Sn5CAyuWYVSkV8e1lBhohhTodTN/SQCFFOSEXCHMgT4I4XksDOGjxx234wUBGmxuAglJYMKHyg3eSLqn9v9BkDgTzKhfFvNVkAkCOmLRSnLmBJ6UtFTJqT+IxkVcyTAIY+K+IPkKWlaLE2EgRKicFAqLiq4hZIVb3UaBaXSwYdj/tHtQqanfBscukHtLOJATxiws9aJTpyICSKzcg0zCR+zBKd11bCVWh+JBAlKIRER9YpJBMn3cNS2yzBCGREfxqyg1EpP/lgVA9OasYaY8jBMdOTEhwI3NVQ1mmQpdJ1SzPoIJib2Lay+bkbpFAKtkgBksa5EhgMFJRsVgxu5+4bhdjQuC0WyDqGEsxflFAcBJRMm5I6I9kkWKebaY7WZQT99WxzW2aalfaJvVBwl0lMCPxAXb2OtO4mBFIfUJIoDgCGUjBAOGJRUFPQhVBRE2JI4SZYHUrmBkialHkhqrSU6MpTJKJTWX1D+Bj32/YZW2xFnhLBq6ij6Pz2UHBxY4GAHE1N9Ix2BKY4y0kiCrhx230GEEpbBAINAGtmtcdDtuYCSZllJV0m3jJIQn+B15XN/QNmJhlL+HeQoaS6UUVKNQgclw/HgFiX1NyoZjdBSY3GZBpmQo6Hgdd8cQceJJOjBEwmlG4nGSdIxlHEiGgZyxpQ+HF2nZHzmKdUhHYMptXMiaR68ldYIGbtvECmxEna07BiVGRx8hFBXBFO6SDQ4UFJCjKKgQxNXCpJiQTHqHMoESBd5qcORFmAHA8pdiMlrYzvlwDCDH1kg6PtIDo7iQj1iESAGDzJKkUU+rN8ViUxqPlY+EpzsWz/+T8M+mCQinFSasCt0yxMyQPzEw7VaYaVr1qCkSVIJlxjfTSvYlgmlkuZEMqY/quVwODke9NtixYgWa0AkafcNBa5Oqc04Y6Rl+spcCtlTRm09pehPwZvwysJ+UlMxQii1ybjqKX2zUcoFM5MXBGzemhSrM0knUAbUjFS+tQ1DM/CGN019QxdXfoBX2WIoB4Wl1Cnn+/A6RgzlYLHfPC2ugjiMlcBQDh7bse3pp7fhhbWDxf5fgAEA+gaSVA6ENCcAAAAASUVORK5CYII=" alt="图片Base64编码" style="max-width:90%; max-height:2000px;"/>
      </div>
    </div>
  </div>
  <div id="alertShadow" class="alert-shadow"></div>
</body>
    <div class="footer">
      <div class="container">
        <a onclick="javascript:history.back(-1);" >返回上一页</a>
      </div>
    </div>
  </div>
 <script>
function randomString() {
    let len = 32;
    let chars ='abcdefg0123456789';
    let maxPos = chars.length;
    let character = '';
    for (let i = 0; i < len; i++) {
        character += chars.charAt(Math.floor(Math.random() * maxPos))
    }
    return character;
}
document.getElementById("reqid").innerHTML=randomString();
</script>
</html>
HTML;

echo $pape1;

}

/**
 *  攻击检查拦截
 */
function webscan_StopAttack($StrFiltKey,$StrFiltValue,$ArrFiltReq,$method) {
  $StrFiltValue=webscan_arr_foreach($StrFiltValue);
  if (preg_match("/".$ArrFiltReq."/is",$StrFiltValue)==1){
    exit(webscan_pape());
  }
  if (preg_match("/".$ArrFiltReq."/is",$StrFiltKey)==1){
    exit(webscan_pape());
  }

}
/**
 *  拦截目录白名单
 */
function webscan_white($webscan_white_name,$webscan_white_url=array()) {
  $url_path=$_SERVER['SCRIPT_NAME'];
  $url_var=$_SERVER['QUERY_STRING'];
  if (@preg_match("/".$webscan_white_name."/is",$url_path)==1&&!empty($webscan_white_name)) {
    return false;
  }
  foreach ($webscan_white_url as $key => $value) {
    if(!empty($url_var)&&!empty($value)){
      if (stristr($url_path,$key)&&stristr($url_var,$value)) {
        return false;
      }
    }
    elseif (empty($url_var)&&empty($value)) {
      if (stristr($url_path,$key)) {
        return false;
      }
    }
  }
  return true;
}


if ($webscan_switch&&webscan_white($webscan_white_directory,$webscan_white_url)) {

  if ($webscan_get) {
    foreach($_GET as $key=>$value) {
      webscan_StopAttack($key,$value,$getfilter,"GET");
    }
  }
  if ($webscan_post) {
    foreach($_POST as $key=>$value) {
      webscan_StopAttack($key,$value,$postfilter,"POST");
    }
  }
  if ($webscan_cookie) {
    foreach($_COOKIE as $key=>$value) {
      webscan_StopAttack($key,$value,$cookiefilter,"COOKIE");
    }
  }
  if ($webscan_referre) {
    foreach($webscan_referer as $key=>$value) {
      webscan_StopAttack($key,$value,$postfilter,"REFERRER");
    }
  }
}

?>
Last modification:April 24, 2023
  • 本文作者:Juneha
  • 本文链接:https://blog.mo60.cn/index.php/archives/Typecho-add-waf.html
  • 版权声明:本博客所有文章除特别声明外,均默认采用 CC BY-NC-SA 4.0 许可协议。
  • 法律说明:
  • 文章声明:文章中涉及的程序(方法)可能带有攻击性,仅供安全研究与教学之用,读者将其信息做其他用途,由用户承担全部法律及连带责任,文章作者不承担任何法律及连带责任,本人坚决反对利用文章内容进行恶意攻击行为,推荐大家在了解技术原理的前提下,更好的维护个人信息安全、企业安全、国家安全,本文内容未隐讳任何个人、群体、公司。非文学作品,请勿过度理解,根据《计算机软件保护条例》第十七条,本站所有软件请仅用于学习研究用途。
如果觉得我的文章对你有用,请随意赞赏,可备注留下ID方便感谢