蘑菇博客

网站安全防护脚本

网站安全防护脚本



<?php

// get拦截规则
$getfilter = "<[^>]*?=[^>]*?&#[^>]*?>|\b(alert\(|confirm\(|expression\(|prompt\()|<[^>]*?\b(onerror|onmousemove|onload|onclick|onmouseover)\b[^>]*?>|^\+\/v(8|9)|\b(and|or)\b\s*?([\(\)'"\d]+?=[\(\)'"\d]+?|[\(\)'"a-zA-Z]+?=[\(\)'"a-zA-Z]+?|>|<|s+?[\w]+?\s+?\bin\b\s*?(|\blike\b\s+?["'])|\/\*.+?\*\/|<\s*script\b|\bEXEC\b|UNION.+?SELECT|UPDATE.+?SET|INSERT\s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)\s+(TABLE|DATABASE)";

// post拦截规则
$postfilter = "<[^>]*?=[^>]*?&#[^>]*?>|\b(alert\(|confirm\(|expression\(|prompt\()|<[^>]*?\b(onerror|onmousemove|onload|onclick|onmouseover)\b[^>]*?>|\b(and|or)\b\s*?([\(\)'"\d]+?=[\(\)'"\d]+?|[\(\)'"a-zA-Z]+?=[\(\)'"a-zA-Z]+?|>|<|s+?[\w]+?\s+?\bin\b\s*?(|\blike\b\s+?["'])|\/\*.+?\*\/|<\s*script\b|\bEXEC\b|UNION.+?SELECT|UPDATE.+?SET|INSERT\s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)\s+(TABLE|DATABASE)";

// cookie拦截规则
$cookiefilter = "\b(and|or)\b\s*?([\(\)'"\d]+?=[\(\)'"\d]+?|[\(\)'"a-zA-Z]+?=[\(\)'"a-zA-Z]+?|>|<|s+?[\w]+?\s+?\bin\b\s*?(|\blike\b\s+?["'])|\/\*.+?\*\/|<\s*script\b|\bEXEC\b|UNION.+?SELECT|UPDATE.+?SET|INSERT\s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)\s+(TABLE|DATABASE)";

// GET攻击过滤
foreach($_GET as $key=>$value){
	StopAttack($key, $value, $getfilter);
}

// POST攻击过滤
foreach($_POST as $key=>$value){
	StopAttack($key, $value, $postfilter);
}

// COOKIE攻击过滤
foreach($_COOKIE as $key=>$value){
	StopAttack($key, $value, $cookiefilter);
}

// 记录日志
function StopAttack($StrFiltKey, $StrFiltValue, $ArrFiltReq){
	if(is_array($StrFiltValue)){
		$StrFiltValue = implode($StrFiltValue);
	}
	if (preg_match("/".$ArrFiltReq."/is", $StrFiltValue) == 1){
		exit('错误信息');
	}
}

代码修改自360网站安全监测平台

mogu

发表回复