Version Notes
First release
Download this release
Release Info
Developer | paimpozhil |
Extension | MageFirewall_Firewall |
Version | 0.1.0 |
Comparing to | |
See all releases |
Version 0.1.0
- app/code/community/MageFirewall/Firewall/Block/Adminhtml/Blacklist.php +11 -0
- app/code/community/MageFirewall/Firewall/Block/Adminhtml/Blacklist/Edit.php +45 -0
- app/code/community/MageFirewall/Firewall/Block/Adminhtml/Blacklist/Edit/Form.php +19 -0
- app/code/community/MageFirewall/Firewall/Block/Adminhtml/Blacklist/Edit/Tab/Form.php +60 -0
- app/code/community/MageFirewall/Firewall/Block/Adminhtml/Blacklist/Edit/Tabs.php +24 -0
- app/code/community/MageFirewall/Firewall/Block/Adminhtml/Blacklist/Grid.php +68 -0
- app/code/community/MageFirewall/Firewall/Block/Adminhtml/Logs.php +12 -0
- app/code/community/MageFirewall/Firewall/Block/Adminhtml/Logs/Grid.php +66 -0
- app/code/community/MageFirewall/Firewall/Block/Adminhtml/Rules.php +12 -0
- app/code/community/MageFirewall/Firewall/Block/Adminhtml/Rules/Edit.php +45 -0
- app/code/community/MageFirewall/Firewall/Block/Adminhtml/Rules/Edit/Form.php +19 -0
- app/code/community/MageFirewall/Firewall/Block/Adminhtml/Rules/Edit/Tab/Form.php +58 -0
- app/code/community/MageFirewall/Firewall/Block/Adminhtml/Rules/Edit/Tabs.php +24 -0
- app/code/community/MageFirewall/Firewall/Block/Adminhtml/Rules/Grid.php +96 -0
- app/code/community/MageFirewall/Firewall/Block/Adminhtml/Whitelist.php +11 -0
- app/code/community/MageFirewall/Firewall/Block/Adminhtml/Whitelist/Edit.php +45 -0
- app/code/community/MageFirewall/Firewall/Block/Adminhtml/Whitelist/Edit/Form.php +19 -0
- app/code/community/MageFirewall/Firewall/Block/Adminhtml/Whitelist/Edit/Tab/Form.php +51 -0
- app/code/community/MageFirewall/Firewall/Block/Adminhtml/Whitelist/Edit/Tabs.php +24 -0
- app/code/community/MageFirewall/Firewall/Block/Adminhtml/Whitelist/Grid.php +68 -0
- app/code/community/MageFirewall/Firewall/Helper/Data.php +86 -0
- app/code/community/MageFirewall/Firewall/Model/Blacklist.php +10 -0
- app/code/community/MageFirewall/Firewall/Model/Cron.php +67 -0
- app/code/community/MageFirewall/Firewall/Model/Logs.php +10 -0
- app/code/community/MageFirewall/Firewall/Model/Mysql4/Blacklist.php +8 -0
- app/code/community/MageFirewall/Firewall/Model/Mysql4/Blacklist/Collection.php +8 -0
- app/code/community/MageFirewall/Firewall/Model/Mysql4/Logs.php +8 -0
- app/code/community/MageFirewall/Firewall/Model/Mysql4/Logs/Collection.php +8 -0
- app/code/community/MageFirewall/Firewall/Model/Mysql4/Options.php +8 -0
- app/code/community/MageFirewall/Firewall/Model/Mysql4/Options/Collection.php +8 -0
- app/code/community/MageFirewall/Firewall/Model/Mysql4/Rules.php +8 -0
- app/code/community/MageFirewall/Firewall/Model/Mysql4/Rules/Collection.php +8 -0
- app/code/community/MageFirewall/Firewall/Model/Mysql4/Version.php +8 -0
- app/code/community/MageFirewall/Firewall/Model/Mysql4/Version/Collection.php +8 -0
- app/code/community/MageFirewall/Firewall/Model/Mysql4/Whitelist.php +8 -0
- app/code/community/MageFirewall/Firewall/Model/Mysql4/Whitelist/Collection.php +8 -0
- app/code/community/MageFirewall/Firewall/Model/Observer.php +59 -0
- app/code/community/MageFirewall/Firewall/Model/Options.php +10 -0
- app/code/community/MageFirewall/Firewall/Model/Rules.php +10 -0
- app/code/community/MageFirewall/Firewall/Model/Version.php +10 -0
- app/code/community/MageFirewall/Firewall/Model/Whitelist.php +10 -0
- app/code/community/MageFirewall/Firewall/controllers/Adminhtml/BlacklistController.php +111 -0
- app/code/community/MageFirewall/Firewall/controllers/Adminhtml/Dashboard/DiagnosticController.php +27 -0
- app/code/community/MageFirewall/Firewall/controllers/Adminhtml/Dashboard/FilecheckerController.php +27 -0
- app/code/community/MageFirewall/Firewall/controllers/Adminhtml/Dashboard/RecentController.php +27 -0
- app/code/community/MageFirewall/Firewall/controllers/Adminhtml/Dashboard/ViewController.php +53 -0
- app/code/community/MageFirewall/Firewall/controllers/Adminhtml/LogsController.php +23 -0
- app/code/community/MageFirewall/Firewall/controllers/Adminhtml/RulesController.php +23 -0
- app/code/community/MageFirewall/Firewall/controllers/Adminhtml/WhitelistController.php +111 -0
- app/code/community/MageFirewall/Firewall/data/firewall_setup/data-install-0.1.0.php +964 -0
- app/code/community/MageFirewall/Firewall/etc/config.xml +182 -0
- app/code/community/MageFirewall/Firewall/sql/firewall_setup/mysql4-install-0.1.0.php +83 -0
- app/design/adminhtml/default/default/template/firewall/dashboard.phtml +152 -0
- app/design/adminhtml/default/default/template/firewall/diagnostic.phtml +13 -0
- app/design/adminhtml/default/default/template/firewall/filechecker.phtml +22 -0
- app/design/adminhtml/default/default/template/firewall/recentfile.phtml +6 -0
- app/etc/modules/MageFirewall_Firewall.xml +9 -0
- lib/firewall/firewall.php +383 -0
- package.xml +18 -0
app/code/community/MageFirewall/Firewall/Block/Adminhtml/Blacklist.php
ADDED
@@ -0,0 +1,11 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?php
|
2 |
+
class MageFirewall_Firewall_Block_Adminhtml_Blacklist extends Mage_Adminhtml_Block_Widget_Grid_Container
|
3 |
+
{
|
4 |
+
public function __construct()
|
5 |
+
{
|
6 |
+
$this->_controller = 'adminhtml_blacklist';
|
7 |
+
$this->_blockGroup = 'firewall';
|
8 |
+
$this->_headerText = Mage::helper('firewall')->__('Black List');
|
9 |
+
parent::__construct();
|
10 |
+
}
|
11 |
+
}
|
app/code/community/MageFirewall/Firewall/Block/Adminhtml/Blacklist/Edit.php
ADDED
@@ -0,0 +1,45 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?php
|
2 |
+
|
3 |
+
class MageFirewall_Firewall_Block_Adminhtml_Blacklist_Edit extends Mage_Adminhtml_Block_Widget_Form_Container
|
4 |
+
{
|
5 |
+
public function __construct()
|
6 |
+
{
|
7 |
+
parent::__construct();
|
8 |
+
|
9 |
+
$this->_objectId = 'id';
|
10 |
+
$this->_blockGroup = 'firewall';
|
11 |
+
$this->_controller = 'adminhtml_blacklist';
|
12 |
+
|
13 |
+
$this->_updateButton('save', 'label', Mage::helper('firewall')->__('Save blacklist'));
|
14 |
+
$this->_updateButton('delete', 'label', Mage::helper('firewall')->__('Delete blacklist'));
|
15 |
+
|
16 |
+
$this->_addButton('saveandcontinue', array(
|
17 |
+
'label' => Mage::helper('adminhtml')->__('Save And Continue Edit'),
|
18 |
+
'onclick' => 'saveAndContinueEdit()',
|
19 |
+
'class' => 'save',
|
20 |
+
), -100);
|
21 |
+
|
22 |
+
$this->_formScripts[] = "
|
23 |
+
function toggleEditor() {
|
24 |
+
if (tinyMCE.getInstanceById('firewall_content') == null) {
|
25 |
+
tinyMCE.execCommand('mceAddControl', false, 'firewall_content');
|
26 |
+
} else {
|
27 |
+
tinyMCE.execCommand('mceRemoveControl', false, 'firewall_content');
|
28 |
+
}
|
29 |
+
}
|
30 |
+
|
31 |
+
function saveAndContinueEdit(){
|
32 |
+
editForm.submit($('edit_form').action+'back/edit/');
|
33 |
+
}
|
34 |
+
";
|
35 |
+
}
|
36 |
+
|
37 |
+
public function getHeaderText()
|
38 |
+
{
|
39 |
+
if( Mage::registry('rules_data') && Mage::registry('blacklist_data')->getId() ) {
|
40 |
+
return Mage::helper('firewall')->__("Edit blacklist '%s'", $this->htmlEscape(Mage::registry('blacklist_data')->getTitle()));
|
41 |
+
} else {
|
42 |
+
return Mage::helper('firewall')->__('Add blacklist');
|
43 |
+
}
|
44 |
+
}
|
45 |
+
}
|
app/code/community/MageFirewall/Firewall/Block/Adminhtml/Blacklist/Edit/Form.php
ADDED
@@ -0,0 +1,19 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?php
|
2 |
+
|
3 |
+
class MageFirewall_Firewall_Block_Adminhtml_Blacklist_Edit_Form extends Mage_Adminhtml_Block_Widget_Form
|
4 |
+
{
|
5 |
+
protected function _prepareForm()
|
6 |
+
{
|
7 |
+
$form = new Varien_Data_Form(array(
|
8 |
+
'id' => 'edit_form',
|
9 |
+
'action' => $this->getUrl('*/*/save', array('id' => $this->getRequest()->getParam('id'))),
|
10 |
+
'method' => 'post',
|
11 |
+
'enctype' => 'multipart/form-data'
|
12 |
+
)
|
13 |
+
);
|
14 |
+
|
15 |
+
$form->setUseContainer(true);
|
16 |
+
$this->setForm($form);
|
17 |
+
return parent::_prepareForm();
|
18 |
+
}
|
19 |
+
}
|
app/code/community/MageFirewall/Firewall/Block/Adminhtml/Blacklist/Edit/Tab/Form.php
ADDED
@@ -0,0 +1,60 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?php
|
2 |
+
|
3 |
+
class MageFirewall_Firewall_Block_Adminhtml_Blacklist_Edit_Tab_Form extends Mage_Adminhtml_Block_Widget_Form
|
4 |
+
{
|
5 |
+
protected function _prepareForm()
|
6 |
+
{
|
7 |
+
$form = new Varien_Data_Form();
|
8 |
+
$this->setForm($form);
|
9 |
+
$fieldset = $form->addFieldset('blacklist_form', array('legend'=>Mage::helper('firewall')->__('Blacklist information')));
|
10 |
+
|
11 |
+
$fieldset->addField('ip', 'text', array(
|
12 |
+
'label' => Mage::helper('firewall')->__('IP Address'),
|
13 |
+
'class' => 'required-entry',
|
14 |
+
'required' => true,
|
15 |
+
'name' => 'ip',
|
16 |
+
));
|
17 |
+
|
18 |
+
$fieldset->addField('text', 'editor', array(
|
19 |
+
'label' => Mage::helper('firewall')->__('Text'),
|
20 |
+
'required' => false,
|
21 |
+
'name' => 'text',
|
22 |
+
'style' => 'width:274px; height:200px;',
|
23 |
+
'wysiwyg' => false,
|
24 |
+
));
|
25 |
+
|
26 |
+
$fieldset->addField('status', 'select', array(
|
27 |
+
'label' => Mage::helper('firewall')->__('Status'),
|
28 |
+
'name' => 'status',
|
29 |
+
'values' => array(
|
30 |
+
array(
|
31 |
+
'value' => 1,
|
32 |
+
'label' => Mage::helper('firewall')->__('Enabled'),
|
33 |
+
),
|
34 |
+
|
35 |
+
array(
|
36 |
+
'value' => 2,
|
37 |
+
'label' => Mage::helper('firewall')->__('Disabled'),
|
38 |
+
),
|
39 |
+
),
|
40 |
+
));
|
41 |
+
|
42 |
+
/*$fieldset->addField('content', 'editor', array(
|
43 |
+
'name' => 'content',
|
44 |
+
'label' => Mage::helper('wall')->__('Content'),
|
45 |
+
'title' => Mage::helper('wall')->__('Content'),
|
46 |
+
'style' => 'width:700px; height:500px;',
|
47 |
+
'wysiwyg' => false,
|
48 |
+
'required' => true,
|
49 |
+
));*/
|
50 |
+
|
51 |
+
if ( Mage::getSingleton('adminhtml/session')->getBlacklistData() )
|
52 |
+
{
|
53 |
+
$form->setValues(Mage::getSingleton('adminhtml/session')->getBlacklistData());
|
54 |
+
Mage::getSingleton('adminhtml/session')->setBlacklistData(null);
|
55 |
+
} elseif ( Mage::registry('blacklist_data') ) {
|
56 |
+
$form->setValues(Mage::registry('blacklist_data')->getData());
|
57 |
+
}
|
58 |
+
return parent::_prepareForm();
|
59 |
+
}
|
60 |
+
}
|
app/code/community/MageFirewall/Firewall/Block/Adminhtml/Blacklist/Edit/Tabs.php
ADDED
@@ -0,0 +1,24 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?php
|
2 |
+
|
3 |
+
class MageFirewall_Firewall_Block_Adminhtml_Blacklist_Edit_Tabs extends Mage_Adminhtml_Block_Widget_Tabs
|
4 |
+
{
|
5 |
+
|
6 |
+
public function __construct()
|
7 |
+
{
|
8 |
+
parent::__construct();
|
9 |
+
$this->setId('firewall_tabs');
|
10 |
+
$this->setDestElementId('edit_form');
|
11 |
+
$this->setTitle(Mage::helper('firewall')->__('Blacklist Information'));
|
12 |
+
}
|
13 |
+
|
14 |
+
protected function _beforeToHtml()
|
15 |
+
{
|
16 |
+
$this->addTab('form_section', array(
|
17 |
+
'label' => Mage::helper('firewall')->__('Blacklist Information'),
|
18 |
+
'title' => Mage::helper('firewall')->__('Blacklist Information'),
|
19 |
+
'content' => $this->getLayout()->createBlock('firewall/adminhtml_blacklist_edit_tab_form')->toHtml(),
|
20 |
+
));
|
21 |
+
|
22 |
+
return parent::_beforeToHtml();
|
23 |
+
}
|
24 |
+
}
|
app/code/community/MageFirewall/Firewall/Block/Adminhtml/Blacklist/Grid.php
ADDED
@@ -0,0 +1,68 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?php
|
2 |
+
class MageFirewall_Firewall_Block_Adminhtml_Blacklist_Grid extends Mage_Adminhtml_Block_Widget_Grid
|
3 |
+
{
|
4 |
+
public function __construct()
|
5 |
+
{
|
6 |
+
parent::__construct();
|
7 |
+
$this->setId('rulesGrid');
|
8 |
+
$this->setDefaultSort('blacklist_id');
|
9 |
+
$this->setDefaultDir('DESC');
|
10 |
+
$this->setSaveParametersInSession(true);
|
11 |
+
$this->setUseAjax(true);
|
12 |
+
}
|
13 |
+
protected function _prepareCollection()
|
14 |
+
{
|
15 |
+
$orderId = (int) $this->getRequest()->getParam('id');
|
16 |
+
if(empty($orderId)){
|
17 |
+
$collection = Mage::getModel('firewall/blacklist')->getCollection();
|
18 |
+
}
|
19 |
+
|
20 |
+
$this->setCollection($collection);
|
21 |
+
return parent::_prepareCollection();
|
22 |
+
}
|
23 |
+
protected function _prepareColumns()
|
24 |
+
{
|
25 |
+
$this->addColumn('blacklist_id', array(
|
26 |
+
'header' => Mage::helper('firewall')->__('ID #'),
|
27 |
+
'align' => 'left',
|
28 |
+
'index' => 'blacklist_id',
|
29 |
+
));
|
30 |
+
$this->addColumn('ip', array(
|
31 |
+
'header' => Mage::helper('firewall')->__('IP Address'),
|
32 |
+
'align' => 'left',
|
33 |
+
'index' => 'ip',
|
34 |
+
));
|
35 |
+
$this->addColumn('text', array(
|
36 |
+
'header' => Mage::helper('firewall')->__('Reason'),
|
37 |
+
'align' => 'left',
|
38 |
+
'index' => 'text',
|
39 |
+
));
|
40 |
+
$this->addColumn('status', array(
|
41 |
+
'header' => Mage::helper('firewall')->__('Status'),
|
42 |
+
'align' => 'left',
|
43 |
+
'width' => '80px',
|
44 |
+
'index' => 'status',
|
45 |
+
'type' => 'options',
|
46 |
+
'options' => array(
|
47 |
+
1 => 'Enabled',
|
48 |
+
2 => 'Disabled',
|
49 |
+
),
|
50 |
+
));
|
51 |
+
$this->addColumn('created_time', array(
|
52 |
+
'header' => Mage::helper('firewall')->__('Created Time'),
|
53 |
+
'align' => 'left',
|
54 |
+
'index' => 'created_time',
|
55 |
+
));
|
56 |
+
return parent::_prepareColumns();
|
57 |
+
}
|
58 |
+
|
59 |
+
public function getGridUrl()
|
60 |
+
{
|
61 |
+
return $this->getUrl('*/*/grid', array('_current'=>true));
|
62 |
+
}
|
63 |
+
|
64 |
+
public function getRowUrl($row)
|
65 |
+
{
|
66 |
+
return $this->getUrl('*/*/edit', array('id' => $row->getId()));
|
67 |
+
}
|
68 |
+
}
|
app/code/community/MageFirewall/Firewall/Block/Adminhtml/Logs.php
ADDED
@@ -0,0 +1,12 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?php
|
2 |
+
class MageFirewall_Firewall_Block_Adminhtml_Logs extends Mage_Adminhtml_Block_Widget_Grid_Container
|
3 |
+
{
|
4 |
+
public function __construct()
|
5 |
+
{
|
6 |
+
$this->_controller = 'adminhtml_logs';
|
7 |
+
$this->_blockGroup = 'firewall';
|
8 |
+
$this->_headerText = Mage::helper('firewall')->__('Logs');
|
9 |
+
parent::__construct();
|
10 |
+
$this->_removeButton('add');
|
11 |
+
}
|
12 |
+
}
|
app/code/community/MageFirewall/Firewall/Block/Adminhtml/Logs/Grid.php
ADDED
@@ -0,0 +1,66 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?php
|
2 |
+
class MageFirewall_Firewall_Block_Adminhtml_Logs_Grid extends Mage_Adminhtml_Block_Widget_Grid
|
3 |
+
{
|
4 |
+
public function __construct()
|
5 |
+
{
|
6 |
+
parent::__construct();
|
7 |
+
$this->setId('logsGrid');
|
8 |
+
$this->setDefaultSort('log_id');
|
9 |
+
$this->setDefaultDir('DESC');
|
10 |
+
$this->setSaveParametersInSession(true);
|
11 |
+
$this->setUseAjax(true);
|
12 |
+
}
|
13 |
+
protected function _prepareCollection()
|
14 |
+
{
|
15 |
+
$orderId = (int) $this->getRequest()->getParam('id');
|
16 |
+
if(empty($orderId)){
|
17 |
+
$collection = Mage::getModel('firewall/logs')->getCollection();
|
18 |
+
}
|
19 |
+
|
20 |
+
$this->setCollection($collection);
|
21 |
+
return parent::_prepareCollection();
|
22 |
+
}
|
23 |
+
protected function _prepareColumns()
|
24 |
+
{
|
25 |
+
$this->addColumn('log_id', array(
|
26 |
+
'header' => Mage::helper('firewall')->__('ID #'),
|
27 |
+
'align' => 'left',
|
28 |
+
'index' => 'log_id',
|
29 |
+
));
|
30 |
+
$this->addColumn('ruleid', array(
|
31 |
+
'header' => Mage::helper('firewall')->__('Rule ID'),
|
32 |
+
'align' => 'left',
|
33 |
+
'index' => 'ruleid',
|
34 |
+
));
|
35 |
+
$this->addColumn('summary', array(
|
36 |
+
'header' => Mage::helper('firewall')->__('Summary'),
|
37 |
+
'align' => 'left',
|
38 |
+
'index' => 'summary',
|
39 |
+
));
|
40 |
+
$this->addColumn('ip', array(
|
41 |
+
'header' => Mage::helper('firewall')->__('IP Address'),
|
42 |
+
'align' => 'left',
|
43 |
+
'index' => 'ip'
|
44 |
+
));
|
45 |
+
$this->addColumn('level', array(
|
46 |
+
'header' => Mage::helper('firewall')->__('Level'),
|
47 |
+
'align' => 'left',
|
48 |
+
'index' => 'level'
|
49 |
+
));
|
50 |
+
$this->addColumn('incidentid', array(
|
51 |
+
'header' => Mage::helper('firewall')->__('Incident Id'),
|
52 |
+
'align' => 'left',
|
53 |
+
'index' => 'incidentid',
|
54 |
+
));
|
55 |
+
$this->addColumn('created_time', array(
|
56 |
+
'header' => Mage::helper('firewall')->__('Date'),
|
57 |
+
'align' => 'left',
|
58 |
+
'index' => 'created_time',
|
59 |
+
));
|
60 |
+
return parent::_prepareColumns();
|
61 |
+
}
|
62 |
+
public function getGridUrl()
|
63 |
+
{
|
64 |
+
return $this->getUrl('*/*/grid', array('_current'=>true));
|
65 |
+
}
|
66 |
+
}
|
app/code/community/MageFirewall/Firewall/Block/Adminhtml/Rules.php
ADDED
@@ -0,0 +1,12 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?php
|
2 |
+
class MageFirewall_Firewall_Block_Adminhtml_Rules extends Mage_Adminhtml_Block_Widget_Grid_Container
|
3 |
+
{
|
4 |
+
public function __construct()
|
5 |
+
{
|
6 |
+
$this->_controller = 'adminhtml_rules';
|
7 |
+
$this->_blockGroup = 'firewall';
|
8 |
+
$this->_headerText = Mage::helper('firewall')->__('Rules List');
|
9 |
+
parent::__construct();
|
10 |
+
$this->_removeButton('add');
|
11 |
+
}
|
12 |
+
}
|
app/code/community/MageFirewall/Firewall/Block/Adminhtml/Rules/Edit.php
ADDED
@@ -0,0 +1,45 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?php
|
2 |
+
|
3 |
+
class MageFirewall_Firewall_Block_Adminhtml_Rules_Edit extends Mage_Adminhtml_Block_Widget_Form_Container
|
4 |
+
{
|
5 |
+
public function __construct()
|
6 |
+
{
|
7 |
+
parent::__construct();
|
8 |
+
|
9 |
+
$this->_objectId = 'id';
|
10 |
+
$this->_blockGroup = 'firewall';
|
11 |
+
$this->_controller = 'adminhtml_firewall';
|
12 |
+
|
13 |
+
$this->_updateButton('save', 'label', Mage::helper('firewall')->__('Save Rules'));
|
14 |
+
$this->_updateButton('delete', 'label', Mage::helper('firewall')->__('Delete Rules'));
|
15 |
+
|
16 |
+
$this->_addButton('saveandcontinue', array(
|
17 |
+
'label' => Mage::helper('adminhtml')->__('Save And Continue Edit'),
|
18 |
+
'onclick' => 'saveAndContinueEdit()',
|
19 |
+
'class' => 'save',
|
20 |
+
), -100);
|
21 |
+
|
22 |
+
$this->_formScripts[] = "
|
23 |
+
function toggleEditor() {
|
24 |
+
if (tinyMCE.getInstanceById('firewall_content') == null) {
|
25 |
+
tinyMCE.execCommand('mceAddControl', false, 'firewall_content');
|
26 |
+
} else {
|
27 |
+
tinyMCE.execCommand('mceRemoveControl', false, 'firewall_content');
|
28 |
+
}
|
29 |
+
}
|
30 |
+
|
31 |
+
function saveAndContinueEdit(){
|
32 |
+
editForm.submit($('edit_form').action+'back/edit/');
|
33 |
+
}
|
34 |
+
";
|
35 |
+
}
|
36 |
+
|
37 |
+
public function getHeaderText()
|
38 |
+
{
|
39 |
+
if( Mage::registry('rules_data') && Mage::registry('rules_data')->getId() ) {
|
40 |
+
return Mage::helper('firewall')->__("Edit rules '%s'", $this->htmlEscape(Mage::registry('rules_data')->getTitle()));
|
41 |
+
} else {
|
42 |
+
return Mage::helper('firewall')->__('Add rules');
|
43 |
+
}
|
44 |
+
}
|
45 |
+
}
|
app/code/community/MageFirewall/Firewall/Block/Adminhtml/Rules/Edit/Form.php
ADDED
@@ -0,0 +1,19 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?php
|
2 |
+
|
3 |
+
class MageFirewall_Firewall_Block_Adminhtml_Rules_Edit_Form extends Mage_Adminhtml_Block_Widget_Form
|
4 |
+
{
|
5 |
+
protected function _prepareForm()
|
6 |
+
{
|
7 |
+
$form = new Varien_Data_Form(array(
|
8 |
+
'id' => 'edit_form',
|
9 |
+
'action' => $this->getUrl('*/*/save', array('id' => $this->getRequest()->getParam('id'))),
|
10 |
+
'method' => 'post',
|
11 |
+
'enctype' => 'multipart/form-data'
|
12 |
+
)
|
13 |
+
);
|
14 |
+
|
15 |
+
$form->setUseContainer(true);
|
16 |
+
$this->setForm($form);
|
17 |
+
return parent::_prepareForm();
|
18 |
+
}
|
19 |
+
}
|
app/code/community/MageFirewall/Firewall/Block/Adminhtml/Rules/Edit/Tab/Form.php
ADDED
@@ -0,0 +1,58 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?php
|
2 |
+
|
3 |
+
class MageFirewall_Firewall_Block_Adminhtml_Rules_Edit_Tab_Form extends Mage_Adminhtml_Block_Widget_Form
|
4 |
+
{
|
5 |
+
protected function _prepareForm()
|
6 |
+
{
|
7 |
+
$form = new Varien_Data_Form();
|
8 |
+
$this->setForm($form);
|
9 |
+
$fieldset = $form->addFieldset('rules_form', array('legend'=>Mage::helper('firewall')->__('Rules information')));
|
10 |
+
|
11 |
+
$fieldset->addField('title', 'text', array(
|
12 |
+
'label' => Mage::helper('firewall')->__('Title'),
|
13 |
+
'class' => 'required-entry',
|
14 |
+
'required' => true,
|
15 |
+
'name' => 'title',
|
16 |
+
));
|
17 |
+
|
18 |
+
$fieldset->addField('filename', 'file', array(
|
19 |
+
'label' => Mage::helper('firewall')->__('File'),
|
20 |
+
'required' => false,
|
21 |
+
'name' => 'filename',
|
22 |
+
));
|
23 |
+
|
24 |
+
$fieldset->addField('status', 'select', array(
|
25 |
+
'label' => Mage::helper('firewall')->__('Status'),
|
26 |
+
'name' => 'status',
|
27 |
+
'values' => array(
|
28 |
+
array(
|
29 |
+
'value' => 1,
|
30 |
+
'label' => Mage::helper('firewall')->__('Enabled'),
|
31 |
+
),
|
32 |
+
|
33 |
+
array(
|
34 |
+
'value' => 2,
|
35 |
+
'label' => Mage::helper('firewall')->__('Disabled'),
|
36 |
+
),
|
37 |
+
),
|
38 |
+
));
|
39 |
+
|
40 |
+
$fieldset->addField('content', 'editor', array(
|
41 |
+
'name' => 'content',
|
42 |
+
'label' => Mage::helper('firewall')->__('Content'),
|
43 |
+
'title' => Mage::helper('firewall')->__('Content'),
|
44 |
+
'style' => 'width:700px; height:500px;',
|
45 |
+
'wysiwyg' => false,
|
46 |
+
'required' => true,
|
47 |
+
));
|
48 |
+
|
49 |
+
if ( Mage::getSingleton('adminhtml/session')->getRulesData() )
|
50 |
+
{
|
51 |
+
$form->setValues(Mage::getSingleton('adminhtml/session')->getRulesData());
|
52 |
+
Mage::getSingleton('adminhtml/session')->setRulesData(null);
|
53 |
+
} elseif ( Mage::registry('rules_data') ) {
|
54 |
+
$form->setValues(Mage::registry('rules_data')->getData());
|
55 |
+
}
|
56 |
+
return parent::_prepareForm();
|
57 |
+
}
|
58 |
+
}
|
app/code/community/MageFirewall/Firewall/Block/Adminhtml/Rules/Edit/Tabs.php
ADDED
@@ -0,0 +1,24 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?php
|
2 |
+
|
3 |
+
class MageFirewall_Firewall_Block_Adminhtml_Rules_Edit_Tabs extends Mage_Adminhtml_Block_Widget_Tabs
|
4 |
+
{
|
5 |
+
|
6 |
+
public function __construct()
|
7 |
+
{
|
8 |
+
parent::__construct();
|
9 |
+
$this->setId('firewall_tabs');
|
10 |
+
$this->setDestElementId('edit_form');
|
11 |
+
$this->setTitle(Mage::helper('firewall')->__('Rules Information'));
|
12 |
+
}
|
13 |
+
|
14 |
+
protected function _beforeToHtml()
|
15 |
+
{
|
16 |
+
$this->addTab('form_section', array(
|
17 |
+
'label' => Mage::helper('firewall')->__('Rules Information'),
|
18 |
+
'title' => Mage::helper('firewall')->__('Rules Information'),
|
19 |
+
'content' => $this->getLayout()->createBlock('firewall/adminhtml_wall_edit_tab_form')->toHtml(),
|
20 |
+
));
|
21 |
+
|
22 |
+
return parent::_beforeToHtml();
|
23 |
+
}
|
24 |
+
}
|
app/code/community/MageFirewall/Firewall/Block/Adminhtml/Rules/Grid.php
ADDED
@@ -0,0 +1,96 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?php
|
2 |
+
class MageFirewall_Firewall_Block_Adminhtml_Rules_Grid extends Mage_Adminhtml_Block_Widget_Grid
|
3 |
+
{
|
4 |
+
public function __construct()
|
5 |
+
{
|
6 |
+
parent::__construct();
|
7 |
+
$this->setId('rulesGrid');
|
8 |
+
$this->setDefaultSort('rules_id');
|
9 |
+
$this->setDefaultDir('DESC');
|
10 |
+
$this->setSaveParametersInSession(true);
|
11 |
+
$this->setUseAjax(true);
|
12 |
+
}
|
13 |
+
protected function _prepareCollection()
|
14 |
+
{
|
15 |
+
$orderId = (int) $this->getRequest()->getParam('id');
|
16 |
+
if(empty($orderId)){
|
17 |
+
$collection = Mage::getModel('firewall/rules')->getCollection();
|
18 |
+
}
|
19 |
+
|
20 |
+
$this->setCollection($collection);
|
21 |
+
return parent::_prepareCollection();
|
22 |
+
}
|
23 |
+
protected function _prepareColumns()
|
24 |
+
{
|
25 |
+
$this->addColumn('rules_id', array(
|
26 |
+
'header' => Mage::helper('firewall')->__('ID #'),
|
27 |
+
'align' => 'left',
|
28 |
+
'index' => 'rules_id',
|
29 |
+
));
|
30 |
+
$this->addColumn('who', array(
|
31 |
+
'header' => Mage::helper('firewall')->__('Who'),
|
32 |
+
'align' => 'left',
|
33 |
+
'index' => 'who',
|
34 |
+
));
|
35 |
+
$this->addColumn('request', array(
|
36 |
+
'header' => Mage::helper('firewall')->__('Request'),
|
37 |
+
'align' => 'left',
|
38 |
+
'index' => 'request',
|
39 |
+
));
|
40 |
+
$this->addColumn('what', array(
|
41 |
+
'header' => Mage::helper('firewall')->__('What'),
|
42 |
+
'align' => 'left',
|
43 |
+
'index' => 'what',
|
44 |
+
));
|
45 |
+
$this->addColumn('why', array(
|
46 |
+
'header' => Mage::helper('firewall')->__('Why'),
|
47 |
+
'align' => 'left',
|
48 |
+
'index' => 'why'
|
49 |
+
));
|
50 |
+
$this->addColumn('level', array(
|
51 |
+
'header' => Mage::helper('firewall')->__('Level'),
|
52 |
+
'align' => 'left',
|
53 |
+
'index' => 'level',
|
54 |
+
));
|
55 |
+
$this->addColumn('enabled', array(
|
56 |
+
'header' => Mage::helper('firewall')->__('Status'),
|
57 |
+
'align' => 'left',
|
58 |
+
'index' => 'enabled',
|
59 |
+
));
|
60 |
+
/* $this->addColumn('comments', array(
|
61 |
+
'header' => Mage::helper('paymentcapture')->__('Status Message'),
|
62 |
+
'align' => 'left',
|
63 |
+
'index' => 'comments',
|
64 |
+
));
|
65 |
+
$this->addColumn('action_edit', array(
|
66 |
+
'header' => $this->helper('paymentcapture')->__('Action'),
|
67 |
+
'width' => 80,
|
68 |
+
'sortable' => false,
|
69 |
+
'filter' => false,
|
70 |
+
'renderer' => new Grossman_Paymentcapture_Block_Adminhtml_Renderer_Action(),
|
71 |
+
));
|
72 |
+
|
73 |
+
$this->addColumn('action',
|
74 |
+
array(
|
75 |
+
'header' => Mage::helper('paymentcapture')->__(''),
|
76 |
+
'width' => '100',
|
77 |
+
'type' => 'action',
|
78 |
+
'getter' => 'getId',
|
79 |
+
'actions' => array(
|
80 |
+
array(
|
81 |
+
'caption' => Mage::helper('paymentcapture')->__('Log'),
|
82 |
+
'url' => array('base'=> 'adminhtml/paymentcapture_view'),
|
83 |
+
'field' => 'id'
|
84 |
+
)),
|
85 |
+
'filter' => false,
|
86 |
+
'sortable' => false,
|
87 |
+
'index' => 'stores',
|
88 |
+
'is_system' => true,
|
89 |
+
));*/
|
90 |
+
return parent::_prepareColumns();
|
91 |
+
}
|
92 |
+
public function getGridUrl()
|
93 |
+
{
|
94 |
+
return $this->getUrl('*/*/grid', array('_current'=>true));
|
95 |
+
}
|
96 |
+
}
|
app/code/community/MageFirewall/Firewall/Block/Adminhtml/Whitelist.php
ADDED
@@ -0,0 +1,11 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?php
|
2 |
+
class MageFirewall_Firewall_Block_Adminhtml_Whitelist extends Mage_Adminhtml_Block_Widget_Grid_Container
|
3 |
+
{
|
4 |
+
public function __construct()
|
5 |
+
{
|
6 |
+
$this->_controller = 'adminhtml_whitelist';
|
7 |
+
$this->_blockGroup = 'firewall';
|
8 |
+
$this->_headerText = Mage::helper('firewall')->__('White List');
|
9 |
+
parent::__construct();
|
10 |
+
}
|
11 |
+
}
|
app/code/community/MageFirewall/Firewall/Block/Adminhtml/Whitelist/Edit.php
ADDED
@@ -0,0 +1,45 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?php
|
2 |
+
|
3 |
+
class MageFirewall_Firewall_Block_Adminhtml_Whitelist_Edit extends Mage_Adminhtml_Block_Widget_Form_Container
|
4 |
+
{
|
5 |
+
public function __construct()
|
6 |
+
{
|
7 |
+
parent::__construct();
|
8 |
+
|
9 |
+
$this->_objectId = 'id';
|
10 |
+
$this->_blockGroup = 'firewall';
|
11 |
+
$this->_controller = 'adminhtml_whitelist';
|
12 |
+
|
13 |
+
$this->_updateButton('save', 'label', Mage::helper('firewall')->__('Save whitelist'));
|
14 |
+
$this->_updateButton('delete', 'label', Mage::helper('firewall')->__('Delete whitelist'));
|
15 |
+
|
16 |
+
$this->_addButton('saveandcontinue', array(
|
17 |
+
'label' => Mage::helper('adminhtml')->__('Save And Continue Edit'),
|
18 |
+
'onclick' => 'saveAndContinueEdit()',
|
19 |
+
'class' => 'save',
|
20 |
+
), -100);
|
21 |
+
|
22 |
+
$this->_formScripts[] = "
|
23 |
+
function toggleEditor() {
|
24 |
+
if (tinyMCE.getInstanceById('firewall_content') == null) {
|
25 |
+
tinyMCE.execCommand('mceAddControl', false, 'firewall_content');
|
26 |
+
} else {
|
27 |
+
tinyMCE.execCommand('mceRemoveControl', false, 'firewall_content');
|
28 |
+
}
|
29 |
+
}
|
30 |
+
|
31 |
+
function saveAndContinueEdit(){
|
32 |
+
editForm.submit($('edit_form').action+'back/edit/');
|
33 |
+
}
|
34 |
+
";
|
35 |
+
}
|
36 |
+
|
37 |
+
public function getHeaderText()
|
38 |
+
{
|
39 |
+
if( Mage::registry('rules_data') && Mage::registry('whitelist_data')->getId() ) {
|
40 |
+
return Mage::helper('firewall')->__("Edit whitelist '%s'", $this->htmlEscape(Mage::registry('whitelist_data')->getTitle()));
|
41 |
+
} else {
|
42 |
+
return Mage::helper('firewall')->__('Add whitelist');
|
43 |
+
}
|
44 |
+
}
|
45 |
+
}
|
app/code/community/MageFirewall/Firewall/Block/Adminhtml/Whitelist/Edit/Form.php
ADDED
@@ -0,0 +1,19 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?php
|
2 |
+
|
3 |
+
class MageFirewall_Firewall_Block_Adminhtml_Whitelist_Edit_Form extends Mage_Adminhtml_Block_Widget_Form
|
4 |
+
{
|
5 |
+
protected function _prepareForm()
|
6 |
+
{
|
7 |
+
$form = new Varien_Data_Form(array(
|
8 |
+
'id' => 'edit_form',
|
9 |
+
'action' => $this->getUrl('*/*/save', array('id' => $this->getRequest()->getParam('id'))),
|
10 |
+
'method' => 'post',
|
11 |
+
'enctype' => 'multipart/form-data'
|
12 |
+
)
|
13 |
+
);
|
14 |
+
|
15 |
+
$form->setUseContainer(true);
|
16 |
+
$this->setForm($form);
|
17 |
+
return parent::_prepareForm();
|
18 |
+
}
|
19 |
+
}
|
app/code/community/MageFirewall/Firewall/Block/Adminhtml/Whitelist/Edit/Tab/Form.php
ADDED
@@ -0,0 +1,51 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?php
|
2 |
+
|
3 |
+
class MageFirewall_Firewall_Block_Adminhtml_Whitelist_Edit_Tab_Form extends Mage_Adminhtml_Block_Widget_Form
|
4 |
+
{
|
5 |
+
protected function _prepareForm()
|
6 |
+
{
|
7 |
+
$form = new Varien_Data_Form();
|
8 |
+
$this->setForm($form);
|
9 |
+
$fieldset = $form->addFieldset('whitelist_form', array('legend'=>Mage::helper('firewall')->__('Whitelist information')));
|
10 |
+
|
11 |
+
$fieldset->addField('ip', 'text', array(
|
12 |
+
'label' => Mage::helper('firewall')->__('IP Address'),
|
13 |
+
'class' => 'required-entry',
|
14 |
+
'required' => true,
|
15 |
+
'name' => 'ip',
|
16 |
+
));
|
17 |
+
|
18 |
+
$fieldset->addField('text', 'editor', array(
|
19 |
+
'label' => Mage::helper('firewall')->__('Reason'),
|
20 |
+
'required' => false,
|
21 |
+
'name' => 'text',
|
22 |
+
'style' => 'width:274px; height:200px;',
|
23 |
+
'wysiwyg' => false,
|
24 |
+
));
|
25 |
+
|
26 |
+
$fieldset->addField('status', 'select', array(
|
27 |
+
'label' => Mage::helper('firewall')->__('Status'),
|
28 |
+
'name' => 'status',
|
29 |
+
'values' => array(
|
30 |
+
array(
|
31 |
+
'value' => 1,
|
32 |
+
'label' => Mage::helper('firewall')->__('Enabled'),
|
33 |
+
),
|
34 |
+
|
35 |
+
array(
|
36 |
+
'value' => 2,
|
37 |
+
'label' => Mage::helper('firewall')->__('Disabled'),
|
38 |
+
),
|
39 |
+
),
|
40 |
+
));
|
41 |
+
|
42 |
+
if ( Mage::getSingleton('adminhtml/session')->getWhitelistData() )
|
43 |
+
{
|
44 |
+
$form->setValues(Mage::getSingleton('adminhtml/session')->getWhitelistData());
|
45 |
+
Mage::getSingleton('adminhtml/session')->setWhitelistData(null);
|
46 |
+
} elseif ( Mage::registry('whitelist_data') ) {
|
47 |
+
$form->setValues(Mage::registry('whitelist_data')->getData());
|
48 |
+
}
|
49 |
+
return parent::_prepareForm();
|
50 |
+
}
|
51 |
+
}
|
app/code/community/MageFirewall/Firewall/Block/Adminhtml/Whitelist/Edit/Tabs.php
ADDED
@@ -0,0 +1,24 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?php
|
2 |
+
|
3 |
+
class MageFirewall_Firewall_Block_Adminhtml_Whitelist_Edit_Tabs extends Mage_Adminhtml_Block_Widget_Tabs
|
4 |
+
{
|
5 |
+
|
6 |
+
public function __construct()
|
7 |
+
{
|
8 |
+
parent::__construct();
|
9 |
+
$this->setId('whitelist_tabs');
|
10 |
+
$this->setDestElementId('edit_form');
|
11 |
+
$this->setTitle(Mage::helper('firewall')->__('Whitelist Information'));
|
12 |
+
}
|
13 |
+
|
14 |
+
protected function _beforeToHtml()
|
15 |
+
{
|
16 |
+
$this->addTab('form_section', array(
|
17 |
+
'label' => Mage::helper('firewall')->__('Whitelist Information'),
|
18 |
+
'title' => Mage::helper('firewall')->__('Whitelist Information'),
|
19 |
+
'content' => $this->getLayout()->createBlock('firewall/adminhtml_whitelist_edit_tab_form')->toHtml(),
|
20 |
+
));
|
21 |
+
|
22 |
+
return parent::_beforeToHtml();
|
23 |
+
}
|
24 |
+
}
|
app/code/community/MageFirewall/Firewall/Block/Adminhtml/Whitelist/Grid.php
ADDED
@@ -0,0 +1,68 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?php
|
2 |
+
class MageFirewall_Firewall_Block_Adminhtml_Whitelist_Grid extends Mage_Adminhtml_Block_Widget_Grid
|
3 |
+
{
|
4 |
+
public function __construct()
|
5 |
+
{
|
6 |
+
parent::__construct();
|
7 |
+
$this->setId('whitelistGrid');
|
8 |
+
$this->setDefaultSort('whitelist_id');
|
9 |
+
$this->setDefaultDir('DESC');
|
10 |
+
$this->setSaveParametersInSession(true);
|
11 |
+
$this->setUseAjax(true);
|
12 |
+
}
|
13 |
+
protected function _prepareCollection()
|
14 |
+
{
|
15 |
+
$orderId = (int) $this->getRequest()->getParam('id');
|
16 |
+
if(empty($orderId)){
|
17 |
+
$collection = Mage::getModel('firewall/whitelist')->getCollection();
|
18 |
+
}
|
19 |
+
|
20 |
+
$this->setCollection($collection);
|
21 |
+
return parent::_prepareCollection();
|
22 |
+
}
|
23 |
+
protected function _prepareColumns()
|
24 |
+
{
|
25 |
+
$this->addColumn('whitelist_id', array(
|
26 |
+
'header' => Mage::helper('firewall')->__('ID #'),
|
27 |
+
'align' => 'left',
|
28 |
+
'index' => 'whitelist_id',
|
29 |
+
));
|
30 |
+
$this->addColumn('ip', array(
|
31 |
+
'header' => Mage::helper('firewall')->__('IP Address'),
|
32 |
+
'align' => 'left',
|
33 |
+
'index' => 'ip',
|
34 |
+
));
|
35 |
+
$this->addColumn('text', array(
|
36 |
+
'header' => Mage::helper('firewall')->__('Text'),
|
37 |
+
'align' => 'left',
|
38 |
+
'index' => 'text',
|
39 |
+
));
|
40 |
+
$this->addColumn('status', array(
|
41 |
+
'header' => Mage::helper('firewall')->__('Status'),
|
42 |
+
'align' => 'left',
|
43 |
+
'width' => '80px',
|
44 |
+
'index' => 'status',
|
45 |
+
'type' => 'options',
|
46 |
+
'options' => array(
|
47 |
+
1 => 'Enabled',
|
48 |
+
2 => 'Disabled',
|
49 |
+
),
|
50 |
+
));
|
51 |
+
$this->addColumn('created_time', array(
|
52 |
+
'header' => Mage::helper('firewall')->__('Created Time'),
|
53 |
+
'align' => 'left',
|
54 |
+
'index' => 'created_time',
|
55 |
+
));
|
56 |
+
return parent::_prepareColumns();
|
57 |
+
}
|
58 |
+
|
59 |
+
public function getGridUrl()
|
60 |
+
{
|
61 |
+
return $this->getUrl('*/*/grid', array('_current'=>true));
|
62 |
+
}
|
63 |
+
|
64 |
+
public function getRowUrl($row)
|
65 |
+
{
|
66 |
+
return $this->getUrl('*/*/edit', array('id' => $row->getId()));
|
67 |
+
}
|
68 |
+
}
|
app/code/community/MageFirewall/Firewall/Helper/Data.php
ADDED
@@ -0,0 +1,86 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?php
|
2 |
+
class MageFirewall_Firewall_Helper_Data extends Mage_Core_Helper_Abstract
|
3 |
+
{
|
4 |
+
public function getLogsCount(){
|
5 |
+
$currentMonth=date("Y-m");
|
6 |
+
$recentLogs = Mage::getModel('firewall/logs')->getCollection();
|
7 |
+
$recentLogs->addFieldToFilter('created_time', array('like' =>"%2014-09%"));
|
8 |
+
$LogsCount = $recentLogs->getData();
|
9 |
+
return count($LogsCount);
|
10 |
+
}
|
11 |
+
|
12 |
+
public function getMageEmail(){
|
13 |
+
return Mage::getStoreConfig('trans_email/ident_general/email');
|
14 |
+
}
|
15 |
+
|
16 |
+
public function getRecentEditedFiles(){
|
17 |
+
$days = $this->getOptionsData('show_recent_file_days');
|
18 |
+
$lists[0] = $days;
|
19 |
+
exec('find . -iregex ".*\(html\|php\)" -mtime -'.$lists[0],$lists[1]);
|
20 |
+
$lists[1] = implode("<br />", $lists[1]);
|
21 |
+
return $lists;
|
22 |
+
}
|
23 |
+
|
24 |
+
public function getClientIp(){
|
25 |
+
if(isset($_SERVER['HTTP_X_FORWARDED_FOR']) && $_SERVER['HTTP_X_FORWARDED_FOR'] != '') {
|
26 |
+
$ip_address = $_SERVER['HTTP_X_FORWARDED_FOR'];
|
27 |
+
} else {
|
28 |
+
$ip_address = $_SERVER['REMOTE_ADDR'];
|
29 |
+
}
|
30 |
+
return $ip_address;
|
31 |
+
}
|
32 |
+
|
33 |
+
public function getOptionsData($fieldtext){
|
34 |
+
$optiosData = Mage::getModel('firewall/options')->getCollection()->addFieldToFilter('path',$fieldtext)->getData();
|
35 |
+
return $optiosData[0]['value'];
|
36 |
+
}
|
37 |
+
|
38 |
+
// file checker function start
|
39 |
+
// Check for string in file return bool
|
40 |
+
public function isinfile($stringtofind,$path) {
|
41 |
+
if(!file_exists($path)) {
|
42 |
+
return false; // if no file then where would be the exploitation in it :P
|
43 |
+
}
|
44 |
+
$openedfile = file_get_contents($path);
|
45 |
+
if(strpos($openedfile, $stringtofind) !== FALSE)
|
46 |
+
{
|
47 |
+
// found in file
|
48 |
+
return true;
|
49 |
+
}
|
50 |
+
else
|
51 |
+
{
|
52 |
+
// Not found in file
|
53 |
+
return false;
|
54 |
+
}
|
55 |
+
}
|
56 |
+
|
57 |
+
//Printing function for logging function no return
|
58 |
+
public function printer($type=2,$printstring) {
|
59 |
+
if($type == 1) {
|
60 |
+
echo "<br /><h3>$printstring</h3>";
|
61 |
+
}
|
62 |
+
else if($type == 2) {
|
63 |
+
echo "<br />$printstring";
|
64 |
+
}
|
65 |
+
}
|
66 |
+
|
67 |
+
public function startprocess($collectiontocheck) {
|
68 |
+
$errorflag = 0;
|
69 |
+
$this->printer(1,$collectiontocheck['exploitname']);
|
70 |
+
foreach($collectiontocheck['data'] as $check) {
|
71 |
+
if($this->isinfile($check['searchstring'],$check['filelocation'])) {
|
72 |
+
$errorflag = 0;
|
73 |
+
}
|
74 |
+
}
|
75 |
+
$results[]['name'] = $collectiontocheck['exploitname'];
|
76 |
+
if($errorflag == 1) {
|
77 |
+
$this->printer(2,$collectiontocheck['error']);
|
78 |
+
$results[]['status'] = "fail";
|
79 |
+
}
|
80 |
+
else {
|
81 |
+
$results[]['status'] = "pass";
|
82 |
+
}
|
83 |
+
}
|
84 |
+
// file checker function start end
|
85 |
+
}
|
86 |
+
?>
|
app/code/community/MageFirewall/Firewall/Model/Blacklist.php
ADDED
@@ -0,0 +1,10 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?php
|
2 |
+
class MageFirewall_Firewall_Model_Blacklist extends Mage_Core_Model_Abstract
|
3 |
+
{
|
4 |
+
public function _construct()
|
5 |
+
{
|
6 |
+
parent::_construct();
|
7 |
+
$this->_init('firewall/blacklist');
|
8 |
+
}
|
9 |
+
}
|
10 |
+
?>
|
app/code/community/MageFirewall/Firewall/Model/Cron.php
ADDED
@@ -0,0 +1,67 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?php
|
2 |
+
|
3 |
+
class MageFirewall_Firewall_Model_Cron extends Varien_Object
|
4 |
+
{
|
5 |
+
public function deleteOldLogs()
|
6 |
+
{
|
7 |
+
$wallHelper = Mage::helper('firewall');
|
8 |
+
$date = date('Y-m-j G:i:s') ;
|
9 |
+
$LogDeleteDate = strtotime ( '-'.$this->getLogDays().' day' , strtotime ( $date ) ) ;
|
10 |
+
$LogDeleteDate = date ( 'Y-m-j' , $LogDeleteDate ) ;
|
11 |
+
$model = Mage::getModel('firewall/logs')->getCollection();
|
12 |
+
$model->addFieldToFilter('created_time',array(
|
13 |
+
array(
|
14 |
+
'to' => $LogDeleteDate,
|
15 |
+
'date' => true,
|
16 |
+
),
|
17 |
+
));
|
18 |
+
$Logs = $model->getData();
|
19 |
+
if($Logs){
|
20 |
+
foreach($Logs as $logId){
|
21 |
+
$model = Mage::getModel('firewall/logs');
|
22 |
+
$model->setId(trim($logId['log_id']))
|
23 |
+
->delete();
|
24 |
+
}
|
25 |
+
}
|
26 |
+
$editedFiles = $wallHelper->getRecentEditedFiles();
|
27 |
+
$this->notify('admin user',$this->getSenderEmail(),'Magento store - MageFirewal',$editedFiles[1]);
|
28 |
+
return;
|
29 |
+
}
|
30 |
+
|
31 |
+
public function getSenderEmail()
|
32 |
+
{
|
33 |
+
$sendToEmail = Mage::helper('firewall')->getMageEmail();
|
34 |
+
if(Mage::helper('firewall')->getOptionsData('email_addresss')) {
|
35 |
+
$sendToEmail = Mage::helper('firewall')->getOptionsData('email_addresss');
|
36 |
+
}
|
37 |
+
return $sendToEmail;
|
38 |
+
}
|
39 |
+
|
40 |
+
public function getLogDays()
|
41 |
+
{
|
42 |
+
return Mage::getStoreConfig('system/log/clean_after_day');
|
43 |
+
}
|
44 |
+
|
45 |
+
public function notify($sendToName, $sendToEmail, $subject, $msg) {
|
46 |
+
$mail = Mage::getModel('core/email');
|
47 |
+
$mail->setToName($sendToName);
|
48 |
+
$mail->setToEmail($sendToEmail);
|
49 |
+
$mail->setBody($msg);
|
50 |
+
$mail->setSubject($subject);
|
51 |
+
$mail->setFromEmail(Mage::getStoreConfig('trans_email/ident_general/email'));
|
52 |
+
$mail->setFromName(Mage::getStoreConfig('trans_email/ident_general/name'));
|
53 |
+
$mail->setType('html');
|
54 |
+
|
55 |
+
try {
|
56 |
+
$mail->send();
|
57 |
+
}
|
58 |
+
catch (Exception $e) {
|
59 |
+
Mage::logException($e);
|
60 |
+
return false;
|
61 |
+
}
|
62 |
+
|
63 |
+
return true;
|
64 |
+
}
|
65 |
+
|
66 |
+
}
|
67 |
+
?>
|
app/code/community/MageFirewall/Firewall/Model/Logs.php
ADDED
@@ -0,0 +1,10 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?php
|
2 |
+
class MageFirewall_Firewall_Model_Logs extends Mage_Core_Model_Abstract
|
3 |
+
{
|
4 |
+
public function _construct()
|
5 |
+
{
|
6 |
+
parent::_construct();
|
7 |
+
$this->_init('firewall/logs');
|
8 |
+
}
|
9 |
+
}
|
10 |
+
?>
|
app/code/community/MageFirewall/Firewall/Model/Mysql4/Blacklist.php
ADDED
@@ -0,0 +1,8 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?php
|
2 |
+
class MageFirewall_Firewall_Model_Mysql4_Blacklist extends Mage_Core_Model_Mysql4_Abstract
|
3 |
+
{
|
4 |
+
public function _construct()
|
5 |
+
{
|
6 |
+
$this->_init('firewall/blacklist', 'blacklist_id');
|
7 |
+
}
|
8 |
+
}
|
app/code/community/MageFirewall/Firewall/Model/Mysql4/Blacklist/Collection.php
ADDED
@@ -0,0 +1,8 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?php
|
2 |
+
class MageFirewall_Firewall_Model_Mysql4_Blacklist_Collection extends Mage_Core_Model_Mysql4_Collection_Abstract
|
3 |
+
{
|
4 |
+
public function _construct()
|
5 |
+
{
|
6 |
+
$this->_init('firewall/blacklist');
|
7 |
+
}
|
8 |
+
}
|
app/code/community/MageFirewall/Firewall/Model/Mysql4/Logs.php
ADDED
@@ -0,0 +1,8 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?php
|
2 |
+
class MageFirewall_Firewall_Model_Mysql4_Logs extends Mage_Core_Model_Mysql4_Abstract
|
3 |
+
{
|
4 |
+
public function _construct()
|
5 |
+
{
|
6 |
+
$this->_init('firewall/logs', 'log_id');
|
7 |
+
}
|
8 |
+
}
|
app/code/community/MageFirewall/Firewall/Model/Mysql4/Logs/Collection.php
ADDED
@@ -0,0 +1,8 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?php
|
2 |
+
class MageFirewall_Firewall_Model_Mysql4_Logs_Collection extends Mage_Core_Model_Mysql4_Collection_Abstract
|
3 |
+
{
|
4 |
+
public function _construct()
|
5 |
+
{
|
6 |
+
$this->_init('firewall/logs');
|
7 |
+
}
|
8 |
+
}
|
app/code/community/MageFirewall/Firewall/Model/Mysql4/Options.php
ADDED
@@ -0,0 +1,8 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?php
|
2 |
+
class MageFirewall_Firewall_Model_Mysql4_Options extends Mage_Core_Model_Mysql4_Abstract
|
3 |
+
{
|
4 |
+
public function _construct()
|
5 |
+
{
|
6 |
+
$this->_init('firewall/options', 'option_id');
|
7 |
+
}
|
8 |
+
}
|
app/code/community/MageFirewall/Firewall/Model/Mysql4/Options/Collection.php
ADDED
@@ -0,0 +1,8 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?php
|
2 |
+
class MageFirewall_Firewall_Model_Mysql4_Options_Collection extends Mage_Core_Model_Mysql4_Collection_Abstract
|
3 |
+
{
|
4 |
+
public function _construct()
|
5 |
+
{
|
6 |
+
$this->_init('firewall/options');
|
7 |
+
}
|
8 |
+
}
|
app/code/community/MageFirewall/Firewall/Model/Mysql4/Rules.php
ADDED
@@ -0,0 +1,8 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?php
|
2 |
+
class MageFirewall_Firewall_Model_Mysql4_Rules extends Mage_Core_Model_Mysql4_Abstract
|
3 |
+
{
|
4 |
+
public function _construct()
|
5 |
+
{
|
6 |
+
$this->_init('firewall/rules', 'rules_id');
|
7 |
+
}
|
8 |
+
}
|
app/code/community/MageFirewall/Firewall/Model/Mysql4/Rules/Collection.php
ADDED
@@ -0,0 +1,8 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?php
|
2 |
+
class MageFirewall_Firewall_Model_Mysql4_Rules_Collection extends Mage_Core_Model_Mysql4_Collection_Abstract
|
3 |
+
{
|
4 |
+
public function _construct()
|
5 |
+
{
|
6 |
+
$this->_init('firewall/rules');
|
7 |
+
}
|
8 |
+
}
|
app/code/community/MageFirewall/Firewall/Model/Mysql4/Version.php
ADDED
@@ -0,0 +1,8 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?php
|
2 |
+
class MageFirewall_Firewall_Model_Mysql4_Version extends Mage_Core_Model_Mysql4_Abstract
|
3 |
+
{
|
4 |
+
public function _construct()
|
5 |
+
{
|
6 |
+
$this->_init('firewall/version', 'version_id');
|
7 |
+
}
|
8 |
+
}
|
app/code/community/MageFirewall/Firewall/Model/Mysql4/Version/Collection.php
ADDED
@@ -0,0 +1,8 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?php
|
2 |
+
class MageFirewall_Firewall_Model_Mysql4_Version_Collection extends Mage_Core_Model_Mysql4_Collection_Abstract
|
3 |
+
{
|
4 |
+
public function _construct()
|
5 |
+
{
|
6 |
+
$this->_init('firewall/version');
|
7 |
+
}
|
8 |
+
}
|
app/code/community/MageFirewall/Firewall/Model/Mysql4/Whitelist.php
ADDED
@@ -0,0 +1,8 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?php
|
2 |
+
class MageFirewall_Firewall_Model_Mysql4_Whitelist extends Mage_Core_Model_Mysql4_Abstract
|
3 |
+
{
|
4 |
+
public function _construct()
|
5 |
+
{
|
6 |
+
$this->_init('firewall/whitelist', 'whitelist_id');
|
7 |
+
}
|
8 |
+
}
|
app/code/community/MageFirewall/Firewall/Model/Mysql4/Whitelist/Collection.php
ADDED
@@ -0,0 +1,8 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?php
|
2 |
+
class MageFirewall_Firewall_Model_Mysql4_Whitelist_Collection extends Mage_Core_Model_Mysql4_Collection_Abstract
|
3 |
+
{
|
4 |
+
public function _construct()
|
5 |
+
{
|
6 |
+
$this->_init('firewall/whitelist');
|
7 |
+
}
|
8 |
+
}
|
app/code/community/MageFirewall/Firewall/Model/Observer.php
ADDED
@@ -0,0 +1,59 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?php
|
2 |
+
class MageFirewall_Firewall_Model_Observer
|
3 |
+
{
|
4 |
+
/*
|
5 |
+
* store ipaddress in blacklist if admin entered wrong password
|
6 |
+
* */
|
7 |
+
public function login_validation($observer = null)
|
8 |
+
{
|
9 |
+
$event = $observer->getEvent();
|
10 |
+
$controllerAction = $event->getControllerAction();
|
11 |
+
$blacklistModel = Mage::getModel('firewall/blacklist');
|
12 |
+
$wallHelper = Mage::helper('firewall');
|
13 |
+
$ip_address = $wallHelper->getClientIp();
|
14 |
+
$model1 = $blacklistModel->getCollection()->addFieldToFilter('ip',$ip_address)->getData();
|
15 |
+
if($model1){
|
16 |
+
foreach($model1 as $getcount){
|
17 |
+
$count=$getcount['count']+1;
|
18 |
+
$id=$getcount['blacklist_id'];
|
19 |
+
$blacklistModel->setId($id)
|
20 |
+
->setCount($count)
|
21 |
+
->setUpdatedTime(time())
|
22 |
+
->save();
|
23 |
+
}
|
24 |
+
}
|
25 |
+
else{
|
26 |
+
$data = array('ip'=>$ip_address,'priority'=>'Normal','count'=>1,'is_delete'=>0,'status'=>1,'text'=>'admin login','created_time'=>time());
|
27 |
+
$model = $blacklistModel->setData($data)->save();
|
28 |
+
}
|
29 |
+
}
|
30 |
+
public function checkBlacklist($observer = null)
|
31 |
+
{
|
32 |
+
$blacklistModel = Mage::getModel('firewall/blacklist');
|
33 |
+
$whitelistModel = Mage::getModel('firewall/whitelist');
|
34 |
+
$wallHelper = Mage::helper('firewall');
|
35 |
+
$loginMaxCount = (int) $wallHelper->getOptionsData('login_lttempts');
|
36 |
+
$ip_address = $wallHelper->getClientIp();
|
37 |
+
$checkipinblacklist = $blacklistModel->getCollection()
|
38 |
+
->addFieldToFilter('count',array('lt' => $loginMaxCount))
|
39 |
+
->addFieldToFilter('ip',$ip_address)->getData();
|
40 |
+
if($checkipinblacklist){
|
41 |
+
$blacklistModel->setId($checkipinblacklist[0]['blacklist_id'])
|
42 |
+
->delete();
|
43 |
+
}
|
44 |
+
$getBlackListIp = $blacklistModel->getCollection()
|
45 |
+
->addFieldToFilter('ip',$ip_address)
|
46 |
+
->addFieldToFilter('status','1')
|
47 |
+
->addFieldToFilter('count',array('gteq' => $loginMaxCount))->getData();
|
48 |
+
$getWhiteListIp = $whitelistModel->getCollection()
|
49 |
+
->addFieldToFilter('ip',$ip_address)
|
50 |
+
->addFieldToFilter('status','1')->getData();
|
51 |
+
|
52 |
+
if($getBlackListIp && !$getWhiteListIp ) {
|
53 |
+
$session = Mage::getSingleton('adminhtml/session');
|
54 |
+
$adminSession = Mage::getSingleton('admin/session');
|
55 |
+
$adminSession->unsetAll();
|
56 |
+
$adminSession->getCookie()->delete($adminSession->getSessionName());
|
57 |
+
}
|
58 |
+
}
|
59 |
+
}
|
app/code/community/MageFirewall/Firewall/Model/Options.php
ADDED
@@ -0,0 +1,10 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?php
|
2 |
+
class MageFirewall_Firewall_Model_Options extends Mage_Core_Model_Abstract
|
3 |
+
{
|
4 |
+
public function _construct()
|
5 |
+
{
|
6 |
+
parent::_construct();
|
7 |
+
$this->_init('firewall/options');
|
8 |
+
}
|
9 |
+
}
|
10 |
+
?>
|
app/code/community/MageFirewall/Firewall/Model/Rules.php
ADDED
@@ -0,0 +1,10 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?php
|
2 |
+
class MageFirewall_Firewall_Model_Rules extends Mage_Core_Model_Abstract
|
3 |
+
{
|
4 |
+
public function _construct()
|
5 |
+
{
|
6 |
+
parent::_construct();
|
7 |
+
$this->_init('firewall/rules');
|
8 |
+
}
|
9 |
+
}
|
10 |
+
?>
|
app/code/community/MageFirewall/Firewall/Model/Version.php
ADDED
@@ -0,0 +1,10 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?php
|
2 |
+
class MageFirewall_Firewall_Model_Version extends Mage_Core_Model_Abstract
|
3 |
+
{
|
4 |
+
public function _construct()
|
5 |
+
{
|
6 |
+
parent::_construct();
|
7 |
+
$this->_init('firewall/version');
|
8 |
+
}
|
9 |
+
}
|
10 |
+
?>
|
app/code/community/MageFirewall/Firewall/Model/Whitelist.php
ADDED
@@ -0,0 +1,10 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?php
|
2 |
+
class MageFirewall_Firewall_Model_Whitelist extends Mage_Core_Model_Abstract
|
3 |
+
{
|
4 |
+
public function _construct()
|
5 |
+
{
|
6 |
+
parent::_construct();
|
7 |
+
$this->_init('firewall/whitelist');
|
8 |
+
}
|
9 |
+
}
|
10 |
+
?>
|
app/code/community/MageFirewall/Firewall/controllers/Adminhtml/BlacklistController.php
ADDED
@@ -0,0 +1,111 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?php
|
2 |
+
class MageFirewall_Firewall_Adminhtml_BlacklistController extends Mage_Adminhtml_Controller_Action
|
3 |
+
{
|
4 |
+
protected function _initAction()
|
5 |
+
{
|
6 |
+
$this->loadLayout()
|
7 |
+
->_setActiveMenu('firewall/blacklist')
|
8 |
+
->_addBreadcrumb(Mage::helper('adminhtml')->__('Black List'), Mage::helper('adminhtml')->__('Black List'));
|
9 |
+
return $this;
|
10 |
+
}
|
11 |
+
public function indexAction() {
|
12 |
+
$this->_initAction();
|
13 |
+
$this->_addContent($this->getLayout()->createBlock('firewall/adminhtml_blacklist'));
|
14 |
+
$this->renderLayout();
|
15 |
+
}
|
16 |
+
public function gridAction()
|
17 |
+
{
|
18 |
+
$this->loadLayout();
|
19 |
+
$this->getResponse()->setBody(
|
20 |
+
$this->getLayout()->createBlock('firewall/adminhtml_blacklist_grid')->toHtml()
|
21 |
+
);
|
22 |
+
}
|
23 |
+
|
24 |
+
public function editAction() {
|
25 |
+
$id = $this->getRequest()->getParam('id');
|
26 |
+
$model = Mage::getModel('firewall/blacklist')->load($id);
|
27 |
+
|
28 |
+
if ($model->getId() || $id == 0) {
|
29 |
+
$data = Mage::getSingleton('adminhtml/session')->getFormData(true);
|
30 |
+
if (!empty($data)) {
|
31 |
+
$model->setData($data);
|
32 |
+
}
|
33 |
+
|
34 |
+
Mage::register('blacklist_data', $model);
|
35 |
+
|
36 |
+
$this->loadLayout();
|
37 |
+
$this->_setActiveMenu('blacklist/items');
|
38 |
+
|
39 |
+
$this->_addBreadcrumb(Mage::helper('adminhtml')->__('BlackList Manager'), Mage::helper('adminhtml')->__('BlackList Manager'));
|
40 |
+
|
41 |
+
$this->getLayout()->getBlock('head')->setCanLoadExtJs(true);
|
42 |
+
|
43 |
+
$this->_addContent($this->getLayout()->createBlock('firewall/adminhtml_blacklist_edit'))
|
44 |
+
->_addLeft($this->getLayout()->createBlock('firewall/adminhtml_blacklist_edit_tabs'));
|
45 |
+
|
46 |
+
$this->renderLayout();
|
47 |
+
} else {
|
48 |
+
Mage::getSingleton('adminhtml/session')->addError(Mage::helper('firewall')->__('Item does not exist'));
|
49 |
+
$this->_redirect('*/*/');
|
50 |
+
}
|
51 |
+
}
|
52 |
+
|
53 |
+
public function newAction() {
|
54 |
+
$this->_forward('edit');
|
55 |
+
}
|
56 |
+
|
57 |
+
public function saveAction() {
|
58 |
+
if ($data = $this->getRequest()->getPost()) {
|
59 |
+
|
60 |
+
|
61 |
+
$model = Mage::getModel('firewall/blacklist');
|
62 |
+
$model->setData($data)
|
63 |
+
->setId($this->getRequest()->getParam('id'));
|
64 |
+
|
65 |
+
try {
|
66 |
+
if ($model->getCreatedTime == NULL || $model->getUpdateTime() == NULL) {
|
67 |
+
$model->setCreatedTime(now())
|
68 |
+
->setUpdateTime(now());
|
69 |
+
} else {
|
70 |
+
$model->setUpdateTime(now());
|
71 |
+
}
|
72 |
+
|
73 |
+
$model->save();
|
74 |
+
Mage::getSingleton('adminhtml/session')->addSuccess(Mage::helper('firewall')->__('BlackList was successfully saved'));
|
75 |
+
Mage::getSingleton('adminhtml/session')->setFormData(false);
|
76 |
+
|
77 |
+
if ($this->getRequest()->getParam('back')) {
|
78 |
+
$this->_redirect('*/*/edit', array('id' => $model->getId()));
|
79 |
+
return;
|
80 |
+
}
|
81 |
+
$this->_redirect('*/*/');
|
82 |
+
return;
|
83 |
+
} catch (Exception $e) {
|
84 |
+
Mage::getSingleton('adminhtml/session')->addError($e->getMessage());
|
85 |
+
Mage::getSingleton('adminhtml/session')->setFormData($data);
|
86 |
+
$this->_redirect('*/*/edit', array('id' => $this->getRequest()->getParam('id')));
|
87 |
+
return;
|
88 |
+
}
|
89 |
+
}
|
90 |
+
Mage::getSingleton('adminhtml/session')->addError(Mage::helper('firewall')->__('Unable to find BlackList to save'));
|
91 |
+
$this->_redirect('*/*/');
|
92 |
+
}
|
93 |
+
|
94 |
+
public function deleteAction() {
|
95 |
+
if( $this->getRequest()->getParam('id') > 0 ) {
|
96 |
+
try {
|
97 |
+
$model = Mage::getModel('firewall/blacklist');
|
98 |
+
|
99 |
+
$model->setId($this->getRequest()->getParam('id'))
|
100 |
+
->delete();
|
101 |
+
|
102 |
+
Mage::getSingleton('adminhtml/session')->addSuccess(Mage::helper('adminhtml')->__('BlackList was successfully deleted'));
|
103 |
+
$this->_redirect('*/*/');
|
104 |
+
} catch (Exception $e) {
|
105 |
+
Mage::getSingleton('adminhtml/session')->addError($e->getMessage());
|
106 |
+
$this->_redirect('*/*/edit', array('id' => $this->getRequest()->getParam('id')));
|
107 |
+
}
|
108 |
+
}
|
109 |
+
$this->_redirect('*/*/');
|
110 |
+
}
|
111 |
+
}
|
app/code/community/MageFirewall/Firewall/controllers/Adminhtml/Dashboard/DiagnosticController.php
ADDED
@@ -0,0 +1,27 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?php
|
2 |
+
class MageFirewall_Firewall_Adminhtml_Dashboard_DiagnosticController extends Mage_Adminhtml_Controller_Action
|
3 |
+
{
|
4 |
+
protected function _initAction()
|
5 |
+
{
|
6 |
+
$this->_title($this->__('FIREWALL'))->_title($this->__('Dashboard'))->_title($this->__('View'));
|
7 |
+
$this->loadLayout()
|
8 |
+
->_setActiveMenu('firewall/diagnostic');
|
9 |
+
|
10 |
+
return $this;
|
11 |
+
}
|
12 |
+
public function indexAction() {
|
13 |
+
$block = $this->getLayout()->createBlock('core/template');
|
14 |
+
$block->setTemplate('firewall/diagnostic.phtml');
|
15 |
+
|
16 |
+
$this->_initAction()
|
17 |
+
->_addContent($block)
|
18 |
+
->renderLayout();
|
19 |
+
}
|
20 |
+
public function gridAction()
|
21 |
+
{
|
22 |
+
$this->loadLayout();
|
23 |
+
$this->getResponse()->setBody(
|
24 |
+
$this->getLayout()->createBlock('dashboard/adminhtml_diagnostic_grid')->toHtml()
|
25 |
+
);
|
26 |
+
}
|
27 |
+
}
|
app/code/community/MageFirewall/Firewall/controllers/Adminhtml/Dashboard/FilecheckerController.php
ADDED
@@ -0,0 +1,27 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?php
|
2 |
+
class MageFirewall_Firewall_Adminhtml_Dashboard_FileCheckerController extends Mage_Adminhtml_Controller_Action
|
3 |
+
{
|
4 |
+
protected function _initAction()
|
5 |
+
{
|
6 |
+
$this->_title($this->__('FIREWALL'))->_title($this->__('Dashboard'))->_title($this->__('Diagnostic'));
|
7 |
+
$this->loadLayout()
|
8 |
+
->_setActiveMenu('firewall/filechecker');
|
9 |
+
|
10 |
+
return $this;
|
11 |
+
}
|
12 |
+
public function indexAction() {
|
13 |
+
$block = $this->getLayout()->createBlock('core/template');
|
14 |
+
$block->setTemplate('firewall/filechecker.phtml');
|
15 |
+
|
16 |
+
$this->_initAction()
|
17 |
+
->_addContent($block)
|
18 |
+
->renderLayout();
|
19 |
+
}
|
20 |
+
public function gridAction()
|
21 |
+
{
|
22 |
+
$this->loadLayout();
|
23 |
+
$this->getResponse()->setBody(
|
24 |
+
$this->getLayout()->createBlock('dashboard/adminhtml_diagnosticchecker_grid')->toHtml()
|
25 |
+
);
|
26 |
+
}
|
27 |
+
}
|
app/code/community/MageFirewall/Firewall/controllers/Adminhtml/Dashboard/RecentController.php
ADDED
@@ -0,0 +1,27 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?php
|
2 |
+
class MageFirewall_Firewall_Adminhtml_Dashboard_RecentController extends Mage_Adminhtml_Controller_Action
|
3 |
+
{
|
4 |
+
protected function _initAction()
|
5 |
+
{
|
6 |
+
$this->_title($this->__('FIREWALL'))->_title($this->__('Dashboard'))->_title($this->__('View'));
|
7 |
+
$this->loadLayout()
|
8 |
+
->_setActiveMenu('firewall/recentedittedfile');
|
9 |
+
|
10 |
+
return $this;
|
11 |
+
}
|
12 |
+
public function indexAction() {
|
13 |
+
$block = $this->getLayout()->createBlock('core/template');
|
14 |
+
$block->setTemplate('firewall/recentfile.phtml');
|
15 |
+
|
16 |
+
$this->_initAction()
|
17 |
+
->_addContent($block)
|
18 |
+
->renderLayout();
|
19 |
+
}
|
20 |
+
public function gridAction()
|
21 |
+
{
|
22 |
+
$this->loadLayout();
|
23 |
+
$this->getResponse()->setBody(
|
24 |
+
$this->getLayout()->createBlock('dashboard/adminhtml_dashboard_grid')->toHtml()
|
25 |
+
);
|
26 |
+
}
|
27 |
+
}
|
app/code/community/MageFirewall/Firewall/controllers/Adminhtml/Dashboard/ViewController.php
ADDED
@@ -0,0 +1,53 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?php
|
2 |
+
class MageFirewall_Firewall_Adminhtml_Dashboard_ViewController extends Mage_Adminhtml_Controller_Action
|
3 |
+
{
|
4 |
+
protected function _initAction()
|
5 |
+
{
|
6 |
+
$this->_title($this->__('FIREWALL'))->_title($this->__('Dashboard'))->_title($this->__('View'));
|
7 |
+
$this->loadLayout()
|
8 |
+
->_setActiveMenu('firewall/dashboard');
|
9 |
+
|
10 |
+
return $this;
|
11 |
+
}
|
12 |
+
public function indexAction() {
|
13 |
+
$wallHelper = Mage::helper('firewall');
|
14 |
+
if ($data = $this->getRequest()->getPost()) {
|
15 |
+
try {
|
16 |
+
$optionsAll = Mage::getModel('firewall/options');
|
17 |
+
foreach($data['fireWall_options'] as $datas){
|
18 |
+
if(isset($datas['value']))
|
19 |
+
$optionsAll->setData($datas);
|
20 |
+
$optionsAll->save();
|
21 |
+
}
|
22 |
+
if($data['fireWall_options'][6]['value']==1){
|
23 |
+
$ip_address = $wallHelper->getClientIp();
|
24 |
+
$whitelist = Mage::getModel('firewall/whitelist');
|
25 |
+
$getWhiteList = Mage::getModel('firewall/whitelist')->getCollection()->addFieldToFilter('ip',$ip_address)->getData();
|
26 |
+
if(count($getWhiteList)>=1){
|
27 |
+
} else {
|
28 |
+
$whitelist->setData(array('ip'=>$ip_address,'is_delete'=>0,'status'=>1,'created_time'=>time()))
|
29 |
+
->save();
|
30 |
+
}
|
31 |
+
}
|
32 |
+
|
33 |
+
Mage::getSingleton('adminhtml/session')->addSuccess('Configuration saved succesfully.');
|
34 |
+
} catch (Exception $e) {
|
35 |
+
Mage::getSingleton('adminhtml/session')->addError($e->getMessage());
|
36 |
+
}
|
37 |
+
$this->_redirect('*/*');
|
38 |
+
}
|
39 |
+
$block = $this->getLayout()->createBlock('core/template');
|
40 |
+
$block->setTemplate('firewall/dashboard.phtml');
|
41 |
+
|
42 |
+
$this->_initAction()
|
43 |
+
->_addContent($block)
|
44 |
+
->renderLayout();
|
45 |
+
}
|
46 |
+
public function gridAction()
|
47 |
+
{
|
48 |
+
$this->loadLayout();
|
49 |
+
$this->getResponse()->setBody(
|
50 |
+
$this->getLayout()->createBlock('dashboard/adminhtml_dashboard_grid')->toHtml()
|
51 |
+
);
|
52 |
+
}
|
53 |
+
}
|
app/code/community/MageFirewall/Firewall/controllers/Adminhtml/LogsController.php
ADDED
@@ -0,0 +1,23 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?php
|
2 |
+
class MageFirewall_Firewall_Adminhtml_LogsController extends Mage_Adminhtml_Controller_Action
|
3 |
+
{
|
4 |
+
protected function _initAction()
|
5 |
+
{
|
6 |
+
$this->loadLayout()
|
7 |
+
->_setActiveMenu('firewall/logs')
|
8 |
+
->_addBreadcrumb(Mage::helper('adminhtml')->__('Logs'), Mage::helper('adminhtml')->__('Logs'));
|
9 |
+
return $this;
|
10 |
+
}
|
11 |
+
public function indexAction() {
|
12 |
+
$this->_initAction();
|
13 |
+
$this->_addContent($this->getLayout()->createBlock('firewall/adminhtml_logs'));
|
14 |
+
$this->renderLayout();
|
15 |
+
}
|
16 |
+
public function gridAction()
|
17 |
+
{
|
18 |
+
$this->loadLayout();
|
19 |
+
$this->getResponse()->setBody(
|
20 |
+
$this->getLayout()->createBlock('firewall/adminhtml_logs_grid')->toHtml()
|
21 |
+
);
|
22 |
+
}
|
23 |
+
}
|
app/code/community/MageFirewall/Firewall/controllers/Adminhtml/RulesController.php
ADDED
@@ -0,0 +1,23 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?php
|
2 |
+
class MageFirewall_Firewall_Adminhtml_RulesController extends Mage_Adminhtml_Controller_Action
|
3 |
+
{
|
4 |
+
protected function _initAction()
|
5 |
+
{
|
6 |
+
$this->loadLayout()
|
7 |
+
->_setActiveMenu('firewall/rules')
|
8 |
+
->_addBreadcrumb(Mage::helper('adminhtml')->__('Rules List'), Mage::helper('adminhtml')->__('Rules List'));
|
9 |
+
return $this;
|
10 |
+
}
|
11 |
+
public function indexAction() {
|
12 |
+
$this->_initAction();
|
13 |
+
$this->_addContent($this->getLayout()->createBlock('firewall/adminhtml_rules'));
|
14 |
+
$this->renderLayout();
|
15 |
+
}
|
16 |
+
public function gridAction()
|
17 |
+
{
|
18 |
+
$this->loadLayout();
|
19 |
+
$this->getResponse()->setBody(
|
20 |
+
$this->getLayout()->createBlock('firewall/adminhtml_rules_grid')->toHtml()
|
21 |
+
);
|
22 |
+
}
|
23 |
+
}
|
app/code/community/MageFirewall/Firewall/controllers/Adminhtml/WhitelistController.php
ADDED
@@ -0,0 +1,111 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?php
|
2 |
+
class MageFirewall_Firewall_Adminhtml_WhitelistController extends Mage_Adminhtml_Controller_Action
|
3 |
+
{
|
4 |
+
protected function _initAction()
|
5 |
+
{
|
6 |
+
$this->loadLayout()
|
7 |
+
->_setActiveMenu('firewall/whitelist')
|
8 |
+
->_addBreadcrumb(Mage::helper('adminhtml')->__('Whitelist'), Mage::helper('adminhtml')->__('Whitelist'));
|
9 |
+
return $this;
|
10 |
+
}
|
11 |
+
public function indexAction() {
|
12 |
+
$this->_initAction();
|
13 |
+
$this->_addContent($this->getLayout()->createBlock('firewall/adminhtml_whitelist'));
|
14 |
+
$this->renderLayout();
|
15 |
+
}
|
16 |
+
public function gridAction()
|
17 |
+
{
|
18 |
+
$this->loadLayout();
|
19 |
+
$this->getResponse()->setBody(
|
20 |
+
$this->getLayout()->createBlock('firewall/adminhtml_whitelist_grid')->toHtml()
|
21 |
+
);
|
22 |
+
}
|
23 |
+
|
24 |
+
public function editAction() {
|
25 |
+
$id = $this->getRequest()->getParam('id');
|
26 |
+
$model = Mage::getModel('firewall/whitelist')->load($id);
|
27 |
+
|
28 |
+
if ($model->getId() || $id == 0) {
|
29 |
+
$data = Mage::getSingleton('adminhtml/session')->getFormData(true);
|
30 |
+
if (!empty($data)) {
|
31 |
+
$model->setData($data);
|
32 |
+
}
|
33 |
+
|
34 |
+
Mage::register('whitelist_data', $model);
|
35 |
+
|
36 |
+
$this->loadLayout();
|
37 |
+
$this->_setActiveMenu('whitelist/items');
|
38 |
+
|
39 |
+
$this->_addBreadcrumb(Mage::helper('adminhtml')->__('Whitelist Manager'), Mage::helper('adminhtml')->__('Whitelist Manager'));
|
40 |
+
|
41 |
+
$this->getLayout()->getBlock('head')->setCanLoadExtJs(true);
|
42 |
+
|
43 |
+
$this->_addContent($this->getLayout()->createBlock('firewall/adminhtml_whitelist_edit'))
|
44 |
+
->_addLeft($this->getLayout()->createBlock('firewall/adminhtml_whitelist_edit_tabs'));
|
45 |
+
|
46 |
+
$this->renderLayout();
|
47 |
+
} else {
|
48 |
+
Mage::getSingleton('adminhtml/session')->addError(Mage::helper('firewall')->__('Item does not exist'));
|
49 |
+
$this->_redirect('*/*/');
|
50 |
+
}
|
51 |
+
}
|
52 |
+
|
53 |
+
public function newAction() {
|
54 |
+
$this->_forward('edit');
|
55 |
+
}
|
56 |
+
|
57 |
+
public function saveAction() {
|
58 |
+
if ($data = $this->getRequest()->getPost()) {
|
59 |
+
|
60 |
+
|
61 |
+
$model = Mage::getModel('firewall/whitelist');
|
62 |
+
$model->setData($data)
|
63 |
+
->setId($this->getRequest()->getParam('id'));
|
64 |
+
|
65 |
+
try {
|
66 |
+
if ($model->getCreatedTime == NULL || $model->getUpdateTime() == NULL) {
|
67 |
+
$model->setCreatedTime(now())
|
68 |
+
->setUpdateTime(now());
|
69 |
+
} else {
|
70 |
+
$model->setUpdateTime(now());
|
71 |
+
}
|
72 |
+
|
73 |
+
$model->save();
|
74 |
+
Mage::getSingleton('adminhtml/session')->addSuccess(Mage::helper('firewall')->__('Whitelist was successfully saved'));
|
75 |
+
Mage::getSingleton('adminhtml/session')->setFormData(false);
|
76 |
+
|
77 |
+
if ($this->getRequest()->getParam('back')) {
|
78 |
+
$this->_redirect('*/*/edit', array('id' => $model->getId()));
|
79 |
+
return;
|
80 |
+
}
|
81 |
+
$this->_redirect('*/*/');
|
82 |
+
return;
|
83 |
+
} catch (Exception $e) {
|
84 |
+
Mage::getSingleton('adminhtml/session')->addError($e->getMessage());
|
85 |
+
Mage::getSingleton('adminhtml/session')->setFormData($data);
|
86 |
+
$this->_redirect('*/*/edit', array('id' => $this->getRequest()->getParam('id')));
|
87 |
+
return;
|
88 |
+
}
|
89 |
+
}
|
90 |
+
Mage::getSingleton('adminhtml/session')->addError(Mage::helper('firewall')->__('Unable to find Whitelist to save'));
|
91 |
+
$this->_redirect('*/*/');
|
92 |
+
}
|
93 |
+
|
94 |
+
public function deleteAction() {
|
95 |
+
if( $this->getRequest()->getParam('id') > 0 ) {
|
96 |
+
try {
|
97 |
+
$model = Mage::getModel('firewall/whitelist');
|
98 |
+
|
99 |
+
$model->setId($this->getRequest()->getParam('id'))
|
100 |
+
->delete();
|
101 |
+
|
102 |
+
Mage::getSingleton('adminhtml/session')->addSuccess(Mage::helper('adminhtml')->__('Whitelist was successfully deleted'));
|
103 |
+
$this->_redirect('*/*/');
|
104 |
+
} catch (Exception $e) {
|
105 |
+
Mage::getSingleton('adminhtml/session')->addError($e->getMessage());
|
106 |
+
$this->_redirect('*/*/edit', array('id' => $this->getRequest()->getParam('id')));
|
107 |
+
}
|
108 |
+
}
|
109 |
+
$this->_redirect('*/*/');
|
110 |
+
}
|
111 |
+
}
|
app/code/community/MageFirewall/Firewall/data/firewall_setup/data-install-0.1.0.php
ADDED
@@ -0,0 +1,964 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?php
|
2 |
+
$tickets = Mage::getModel('firewall/rules')
|
3 |
+
->getCollection();
|
4 |
+
$tickets = Array
|
5 |
+
(
|
6 |
+
'0' => Array
|
7 |
+
(
|
8 |
+
// 'id''1',
|
9 |
+
'who' => 'generic',
|
10 |
+
'request' => 'GET|POST|HTTP_COOKIE|HTTP_USER_AGENT',
|
11 |
+
'what' => '(?:\.{2}[\\/]{1,4}){2}\b',
|
12 |
+
'why' => 'Directory traversal',
|
13 |
+
'level' => '3',
|
14 |
+
'enabled' => '1'
|
15 |
+
),
|
16 |
+
|
17 |
+
'1' => Array
|
18 |
+
(
|
19 |
+
// 'id''2',
|
20 |
+
'who' => 'generic',
|
21 |
+
'request' => 'GET|POST|HTTP_COOKIE|HTTP_USER_AGENT|REQUEST_URI|PHP_SELF|PATH_INFO',
|
22 |
+
'what' => '%00|\x00',
|
23 |
+
'why' => 'NULL byte character',
|
24 |
+
'level' => '3',
|
25 |
+
'enabled' => '1'
|
26 |
+
),
|
27 |
+
|
28 |
+
'2' => Array
|
29 |
+
(
|
30 |
+
// 'id''3',
|
31 |
+
'who' => 'generic',
|
32 |
+
'request' => 'GET|POST|HTTP_COOKIE|HTTP_USER_AGENT',
|
33 |
+
'what' => '[.\\/]/(?:proc/self/|etc/passwd)\b',
|
34 |
+
'why' => 'Local file inclusion',
|
35 |
+
'level' => '2',
|
36 |
+
'enabled' => '1'
|
37 |
+
),
|
38 |
+
|
39 |
+
'3' => Array
|
40 |
+
(
|
41 |
+
// 'id''50',
|
42 |
+
'who' => 'generic',
|
43 |
+
'request' => 'GET|POST|HTTP_COOKIE|HTTP_USER_AGENT',
|
44 |
+
'what' => '^(?i:https?|ftp)://.+/[^&/]+\?$',
|
45 |
+
'why' => 'Remote file inclusion',
|
46 |
+
'level' => '3',
|
47 |
+
'enabled' => '1'
|
48 |
+
),
|
49 |
+
|
50 |
+
'4' => Array
|
51 |
+
(
|
52 |
+
// 'id''51',
|
53 |
+
'who' => 'generic',
|
54 |
+
'request' => 'GET|POST|HTTP_COOKIE|HTTP_USER_AGENT',
|
55 |
+
'what' => '^(?i:https?)://\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}',
|
56 |
+
'why' => 'Remote file inclusion (URL IP)',
|
57 |
+
'level' => '2',
|
58 |
+
'enabled' => '1'
|
59 |
+
),
|
60 |
+
|
61 |
+
'5' => Array
|
62 |
+
(
|
63 |
+
// 'id''52',
|
64 |
+
'who' => 'generic',
|
65 |
+
'request' => 'GET|POST|HTTP_COOKIE|HTTP_USER_AGENT',
|
66 |
+
'what' => '\b(?i:include|require)(?i:_once)?\s*\([^)]*(?i:https?|ftp)://',
|
67 |
+
'why' => 'Remote file inclusion (via require/include)',
|
68 |
+
'level' => '3',
|
69 |
+
'enabled' => '1'
|
70 |
+
),
|
71 |
+
|
72 |
+
'6' => Array
|
73 |
+
(
|
74 |
+
// 'id''53',
|
75 |
+
'who' => 'generic',
|
76 |
+
'request' => 'GET|POST|HTTP_COOKIE|HTTP_USER_AGENT',
|
77 |
+
'what' => '^(?i:ftp)://(?:.+?:.+?\@)?[^/]+/.',
|
78 |
+
'why' => 'Remote file inclusion (FTP)',
|
79 |
+
'level' => '2',
|
80 |
+
'enabled' => '1'
|
81 |
+
),
|
82 |
+
|
83 |
+
'7' => Array
|
84 |
+
(
|
85 |
+
// 'id''100',
|
86 |
+
'who' => 'generic',
|
87 |
+
'request' => 'GET|POST|REQUEST_URI|HTTP_COOKIE|HTTP_USER_AGENT|HTTP_REFERER',
|
88 |
+
'what' => '<\s*/?(?i:applet|div|embed|i?frame(?:set)?|img|meta|marquee|object|script|textarea)\b.*?>',
|
89 |
+
'why' => 'XSS (HTML tag)',
|
90 |
+
'level' => '2',
|
91 |
+
'enabled' => '1'
|
92 |
+
),
|
93 |
+
|
94 |
+
'8' => Array
|
95 |
+
(
|
96 |
+
// 'id''101',
|
97 |
+
'who' => 'generic',
|
98 |
+
'request' => 'GET|HTTP_COOKIE|HTTP_USER_AGENT|HTTP_REFERER',
|
99 |
+
'what' => '\W(?:background(-image)?|-moz-binding)\s*:[^}]*?\burl\s*\([^)]+?://',
|
100 |
+
'why' => 'XSS (remote background URI)',
|
101 |
+
'level' => '3',
|
102 |
+
'enabled' => '1'
|
103 |
+
),
|
104 |
+
|
105 |
+
'9' => Array
|
106 |
+
(
|
107 |
+
// 'id''102',
|
108 |
+
'who' => 'generic',
|
109 |
+
'request' => 'GET|HTTP_COOKIE|HTTP_USER_AGENT|HTTP_REFERER',
|
110 |
+
'what' => '(?i:<[^>]+?(?:data|href|src)\s*=\s*[\'\"]?(?:https?|data|php|(?:java|vb)script):)',
|
111 |
+
'why' => 'XSS (remote URI)',
|
112 |
+
'level' => '3',
|
113 |
+
'enabled' => '1'
|
114 |
+
),
|
115 |
+
|
116 |
+
'10' => Array
|
117 |
+
(
|
118 |
+
// 'id''103',
|
119 |
+
'who' => 'generic',
|
120 |
+
'request' => 'GET|HTTP_COOKIE|HTTP_USER_AGENT|HTTP_REFERER',
|
121 |
+
'what' => '\b(?i:on(?i:abort|blur|(?:dbl)?click|dragdrop|error|focus|key(?:up|down|press)|(?:un)?load|mouse(?:down|out|over|up)|move|res(?:et|ize)|select|submit))\b\s*=',
|
122 |
+
'why' => 'XSS (HTML event)',
|
123 |
+
'level' => '2',
|
124 |
+
'enabled' => '1'
|
125 |
+
),
|
126 |
+
|
127 |
+
'11' => Array
|
128 |
+
(
|
129 |
+
// 'id''104',
|
130 |
+
'who' => 'generic',
|
131 |
+
'request' => 'GET|POST|HTTP_COOKIE|HTTP_USER_AGENT|HTTP_REFERER',
|
132 |
+
'what' => '[:=\]]\s*[\'\"]?(?:alert|confirm|eval|expression|prompt|String\.fromCharCode|url)\s*\(',
|
133 |
+
'why' => 'XSS (JS function)',
|
134 |
+
'level' => '3',
|
135 |
+
'enabled' => '1'
|
136 |
+
),
|
137 |
+
|
138 |
+
'12' => Array
|
139 |
+
(
|
140 |
+
// 'id''105',
|
141 |
+
'who' => 'generic',
|
142 |
+
'request' => 'GET|POST|HTTP_COOKIE|HTTP_USER_AGENT|HTTP_REFERER',
|
143 |
+
'what' => '\bdocument\.(?:body|cookie|location|open|write(?:ln)?)\b',
|
144 |
+
'why' => 'XSS (document object)',
|
145 |
+
'level' => '2',
|
146 |
+
'enabled' => '1'
|
147 |
+
),
|
148 |
+
|
149 |
+
'13' => Array
|
150 |
+
(
|
151 |
+
// 'id''106',
|
152 |
+
'who' => 'generic',
|
153 |
+
'request' => 'GET|POST|HTTP_COOKIE|HTTP_USER_AGENT|HTTP_REFERER',
|
154 |
+
'what' => '\blocation\.(?:href|replace)\b',
|
155 |
+
'why' => 'XSS (location object)',
|
156 |
+
'level' => '2',
|
157 |
+
'enabled' => '1'
|
158 |
+
),
|
159 |
+
|
160 |
+
'14' => Array
|
161 |
+
(
|
162 |
+
// 'id''107',
|
163 |
+
'who' => 'generic',
|
164 |
+
'request' => 'GET|POST|HTTP_COOKIE|HTTP_USER_AGENT|HTTP_REFERER',
|
165 |
+
'what' => '\bwindow\.(?:open|location)\b',
|
166 |
+
'why' => 'XSS (window object)',
|
167 |
+
'level' => '2',
|
168 |
+
'enabled' => '1'
|
169 |
+
),
|
170 |
+
|
171 |
+
'15' => Array
|
172 |
+
(
|
173 |
+
// 'id''108',
|
174 |
+
'who' => 'generic',
|
175 |
+
'request' => 'GET|POST|HTTP_COOKIE|HTTP_USER_AGENT|HTTP_REFERER',
|
176 |
+
'what' => '(?i:style)\s*=\s*[\'"]?[^/\'"]+/\*',
|
177 |
+
'why' => 'XSS (obfuscated style)',
|
178 |
+
'level' => '3',
|
179 |
+
'enabled' => '1'
|
180 |
+
),
|
181 |
+
|
182 |
+
'16' => Array
|
183 |
+
(
|
184 |
+
// 'id''109',
|
185 |
+
'who' => 'generic',
|
186 |
+
'request' => 'GET|POST|HTTP_COOKIE|HTTP_USER_AGENT|HTTP_REFERER',
|
187 |
+
'what' => '^/?>',
|
188 |
+
'why' => 'XSS (leading greater-than sign)',
|
189 |
+
'level' => '2',
|
190 |
+
'enabled' => '1'
|
191 |
+
),
|
192 |
+
|
193 |
+
'17' => Array
|
194 |
+
(
|
195 |
+
// 'id''110',
|
196 |
+
'who' => 'generic',
|
197 |
+
'request' => 'QUERY_STRING',
|
198 |
+
'what' => '(?:%%\d\d%\d\d){5}',
|
199 |
+
'why' => 'XSS (double nibble)',
|
200 |
+
'level' => '2',
|
201 |
+
'enabled' => '1'
|
202 |
+
),
|
203 |
+
|
204 |
+
'18' => Array
|
205 |
+
(
|
206 |
+
// 'id''111',
|
207 |
+
'who' => 'generic',
|
208 |
+
'request' => 'GET|POST|REQUEST_URI|HTTP_COOKIE|HTTP_USER_AGENT|HTTP_REFERER',
|
209 |
+
'what' => '(\+|\%2B)A(Dw|ACIAPgA8)-.+?(\+|\%2B)AD4(APAAi)?-',
|
210 |
+
'why' => 'XSS (UTF-7)',
|
211 |
+
'level' => '2',
|
212 |
+
'enabled' => '1'
|
213 |
+
),
|
214 |
+
|
215 |
+
'19' => Array
|
216 |
+
(
|
217 |
+
// 'id''150',
|
218 |
+
'who' => 'generic',
|
219 |
+
'request' => 'GET|POST',
|
220 |
+
'what' => '[\n\r]\s*\b(?:(?:reply-)?to|b?cc|content-[td]\w)\b\s*:.*?\@',
|
221 |
+
'why' => 'Mail header injection',
|
222 |
+
'level' => '2',
|
223 |
+
'enabled' => '1'
|
224 |
+
),
|
225 |
+
|
226 |
+
'20' => Array
|
227 |
+
(
|
228 |
+
// 'id''151',
|
229 |
+
'who' => 'generic',
|
230 |
+
'request' => 'GET|POST',
|
231 |
+
'what' => '^[\x0d\x0a]{1,2}[-a-zA-Z0-9]+:\s*\w+',
|
232 |
+
'why' => 'HTTP header injection',
|
233 |
+
'level' => '2',
|
234 |
+
'enabled' => '1'
|
235 |
+
),
|
236 |
+
|
237 |
+
'21' => Array
|
238 |
+
(
|
239 |
+
// 'id''152',
|
240 |
+
'who' => 'generic',
|
241 |
+
'request' => 'HTTP_COOKIE|HTTP_USER_AGENT|HTTP_REFERER',
|
242 |
+
'what' => '[\x0d\x0a]',
|
243 |
+
'why' => 'HTTP header injection (CR/LF)',
|
244 |
+
'level' => '2',
|
245 |
+
'enabled' => '1'
|
246 |
+
),
|
247 |
+
|
248 |
+
'22' => Array
|
249 |
+
(
|
250 |
+
// 'id''153',
|
251 |
+
'who' => 'generic',
|
252 |
+
'request' => 'GET|POST|HTTP_COOKIE|HTTP_USER_AGENT|HTTP_REFERER',
|
253 |
+
'what' => '<!--#(?:config|echo|exec|flastmod|fsize|include)\b.+?-->',
|
254 |
+
'why' => 'SSI command injection',
|
255 |
+
'level' => '2',
|
256 |
+
'enabled' => '1'
|
257 |
+
),
|
258 |
+
|
259 |
+
'23' => Array
|
260 |
+
(
|
261 |
+
// 'id''154',
|
262 |
+
'who' => 'generic',
|
263 |
+
'request' => 'HTTP_COOKIE|HTTP_USER_AGENT|HTTP_REFERER',
|
264 |
+
'what' => '(?s:<\?.+)|#!/(?:usr|bin)/.+?\s',
|
265 |
+
'why' => 'Code Injection',
|
266 |
+
'level' => '3',
|
267 |
+
'enabled' => '1'
|
268 |
+
),
|
269 |
+
|
270 |
+
'24' => Array
|
271 |
+
(
|
272 |
+
// 'id''155',
|
273 |
+
'who' => 'generic',
|
274 |
+
'request' => 'GET|POST',
|
275 |
+
'what' => '(?s:<\?(?![Xx][Mm][Ll]).*?(?:\$_?(?:COOKIE|ENV|FILES|GLOBALS|(?:GE|POS|REQUES)T|SE(RVER|SSION))\s*[=\[)]|\b(?i:array_map|assert|base64_(?:de|en)code|curl_exec|eval|file(?:_get_contents)?|fsockopen|gzinflate|move_uploaded_file|passthru|preg_replace|phpinfo|stripslashes|strrev|system|(?:shell_)?exec)\s*\()|\x60.+?\x60)|#!/(?:usr|bin)/.+?\s|\W\$\{\s*[\'"]\w+[\'"]',
|
276 |
+
'why' => 'Code Injection',
|
277 |
+
'level' => '3',
|
278 |
+
'enabled' => '1'
|
279 |
+
),
|
280 |
+
|
281 |
+
'25' => Array
|
282 |
+
(
|
283 |
+
// 'id''156',
|
284 |
+
'who' => 'generic',
|
285 |
+
'request' => 'GET|POST',
|
286 |
+
'what' => '\b(?i:eval)\s*\(\s*(?i:base64_decode|exec|file_get_contents|gzinflate|passthru|shell_exec|stripslashes|system)\s*\(',
|
287 |
+
'why' => 'Code Injection #2',
|
288 |
+
'level' => '2',
|
289 |
+
'enabled' => '1'
|
290 |
+
),
|
291 |
+
|
292 |
+
'26' => Array
|
293 |
+
(
|
294 |
+
// 'id''157',
|
295 |
+
'who' => 'generic',
|
296 |
+
'request' => 'GET:fltr',
|
297 |
+
'what' => ';',
|
298 |
+
'why' => 'Code injection (phpThumb)',
|
299 |
+
'level' => '3',
|
300 |
+
'enabled' => '1'
|
301 |
+
),
|
302 |
+
|
303 |
+
'27' => Array
|
304 |
+
(
|
305 |
+
// 'id''158',
|
306 |
+
'who' => 'generic',
|
307 |
+
'request' => 'GET:file_to_serve',
|
308 |
+
'what' => 'flowplayer/3\.1\.1/flowplayer-3\.1\.1\.min.js',
|
309 |
+
'why' => 'Code injection (OpenX backdoor)',
|
310 |
+
'level' => '3',
|
311 |
+
'enabled' => '1'
|
312 |
+
),
|
313 |
+
|
314 |
+
'28' => Array
|
315 |
+
(
|
316 |
+
// 'id''159',
|
317 |
+
'who' => 'generic',
|
318 |
+
'request' => 'GET:phpThumbDebug',
|
319 |
+
'what' => '.',
|
320 |
+
'why' => 'phpThumb debug mode (potential SSRF)',
|
321 |
+
'level' => '1',
|
322 |
+
'enabled' => '1'
|
323 |
+
),
|
324 |
+
|
325 |
+
'29' => Array
|
326 |
+
(
|
327 |
+
// 'id''200',
|
328 |
+
'who' => 'generic',
|
329 |
+
'request' => 'GET|POST|HTTP_COOKIE',
|
330 |
+
'what' => '^(?i:admin(?:istrator)?)[\'"].*?(?:--|#|/\*)',
|
331 |
+
'why' => 'SQL injection (admin login attempt)',
|
332 |
+
'level' => '3',
|
333 |
+
'enabled' => '1'
|
334 |
+
),
|
335 |
+
|
336 |
+
'30' => Array
|
337 |
+
(
|
338 |
+
// 'id''201',
|
339 |
+
'who' => 'generic',
|
340 |
+
'request' => 'GET|POST',
|
341 |
+
'what' => '\b(?i:[-\w]+@(?:[-a-z0-9]+\.)+[a-z]{2,8}\'.{0,20}\band\b.{0,20}=[\s/*]*\')',
|
342 |
+
'why' => 'SQL injection (user login attempt)',
|
343 |
+
'level' => '3',
|
344 |
+
'enabled' => '1'
|
345 |
+
),
|
346 |
+
|
347 |
+
'31' => Array
|
348 |
+
(
|
349 |
+
// 'id''202',
|
350 |
+
'who' => 'generic',
|
351 |
+
'request' => 'GET:username|POST:username',
|
352 |
+
'what' => '[#\'"=(),<>/\\*\x60]',
|
353 |
+
'why' => 'SQL injection (username)',
|
354 |
+
'level' => '3',
|
355 |
+
'enabled' => '1'
|
356 |
+
),
|
357 |
+
|
358 |
+
'32' => Array
|
359 |
+
(
|
360 |
+
// 'id''204',
|
361 |
+
'who' => 'generic',
|
362 |
+
'request' => 'GET|POST|HTTP_COOKIE|HTTP_USER_AGENT|HTTP_REFERER',
|
363 |
+
'what' => '\b(?i:and|or|having)\b.+?[\'"]?(\w+)[\'"]?\s*=\s*[\'"]?\1',
|
364 |
+
'why' => 'SQL injection (equal operator)',
|
365 |
+
'level' => '3',
|
366 |
+
'enabled' => '1'
|
367 |
+
),
|
368 |
+
|
369 |
+
'33' => Array
|
370 |
+
(
|
371 |
+
// 'id''205',
|
372 |
+
'who' => 'generic',
|
373 |
+
'request' => 'GET|POST',
|
374 |
+
'what' => '(?i:(?:\b(?:and|or|union)\b|;|\').*?\bfrom\b.+?information_schema\b)',
|
375 |
+
'why' => 'SQL injection (information_schema)',
|
376 |
+
'level' => '3',
|
377 |
+
'enabled' => '1'
|
378 |
+
),
|
379 |
+
|
380 |
+
'34' => Array
|
381 |
+
(
|
382 |
+
// 'id''206',
|
383 |
+
'who' => 'generic',
|
384 |
+
'request' => 'GET|POST',
|
385 |
+
'what' => '/\*\*/(?i:and|from|limit|or|select|union|request)/\*\*/',
|
386 |
+
'why' => 'SQL injection (comment obfuscation)',
|
387 |
+
'level' => '3',
|
388 |
+
'enabled' => '1'
|
389 |
+
),
|
390 |
+
|
391 |
+
'35' => Array
|
392 |
+
(
|
393 |
+
// 'id''207',
|
394 |
+
'who' => 'generic',
|
395 |
+
'request' => 'GET|POST',
|
396 |
+
'what' => '^[-\d\';].+\w.+(?:--|#|/\*)\s*$',
|
397 |
+
'why' => 'SQL injection (trailing comment)',
|
398 |
+
'level' => '3',
|
399 |
+
'enabled' => '1'
|
400 |
+
),
|
401 |
+
|
402 |
+
'36' => Array
|
403 |
+
(
|
404 |
+
// 'id''208',
|
405 |
+
'who' => 'generic',
|
406 |
+
'request' => 'HTTP_COOKIE|HTTP_USER_AGENT|HTTP_REFERER',
|
407 |
+
'what' => '(?i:(?:\b(?:and|or|union)\b|;|\').*?\b(?:alter|create|delete|drop|grant|information_schema|insert|load|rename|select|truncate|update)[^-\w])',
|
408 |
+
'why' => 'SQL injection',
|
409 |
+
'level' => '1',
|
410 |
+
'enabled' => '1'
|
411 |
+
),
|
412 |
+
|
413 |
+
'37' => Array
|
414 |
+
(
|
415 |
+
// 'id''209',
|
416 |
+
'who' => 'generic',
|
417 |
+
'request' => 'GET|POST',
|
418 |
+
'what' => '(?i:(?:\b(?:and|or|union)\b|;|\').*?(?:\ball\b.+?)?\bselect\b.+?\b(?:and\b|from\b|limit\b|request\b|\@?\@?version\b|(?:user|benchmark|char|count|database|(?:group_)?concat(?:_ws)?|floor|md5|rand|substring|version)\s*\(|--|/\*|#$))',
|
419 |
+
'why' => 'SQL injection (select)',
|
420 |
+
'level' => '3',
|
421 |
+
'enabled' => '1'
|
422 |
+
),
|
423 |
+
|
424 |
+
'38' => Array
|
425 |
+
(
|
426 |
+
// 'id''210',
|
427 |
+
'who' => 'generic',
|
428 |
+
'request' => 'GET|POST',
|
429 |
+
'what' => '(?i:(?:\b(?:and|or|union)\b|;|\').*?(?:\ball\b.+?)?\binsert\b.+?\binto\b.*?\([^)]+\).+?values.*?\()',
|
430 |
+
'why' => 'SQL injection (insert)',
|
431 |
+
'level' => '3',
|
432 |
+
'enabled' => '1'
|
433 |
+
),
|
434 |
+
|
435 |
+
'39' => Array
|
436 |
+
(
|
437 |
+
// 'id''211',
|
438 |
+
'who' => 'generic',
|
439 |
+
'request' => 'GET|POST',
|
440 |
+
'what' => '(?i:(?:\b(?:and|or|union)\b|;|\').*?\bupdate\b.+?\bset\b.+?=)',
|
441 |
+
'why' => 'SQL injection (update)',
|
442 |
+
'level' => '3',
|
443 |
+
'enabled' => '1'
|
444 |
+
),
|
445 |
+
|
446 |
+
'40' => Array
|
447 |
+
(
|
448 |
+
// 'id''212',
|
449 |
+
'who' => 'generic',
|
450 |
+
'request' => 'GET|POST',
|
451 |
+
'what' => '(?i:(?:\b(?:and|or|union)\b|;|\').*?\bgrant\b.+?\bon\b.+?to\s+)',
|
452 |
+
'why' => 'SQL injection (grant)',
|
453 |
+
'level' => '3',
|
454 |
+
'enabled' => '1'
|
455 |
+
),
|
456 |
+
|
457 |
+
'41' => Array
|
458 |
+
(
|
459 |
+
// 'id''213',
|
460 |
+
'who' => 'generic',
|
461 |
+
'request' => 'GET|POST',
|
462 |
+
'what' => '(?i:(?:\b(?:and|or|union)\b|;|\').*?\bdelete\b.+?\bfrom\b.+)',
|
463 |
+
'why' => 'SQL injection (delete)',
|
464 |
+
'level' => '3',
|
465 |
+
'enabled' => '1'
|
466 |
+
),
|
467 |
+
|
468 |
+
'42' => Array
|
469 |
+
(
|
470 |
+
// 'id''214',
|
471 |
+
'who' => 'generic',
|
472 |
+
'request' => 'GET|POST',
|
473 |
+
'what' => '(?i:(?:\b(?:and|or|union)\b|;|\').*?\b(alter|create|drop)\b.+?(?:DATABASE|FUNCTION|INDEX|PROCEDURE|SCHEMA|TABLE|TRIGGER|VIEW)\b.+?)',
|
474 |
+
'why' => 'SQL injection (alter/create/drop)',
|
475 |
+
'level' => '3',
|
476 |
+
'enabled' => '1'
|
477 |
+
),
|
478 |
+
|
479 |
+
'43' => Array
|
480 |
+
(
|
481 |
+
// 'id''215',
|
482 |
+
'who' => 'generic',
|
483 |
+
'request' => 'GET|POST',
|
484 |
+
'what' => '(?i:(?:\b(?:and|or|union)\b|;|\').*?\b(?:rename|truncate)\b.+?table)',
|
485 |
+
'why' => 'SQL injection (rename/truncate)',
|
486 |
+
'level' => '3',
|
487 |
+
'enabled' => '1'
|
488 |
+
),
|
489 |
+
|
490 |
+
'44' => Array
|
491 |
+
(
|
492 |
+
// 'id''216',
|
493 |
+
'who' => 'generic',
|
494 |
+
'request' => 'GET|POST',
|
495 |
+
'what' => '(?i:(?:\b(?:and|or|union)\b|;|\').*?\bselect\b.+?\b(?:into\b.+?(?:(?:dump|out)file|\@[\'"\x60]?\w+)|load_file))\b',
|
496 |
+
'why' => 'SQL injection (select into/load_file)',
|
497 |
+
'level' => '3',
|
498 |
+
'enabled' => '1'
|
499 |
+
),
|
500 |
+
|
501 |
+
'45' => Array
|
502 |
+
(
|
503 |
+
// 'id''217',
|
504 |
+
'who' => 'generic',
|
505 |
+
'request' => 'GET|POST',
|
506 |
+
'what' => '(?i:(?:\b(?:and|or|union)\b|;|\').*?load\b.+?\bdata\b.+?\binfile\b.+?\binto)\b',
|
507 |
+
'why' => 'SQL injection (load)',
|
508 |
+
'level' => '3',
|
509 |
+
'enabled' => '1'
|
510 |
+
),
|
511 |
+
|
512 |
+
'46' => Array
|
513 |
+
(
|
514 |
+
// 'id''250',
|
515 |
+
'who' => 'generic',
|
516 |
+
'request' => 'HTTP_HOST',
|
517 |
+
'what' => '[^-a-zA-Z0-9._:\[\]]',
|
518 |
+
'why' => 'Malformed Host header',
|
519 |
+
'level' => '2',
|
520 |
+
'enabled' => '1'
|
521 |
+
),
|
522 |
+
|
523 |
+
'47' => Array
|
524 |
+
(
|
525 |
+
// 'id''300',
|
526 |
+
'who' => 'generic',
|
527 |
+
'request' => 'GET|POST',
|
528 |
+
'what' => '^[\'"]',
|
529 |
+
'why' => 'Leading quote',
|
530 |
+
'level' => '2',
|
531 |
+
'enabled' => '1'
|
532 |
+
),
|
533 |
+
|
534 |
+
'48' => Array
|
535 |
+
(
|
536 |
+
// 'id''301',
|
537 |
+
'who' => 'generic',
|
538 |
+
'request' => 'GET',
|
539 |
+
'what' => '^[\x09\x20]',
|
540 |
+
'why' => 'Leading space',
|
541 |
+
'level' => '1',
|
542 |
+
'enabled' => '1'
|
543 |
+
),
|
544 |
+
|
545 |
+
'49' => Array
|
546 |
+
(
|
547 |
+
// 'id''302',
|
548 |
+
'who' => 'generic',
|
549 |
+
'request' => 'QUERY_STRING|PATH_INFO',
|
550 |
+
'what' => '\bHTTP_RAW_POST_DATA|HTTP_(?:POS|GE)T_VARS\b',
|
551 |
+
'why' => 'PHP variable',
|
552 |
+
'level' => '2',
|
553 |
+
'enabled' => '1'
|
554 |
+
),
|
555 |
+
|
556 |
+
'50' => Array
|
557 |
+
(
|
558 |
+
// 'id''303',
|
559 |
+
'who' => 'generic',
|
560 |
+
'request' => 'SCRIPT_NAME',
|
561 |
+
'what' => 'phpinfo\.php',
|
562 |
+
'why' => 'Attempt to access phpinfo.php',
|
563 |
+
'level' => '1',
|
564 |
+
'enabled' => '1'
|
565 |
+
),
|
566 |
+
|
567 |
+
'51' => Array
|
568 |
+
(
|
569 |
+
// 'id''304',
|
570 |
+
'who' => 'generic',
|
571 |
+
'request' => 'SCRIPT_NAME',
|
572 |
+
'what' => '/scripts/(?:setup|signon)\.php',
|
573 |
+
'why' => 'phpMyAdmin hacking attempt',
|
574 |
+
'level' => '2',
|
575 |
+
'enabled' => '1'
|
576 |
+
),
|
577 |
+
|
578 |
+
'52' => Array
|
579 |
+
(
|
580 |
+
// 'id''305',
|
581 |
+
'who' => 'generic',
|
582 |
+
'request' => 'SCRIPT_NAME',
|
583 |
+
'what' => '\.ph(?:p[2-6]?|tml)\..+?',
|
584 |
+
'why' => 'PHP handler obfuscation',
|
585 |
+
'level' => '3',
|
586 |
+
'enabled' => '1'
|
587 |
+
),
|
588 |
+
|
589 |
+
'53' => Array
|
590 |
+
(
|
591 |
+
// 'id''306',
|
592 |
+
'who' => 'generic',
|
593 |
+
'request' => 'GET:mosConfig_absolute_path|POST:mosConfig_absolute_path',
|
594 |
+
'what' => '.',
|
595 |
+
'why' => 'mosConfig_absolute_path override attempt',
|
596 |
+
'level' => '3',
|
597 |
+
'enabled' => '1'
|
598 |
+
),
|
599 |
+
|
600 |
+
'54' => Array
|
601 |
+
(
|
602 |
+
// 'id''307',
|
603 |
+
'who' => 'generic',
|
604 |
+
'request' => 'GET:mosConfig_live_site|POST:mosConfig_live_site',
|
605 |
+
'what' => '.',
|
606 |
+
'why' => 'mosConfig_live_site override attempt',
|
607 |
+
'level' => '3',
|
608 |
+
'enabled' => '1'
|
609 |
+
),
|
610 |
+
|
611 |
+
'55' => Array
|
612 |
+
(
|
613 |
+
// 'id''308',
|
614 |
+
'who' => 'generic',
|
615 |
+
'request' => 'GET:mosConfig_cachepath|POST:mosConfig_cachepath',
|
616 |
+
'what' => '.',
|
617 |
+
'why' => 'mosConfig_cachepath override attempt',
|
618 |
+
'level' => '3',
|
619 |
+
'enabled' => '1'
|
620 |
+
),
|
621 |
+
|
622 |
+
'56' => Array
|
623 |
+
(
|
624 |
+
// 'id''309',
|
625 |
+
'who' => 'generic',
|
626 |
+
'request' => 'QUERY_STRING|PATH_INFO|HTTP_COOKIE|HTTP_USER_AGENT|HTTP_REFERER',
|
627 |
+
'what' => '\b(?:\$?_(COOKIE|ENV|FILES|(?:GE|POS|REQUES)T|SE(RVER|SSION))|HTTP_(?:(?:POST|GET)_VARS|RAW_POST_DATA)|GLOBALS)\s*[=\[]|\W\$\{\s*[\'"]\w+[\'"]',
|
628 |
+
'why' => 'PHP predefined variables',
|
629 |
+
'level' => '2',
|
630 |
+
'enabled' => '1'
|
631 |
+
),
|
632 |
+
|
633 |
+
'57' => Array
|
634 |
+
(
|
635 |
+
// 'id''310',
|
636 |
+
'who' => 'generic',
|
637 |
+
'request' => 'HTTP_USER_AGENT',
|
638 |
+
'what' => '(?i:acunetix|analyzer|AhrefsBot|backdoor|bandit|blackwidow|BOT for JCE|collect|core-project|dts agent|emailmagnet|ex(ploit|tract)|flood|grabber|harvest|httrack|havij|hunter|indy library|inspect|LoadTimeBot|Microsoft URL Control|mj12bot|morfeus|nessus|pmafind|scanner|siphon|sqlmap|survey|teleport)',
|
639 |
+
'why' => 'Bad User-agent',
|
640 |
+
'level' => '1',
|
641 |
+
'enabled' => '1'
|
642 |
+
),
|
643 |
+
|
644 |
+
'58' => Array
|
645 |
+
(
|
646 |
+
// 'id''311',
|
647 |
+
'who' => 'generic',
|
648 |
+
'request' => 'SCRIPT_NAME',
|
649 |
+
'what' => '/tiny_?mce/plugins/spellchecker/classes/',
|
650 |
+
'why' => 'TinyMCE path disclosure',
|
651 |
+
'level' => '2',
|
652 |
+
'enabled' => '1'
|
653 |
+
),
|
654 |
+
|
655 |
+
'59' => Array
|
656 |
+
(
|
657 |
+
// 'id''312',
|
658 |
+
'who' => 'generic',
|
659 |
+
'request' => 'HTTP_X_FORWARDED_FOR',
|
660 |
+
'what' => '[^.0-9a-f:\x20,unkow]',
|
661 |
+
'why' => 'Non-compliant X_FORWARDED_FOR',
|
662 |
+
'level' => '1',
|
663 |
+
'enabled' => '1'
|
664 |
+
),
|
665 |
+
|
666 |
+
'60' => Array
|
667 |
+
(
|
668 |
+
// 'id''313',
|
669 |
+
'who' => 'generic',
|
670 |
+
'request' => 'QUERY_STRING',
|
671 |
+
'what' => '^-[bcndfiswzT]',
|
672 |
+
'why' => 'PHP-CGI exploit (CVE-2012-1823)',
|
673 |
+
'level' => '2',
|
674 |
+
'enabled' => '1'
|
675 |
+
),
|
676 |
+
|
677 |
+
'61' => Array
|
678 |
+
(
|
679 |
+
// 'id''350',
|
680 |
+
'who' => 'generic',
|
681 |
+
'request' => 'SCRIPT_NAME',
|
682 |
+
'what' => '(?i:bypass|c99(?:madShell|ud)?|c100|cookie_(?:usage|setup)|diagnostics|dump|endix|gifimg|goog[l1]e.+[\da-f]{10}|imageth|imlog|r5[47]|safe0ver|sniper|(?:jpe?g|gif|png))\.ph(?:p[2-6]?|tml)',
|
683 |
+
'why' => 'Shell/backdoor',
|
684 |
+
'level' => '3',
|
685 |
+
'enabled' => '1'
|
686 |
+
),
|
687 |
+
|
688 |
+
'62' => Array
|
689 |
+
(
|
690 |
+
// 'id''351',
|
691 |
+
'who' => 'generic',
|
692 |
+
'request' => 'GET:nixpasswd|POST:nixpasswd',
|
693 |
+
'what' => '^.?',
|
694 |
+
'why' => 'Shell/backdoor (nixpasswd)',
|
695 |
+
'level' => '3',
|
696 |
+
'enabled' => '1'
|
697 |
+
),
|
698 |
+
|
699 |
+
'63' => Array
|
700 |
+
(
|
701 |
+
// 'id''352',
|
702 |
+
'who' => 'generic',
|
703 |
+
'request' => 'QUERY_STRING',
|
704 |
+
'what' => '\bact=img&img=\w',
|
705 |
+
'why' => 'Shell/backdoor (img)',
|
706 |
+
'level' => '3',
|
707 |
+
'enabled' => '1'
|
708 |
+
),
|
709 |
+
|
710 |
+
'64' => Array
|
711 |
+
(
|
712 |
+
// 'id''353',
|
713 |
+
'who' => 'generic',
|
714 |
+
'request' => 'QUERY_STRING',
|
715 |
+
'what' => '\bc=img&name=\w',
|
716 |
+
'why' => 'Shell/backdoor (name)',
|
717 |
+
'level' => '3',
|
718 |
+
'enabled' => '1'
|
719 |
+
),
|
720 |
+
|
721 |
+
'65' => Array
|
722 |
+
(
|
723 |
+
// 'id''354',
|
724 |
+
'who' => 'generic',
|
725 |
+
'request' => 'QUERY_STRING',
|
726 |
+
'what' => '^image=(?:arrow|file|folder|smiley)$',
|
727 |
+
'why' => 'Shell/backdoor (image)',
|
728 |
+
'level' => '3',
|
729 |
+
'enabled' => '1'
|
730 |
+
),
|
731 |
+
|
732 |
+
'66' => Array
|
733 |
+
(
|
734 |
+
// 'id''355',
|
735 |
+
'who' => 'generic',
|
736 |
+
'request' => 'HTTP_COOKIE',
|
737 |
+
'what' => '\buname=.+?;\ssysctl=',
|
738 |
+
'why' => 'Shell/backdoor (cookie)',
|
739 |
+
'level' => '3',
|
740 |
+
'enabled' => '1'
|
741 |
+
),
|
742 |
+
|
743 |
+
'67' => Array
|
744 |
+
(
|
745 |
+
// 'id''356',
|
746 |
+
'who' => 'generic',
|
747 |
+
'request' => 'POST:sql_passwd|GET:sql_passwd',
|
748 |
+
'what' => '.',
|
749 |
+
'why' => 'Shell/backdoor (sql_passwd)',
|
750 |
+
'level' => '3',
|
751 |
+
'enabled' => '1'
|
752 |
+
),
|
753 |
+
|
754 |
+
'68' => Array
|
755 |
+
(
|
756 |
+
// 'id''357',
|
757 |
+
'who' => 'generic',
|
758 |
+
'request' => 'POST:nowpath',
|
759 |
+
'what' => '^.?',
|
760 |
+
'why' => 'Shell/backdoor (nowpath)',
|
761 |
+
'level' => '3',
|
762 |
+
'enabled' => '1'
|
763 |
+
),
|
764 |
+
|
765 |
+
'69' => Array
|
766 |
+
(
|
767 |
+
// 'id''358',
|
768 |
+
'who' => 'generic',
|
769 |
+
'request' => 'POST:view_writable',
|
770 |
+
'what' => '^.?',
|
771 |
+
'why' => 'Shell/backdoor (view_writable)',
|
772 |
+
'level' => '3',
|
773 |
+
'enabled' => '1'
|
774 |
+
),
|
775 |
+
|
776 |
+
'70' => Array
|
777 |
+
(
|
778 |
+
// 'id''359',
|
779 |
+
'who' => 'generic',
|
780 |
+
'request' => 'HTTP_COOKIE',
|
781 |
+
'what' => '\bphpspypass=',
|
782 |
+
'why' => 'Shell/backdoor (phpspy)',
|
783 |
+
'level' => '3',
|
784 |
+
'enabled' => '1'
|
785 |
+
),
|
786 |
+
|
787 |
+
'71' => Array
|
788 |
+
(
|
789 |
+
// 'id''360',
|
790 |
+
'who' => 'generic',
|
791 |
+
'request' => 'POST:a',
|
792 |
+
'what' => '^(?:Bruteforce|Console|Files(?:Man|Tools)|Network|Php|SecInfo|SelfRemove|Sql|StringTools)$',
|
793 |
+
'why' => 'Shell/backdoor (a)',
|
794 |
+
'level' => '3',
|
795 |
+
'enabled' => '1'
|
796 |
+
),
|
797 |
+
|
798 |
+
'72' => Array
|
799 |
+
(
|
800 |
+
// 'id''361',
|
801 |
+
'who' => 'generic',
|
802 |
+
'request' => 'POST:nst_cmd',
|
803 |
+
'what' => '^.',
|
804 |
+
'why' => 'Shell/backdoor (nstview)',
|
805 |
+
'level' => '3',
|
806 |
+
'enabled' => '1'
|
807 |
+
),
|
808 |
+
|
809 |
+
'73' => Array
|
810 |
+
(
|
811 |
+
// 'id''362',
|
812 |
+
'who' => 'generic',
|
813 |
+
'request' => 'POST:cmd',
|
814 |
+
'what' => '^(?:c(?:h_|URL)|db_query|echo\s\\.*|(?:edit|download|save)_file|find(?:_text|\s.+)|ftp_(?:brute|file_(?:down|up))|mail_file|mk|mysql(?:b|_dump)|php_eval|ps\s.*|search_text|safe_dir|sym[1-2]|test[1-8]|zend)$',
|
815 |
+
'why' => 'Shell/backdoor (cmd)',
|
816 |
+
'level' => '2',
|
817 |
+
'enabled' => '1'
|
818 |
+
),
|
819 |
+
|
820 |
+
'74' => Array
|
821 |
+
(
|
822 |
+
// 'id''363',
|
823 |
+
'who' => 'generic',
|
824 |
+
'request' => 'GET:p',
|
825 |
+
'what' => '^(?:chmod|cmd|edit|eval|delete|headers|md5|mysql|phpinfo|rename)$',
|
826 |
+
'why' => 'Shell/backdoor (p)',
|
827 |
+
'level' => '3',
|
828 |
+
'enabled' => '1'
|
829 |
+
),
|
830 |
+
|
831 |
+
'75' => Array
|
832 |
+
(
|
833 |
+
// 'id''364',
|
834 |
+
'who' => 'generic',
|
835 |
+
'request' => 'QUERY_STRING',
|
836 |
+
'what' => '^act=(?:bind|cmd|encoder|eval|feedback|ftpquickbrute|gofile|ls|mkdir|mkfile|processes|ps_aux|search|security|sql|tools|update|upload)&d=%2F',
|
837 |
+
'why' => 'Shell/backdoor (act)',
|
838 |
+
'level' => '3',
|
839 |
+
'enabled' => '1'
|
840 |
+
),
|
841 |
+
|
842 |
+
'76' => Array
|
843 |
+
(
|
844 |
+
// 'id''500',
|
845 |
+
'who' => 'option',
|
846 |
+
'request' => 'GET|POST|HTTP_COOKIE|HTTP_USER_AGENT|HTTP_REFERER',
|
847 |
+
'what' => '[\x01-\x08\x0e-\x1f]',
|
848 |
+
'why' => 'Disallowed ASCII characters',
|
849 |
+
'level' => '2',
|
850 |
+
'enabled' => '1'
|
851 |
+
),
|
852 |
+
|
853 |
+
'77' => Array
|
854 |
+
(
|
855 |
+
// 'id''520',
|
856 |
+
'who' => 'option',
|
857 |
+
'request' => 'GET|POST|HTTP_COOKIE|HTTP_USER_AGENT|HTTP_REFERER',
|
858 |
+
'what' => '\b(?i:php://[a-z].+?|\bdata:.*?;base64,)',
|
859 |
+
'why' => 'PHP wrappers',
|
860 |
+
'level' => '3',
|
861 |
+
'enabled' => '1'
|
862 |
+
),
|
863 |
+
|
864 |
+
'78' => Array
|
865 |
+
(
|
866 |
+
// 'id''1200',
|
867 |
+
'who' => 'magento',
|
868 |
+
'request' => 'SCRIPT_NAME',
|
869 |
+
'what' => '/(?:[Cc]onfig|install)\.php',
|
870 |
+
'why' => 'Magento: unauthorised access to a PHP script',
|
871 |
+
'level' => '2',
|
872 |
+
'enabled' => '1'
|
873 |
+
),
|
874 |
+
|
875 |
+
'79' => Array
|
876 |
+
(
|
877 |
+
// 'id''1201',
|
878 |
+
'who' => 'magento',
|
879 |
+
'request' => 'SCRIPT_NAME',
|
880 |
+
'what' => '/(?:app|cache|includes|js(?!/index\.php)|lib|media|pkginfo|var)/',
|
881 |
+
'why' => 'Magento: unauthorised access to a PHP script',
|
882 |
+
'level' => '2',
|
883 |
+
'enabled' => '1'
|
884 |
+
),
|
885 |
+
|
886 |
+
'80' => Array
|
887 |
+
(
|
888 |
+
// 'id''1202',
|
889 |
+
'who' => 'magento',
|
890 |
+
'request' => 'GET|POST',
|
891 |
+
'what' => '\badmin_user\b',
|
892 |
+
'why' => 'Magento: SQL injection (admin_user)',
|
893 |
+
'level' => '2',
|
894 |
+
'enabled' => '1'
|
895 |
+
)
|
896 |
+
) ;
|
897 |
+
|
898 |
+
foreach ($tickets as $ticket) {
|
899 |
+
Mage::getModel('firewall/rules')
|
900 |
+
->setData($ticket)
|
901 |
+
->save();
|
902 |
+
}
|
903 |
+
|
904 |
+
$optionsModel = Mage::getModel('firewall/options')->getCollection();
|
905 |
+
$options = Array
|
906 |
+
(
|
907 |
+
'0' => Array
|
908 |
+
(
|
909 |
+
'text' => 'Firewall ',
|
910 |
+
'path' => 'firewall_enable',
|
911 |
+
'value' => '1'
|
912 |
+
),
|
913 |
+
|
914 |
+
'1' => Array
|
915 |
+
(
|
916 |
+
'text' => 'Firewall Loaded ?',
|
917 |
+
'path' => 'prepend_configuration',
|
918 |
+
'value' => ''
|
919 |
+
),
|
920 |
+
|
921 |
+
'2' => Array
|
922 |
+
(
|
923 |
+
'text' => 'Console mode',
|
924 |
+
'path' => 'debug_mode',
|
925 |
+
'value' => '0'
|
926 |
+
),
|
927 |
+
|
928 |
+
'3' => Array
|
929 |
+
(
|
930 |
+
'text' => 'Show recent modified file days ',
|
931 |
+
'path' => 'show_recent_file_days',
|
932 |
+
'value' => '5'
|
933 |
+
),
|
934 |
+
|
935 |
+
'4' => Array
|
936 |
+
(
|
937 |
+
'text' => 'Receiver Email address',
|
938 |
+
'path' => 'email_addresss',
|
939 |
+
'value' => ''
|
940 |
+
),
|
941 |
+
'5' => Array
|
942 |
+
(
|
943 |
+
'text' => 'Allows only Whitelist ip\'s to access admin',
|
944 |
+
'path' => 'allow_whitelist',
|
945 |
+
'value' => '0'
|
946 |
+
),
|
947 |
+
'6' => Array
|
948 |
+
(
|
949 |
+
'text' => 'Admin Login Attempts (Allowed)',
|
950 |
+
'path' => 'login_lttempts',
|
951 |
+
'value' => '3'
|
952 |
+
),
|
953 |
+
'7' => Array
|
954 |
+
(
|
955 |
+
'text' => 'Ban attacking IPs from accessing site',
|
956 |
+
'path' => 'banning_ip',
|
957 |
+
'value' => '0'
|
958 |
+
)
|
959 |
+
);
|
960 |
+
foreach ($options as $option) {
|
961 |
+
Mage::getModel('firewall/options')
|
962 |
+
->setData($option)
|
963 |
+
->save();
|
964 |
+
}
|
app/code/community/MageFirewall/Firewall/etc/config.xml
ADDED
@@ -0,0 +1,182 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?xml version="1.0"?>
|
2 |
+
<config>
|
3 |
+
<modules>
|
4 |
+
<MageFirewall_Firewall>
|
5 |
+
<version>0.1.0</version>
|
6 |
+
</MageFirewall_Firewall>
|
7 |
+
</modules>
|
8 |
+
<admin>
|
9 |
+
<routers>
|
10 |
+
<firewall>
|
11 |
+
<use>admin</use>
|
12 |
+
<args>
|
13 |
+
<module>MageFirewall_Firewall</module>
|
14 |
+
<frontName>Firewall</frontName>
|
15 |
+
</args>
|
16 |
+
</firewall>
|
17 |
+
</routers>
|
18 |
+
</admin>
|
19 |
+
<adminhtml>
|
20 |
+
<menu>
|
21 |
+
<firewall module="firewall">
|
22 |
+
<title>Firewall</title>
|
23 |
+
<sort_order>71</sort_order>
|
24 |
+
<!--<children>
|
25 |
+
<items module="wall">
|
26 |
+
<title>White List</title>
|
27 |
+
<sort_order>0</sort_order>
|
28 |
+
<action>wall/adminhtml_wall</action>
|
29 |
+
</items>
|
30 |
+
</children>-->
|
31 |
+
<children>
|
32 |
+
<dashboard>
|
33 |
+
<title>Dashboard</title>
|
34 |
+
<action>firewall/adminhtml_dashboard_view</action>
|
35 |
+
<sort_order>50</sort_order>
|
36 |
+
</dashboard>
|
37 |
+
<recentedittedfiles>
|
38 |
+
<title>Recent Edited Files</title>
|
39 |
+
<action>firewall/adminhtml_dashboard_recent</action>
|
40 |
+
<sort_order>60</sort_order>
|
41 |
+
</recentedittedfiles>
|
42 |
+
<whitelist>
|
43 |
+
<title>White List</title>
|
44 |
+
<action>firewall/adminhtml_whitelist</action>
|
45 |
+
<sort_order>100</sort_order>
|
46 |
+
</whitelist>
|
47 |
+
<blacklist>
|
48 |
+
<title>Black List</title>
|
49 |
+
<action>firewall/adminhtml_blacklist</action>
|
50 |
+
<sort_order>200</sort_order>
|
51 |
+
</blacklist>
|
52 |
+
<rules>
|
53 |
+
<title>Rules</title>
|
54 |
+
<action>firewall/adminhtml_rules</action>
|
55 |
+
<sort_order>300</sort_order>
|
56 |
+
</rules>
|
57 |
+
<logs>
|
58 |
+
<title>Logs</title>
|
59 |
+
<action>firewall/adminhtml_logs</action>
|
60 |
+
<sort_order>400</sort_order>
|
61 |
+
</logs>
|
62 |
+
<logs1>
|
63 |
+
<title>Scan your Store</title>
|
64 |
+
<action>firewall/adminhtml_dashboard_diagnostic</action>
|
65 |
+
<sort_order>500</sort_order>
|
66 |
+
</logs1>
|
67 |
+
<diagnostic>
|
68 |
+
<title>Diagnostic</title>
|
69 |
+
<action>firewall/adminhtml_dashboard_filechecker</action>
|
70 |
+
<sort_order>550</sort_order>
|
71 |
+
</diagnostic>
|
72 |
+
</children>
|
73 |
+
</firewall>
|
74 |
+
</menu>
|
75 |
+
<acl>
|
76 |
+
<resources>
|
77 |
+
<all>
|
78 |
+
<title>Allow Everything</title>
|
79 |
+
</all>
|
80 |
+
<admin>
|
81 |
+
<children>
|
82 |
+
<MageFirewall_Firewall>
|
83 |
+
<title>White List</title>
|
84 |
+
<sort_order>10</sort_order>
|
85 |
+
</MageFirewall_Firewall>
|
86 |
+
</children>
|
87 |
+
</admin>
|
88 |
+
</resources>
|
89 |
+
</acl>
|
90 |
+
</adminhtml>
|
91 |
+
<global>
|
92 |
+
<models>
|
93 |
+
<firewall>
|
94 |
+
<class>MageFirewall_Firewall_Model</class>
|
95 |
+
<resourceModel>firewall_mysql4</resourceModel>
|
96 |
+
</firewall>
|
97 |
+
<firewall_mysql4>
|
98 |
+
<class>MageFirewall_Firewall_Model_Mysql4</class>
|
99 |
+
<entities>
|
100 |
+
<rules>
|
101 |
+
<table>firewall_rules</table>
|
102 |
+
</rules>
|
103 |
+
<version>
|
104 |
+
<table>firewall_version</table>
|
105 |
+
</version>
|
106 |
+
<logs>
|
107 |
+
<table>firewall_logs</table>
|
108 |
+
</logs>
|
109 |
+
<whitelist>
|
110 |
+
<table>firewall_whitelist</table>
|
111 |
+
</whitelist>
|
112 |
+
<blacklist>
|
113 |
+
<table>firewall_blacklist</table>
|
114 |
+
</blacklist>
|
115 |
+
<options>
|
116 |
+
<table>firewall_options</table>
|
117 |
+
</options>
|
118 |
+
</entities>
|
119 |
+
</firewall_mysql4>
|
120 |
+
</models>
|
121 |
+
<events>
|
122 |
+
<admin_session_user_login_failed>
|
123 |
+
<observers>
|
124 |
+
<MageFirewall_Firewall_Model_Observer>
|
125 |
+
<class>MageFirewall_Firewall_Model_Observer</class>
|
126 |
+
<method>login_validation</method>
|
127 |
+
</MageFirewall_Firewall_Model_Observer>
|
128 |
+
</observers>
|
129 |
+
</admin_session_user_login_failed>
|
130 |
+
<admin_session_user_login_success>
|
131 |
+
<observers>
|
132 |
+
<MageFirewall_Firewall_Model_Observer>
|
133 |
+
<class>MageFirewall_Firewall_Model_Observer</class>
|
134 |
+
<method>checkBlacklist</method>
|
135 |
+
</MageFirewall_Firewall_Model_Observer>
|
136 |
+
</observers>
|
137 |
+
</admin_session_user_login_success>
|
138 |
+
</events>
|
139 |
+
<resources>
|
140 |
+
<firewall_setup>
|
141 |
+
<setup>
|
142 |
+
<module>MageFirewall_Firewall</module>
|
143 |
+
</setup>
|
144 |
+
<connection>
|
145 |
+
<use>core_setup</use>
|
146 |
+
</connection>
|
147 |
+
</firewall_setup>
|
148 |
+
<firewall_write>
|
149 |
+
<connection>
|
150 |
+
<use>core_write</use>
|
151 |
+
</connection>
|
152 |
+
</firewall_write>
|
153 |
+
<firewall_read>
|
154 |
+
<connection>
|
155 |
+
<use>core_read</use>
|
156 |
+
</connection>
|
157 |
+
</firewall_read>
|
158 |
+
</resources>
|
159 |
+
<helpers>
|
160 |
+
<firewall>
|
161 |
+
<class>MageFirewall_Firewall_Helper</class>
|
162 |
+
</firewall>
|
163 |
+
</helpers>
|
164 |
+
<blocks>
|
165 |
+
<firewall>
|
166 |
+
<class>MageFirewall_Firewall_Block</class>
|
167 |
+
</firewall>
|
168 |
+
</blocks>
|
169 |
+
</global>
|
170 |
+
<crontab>
|
171 |
+
<jobs>
|
172 |
+
<firewall_delete_log>
|
173 |
+
<schedule>
|
174 |
+
<cron_expr>0 0 */15 * *</cron_expr>
|
175 |
+
</schedule>
|
176 |
+
<run>
|
177 |
+
<model>firewall/cron::deleteOldLogs</model>
|
178 |
+
</run>
|
179 |
+
</firewall_delete_log>
|
180 |
+
</jobs>
|
181 |
+
</crontab>
|
182 |
+
</config>
|
app/code/community/MageFirewall/Firewall/sql/firewall_setup/mysql4-install-0.1.0.php
ADDED
@@ -0,0 +1,83 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?php
|
2 |
+
|
3 |
+
$installer = $this;
|
4 |
+
|
5 |
+
$installer->startSetup();
|
6 |
+
|
7 |
+
$installer->run("
|
8 |
+
|
9 |
+
-- DROP TABLE IF EXISTS {$this->getTable('firewall_rules')};
|
10 |
+
CREATE TABLE {$this->getTable('firewall_rules')} (
|
11 |
+
`rules_id` int(11) unsigned NOT NULL auto_increment,
|
12 |
+
`who` varchar(255) NOT NULL default '',
|
13 |
+
`request` text NOT NULL default '',
|
14 |
+
`what` text NOT NULL default '',
|
15 |
+
`why` text NOT NULL default '',
|
16 |
+
`level` text NOT NULL default '',
|
17 |
+
`enabled` smallint(6) NOT NULL default '0',
|
18 |
+
`created_time` datetime NULL,
|
19 |
+
`update_time` datetime NULL,
|
20 |
+
PRIMARY KEY (`rules_id`)
|
21 |
+
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
|
22 |
+
|
23 |
+
-- DROP TABLE IF EXISTS {$this->getTable('firewall_version')};
|
24 |
+
CREATE TABLE {$this->getTable('firewall_version')} (
|
25 |
+
`version_id` int(11) unsigned NOT NULL auto_increment,
|
26 |
+
`version` varchar(255) NOT NULL default '',
|
27 |
+
`created_time` datetime NULL,
|
28 |
+
`update_time` datetime NULL,
|
29 |
+
PRIMARY KEY (`version_id`)
|
30 |
+
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
|
31 |
+
|
32 |
+
-- DROP TABLE IF EXISTS {$this->getTable('firewall_logs')};
|
33 |
+
CREATE TABLE {$this->getTable('firewall_logs')} (
|
34 |
+
`log_id` int(11) unsigned NOT NULL auto_increment,
|
35 |
+
`ruleid` varchar(255) NULL default '',
|
36 |
+
`summary` text NULL default '',
|
37 |
+
`ip` varchar(255) NULL,
|
38 |
+
`level` smallint(6) NULL,
|
39 |
+
`incidentid` varchar(255) NULL,
|
40 |
+
`created_time` datetime NULL,
|
41 |
+
PRIMARY KEY (`log_id`)
|
42 |
+
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
|
43 |
+
|
44 |
+
-- DROP TABLE IF EXISTS {$this->getTable('firewall_whitelist')};
|
45 |
+
CREATE TABLE {$this->getTable('firewall_whitelist')} (
|
46 |
+
`whitelist_id` int(11) unsigned NOT NULL auto_increment,
|
47 |
+
`ip` varchar(255) NOT NULL default '',
|
48 |
+
`text` text NOT NULL default '',
|
49 |
+
`status` smallint(6) NOT NULL default '0',
|
50 |
+
`is_delete` smallint(6) NOT NULL default '0',
|
51 |
+
`created_time` datetime NULL,
|
52 |
+
`update_time` datetime NULL,
|
53 |
+
PRIMARY KEY (`whitelist_id`)
|
54 |
+
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
|
55 |
+
|
56 |
+
-- DROP TABLE IF EXISTS {$this->getTable('firewall_blacklist')};
|
57 |
+
CREATE TABLE {$this->getTable('firewall_blacklist')} (
|
58 |
+
`blacklist_id` int(11) unsigned NOT NULL auto_increment,
|
59 |
+
`ip` varchar(255) NOT NULL default '',
|
60 |
+
`priority` varchar(255) NOT NULL default '',
|
61 |
+
`text` text NOT NULL default '',
|
62 |
+
`count` varchar(255) NOT NULL default '',
|
63 |
+
`is_delete` smallint(6) NOT NULL default '0',
|
64 |
+
`status` smallint(6) NOT NULL default '0',
|
65 |
+
`created_time` datetime NULL,
|
66 |
+
`update_time` datetime NULL,
|
67 |
+
PRIMARY KEY (`blacklist_id`)
|
68 |
+
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
|
69 |
+
|
70 |
+
-- DROP TABLE IF EXISTS {$this->getTable('firewall_options')};
|
71 |
+
CREATE TABLE {$this->getTable('firewall_options')} (
|
72 |
+
`option_id` int(11) unsigned NOT NULL auto_increment,
|
73 |
+
`path` varchar(255) NOT NULL default '',
|
74 |
+
`text` varchar(255) NOT NULL default '',
|
75 |
+
`value` varchar(255) NOT NULL default '',
|
76 |
+
`status` smallint(6) NOT NULL default '1',
|
77 |
+
`created_time` datetime NULL,
|
78 |
+
`update_time` datetime NULL,
|
79 |
+
PRIMARY KEY (`option_id`)
|
80 |
+
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
|
81 |
+
|
82 |
+
");
|
83 |
+
$installer->endSetup();
|
app/design/adminhtml/default/default/template/firewall/dashboard.phtml
ADDED
@@ -0,0 +1,152 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<style>
|
2 |
+
.firewall-options-form-table tr > td
|
3 |
+
{
|
4 |
+
border-collapse:separate;
|
5 |
+
border-spacing:5em;
|
6 |
+
padding-bottom: 1em;
|
7 |
+
}
|
8 |
+
.critical { color: #D20000; }
|
9 |
+
</style>
|
10 |
+
<?php
|
11 |
+
$wallHelper = Mage::helper('firewall');
|
12 |
+
$getIncludedFile = get_included_files();
|
13 |
+
$rootPath = $_SERVER['DOCUMENT_ROOT'];
|
14 |
+
$paths = $rootPath.'/lib/firewall/firewall.php';
|
15 |
+
$optionsAll = Mage::getModel('firewall/options')->getCollection()->getData();
|
16 |
+
$firewalFile = ini_get('auto_prepend_file');
|
17 |
+
$autoprepend = '<b>No</b>.';
|
18 |
+
$autoprependimageIcon = 'error_msg_icon.gif';
|
19 |
+
$firewallDisabled = 0;
|
20 |
+
if (strpos($firewalFile,'lib/firewall/firewall.php') !== false || in_array($paths, $getIncludedFile)) {
|
21 |
+
$firewallDisabled = 1;
|
22 |
+
$autoprependimageIcon = 'success_msg_icon.gif';
|
23 |
+
$autoprependMsg ='';
|
24 |
+
$autoprepend = '<b>Yes</b>.';
|
25 |
+
} else {
|
26 |
+
$autoprependMsg .='<p class="critical">To Enable firewall include the following line in index.php in your webroot directory <br />
|
27 |
+
after the following line of code <br />
|
28 |
+
"define(\'MAGENTO_ROOT\', getcwd());" <br />
|
29 |
+
require_once MAGENTO_ROOT.\'/lib/firewall/firewall.php\';</p> or';
|
30 |
+
$autoprependMsg .='<p class="critical">add the below line to your php.ini / fastphp / in your vhost configuration file. <br />
|
31 |
+
auto_prepend_file = '.$paths.'</p>';
|
32 |
+
|
33 |
+
}
|
34 |
+
$senderEmail = $wallHelper->getMageEmail();
|
35 |
+
?>
|
36 |
+
<form id="edit_form" name="edit_form" method="post" action="<?php $this->getUrl('*/*/post')?>">
|
37 |
+
<input name="form_key" type="hidden" value="<?php echo Mage::getSingleton('core/session')->getFormKey() ?>" />
|
38 |
+
<table class="firewall-options-form-table">
|
39 |
+
<tbody>
|
40 |
+
<tr><th><h2>General Information</h2></th></tr>
|
41 |
+
<tr>
|
42 |
+
<th scope="row"><?php echo $optionsAll[1]['text']; ?></th>
|
43 |
+
<td width="20" align="left">
|
44 |
+
<?php
|
45 |
+
echo '<img width="16" height="16" border="0" src="/skin/adminhtml/default/default/images/'.$autoprependimageIcon.'">'; ?>
|
46 |
+
</td>
|
47 |
+
<td align="left">
|
48 |
+
<input type="hidden" name="fireWall_options[2][option_id]" value="<?php echo $optionsAll[1]['option_id']; ?>">
|
49 |
+
<select style="width:200px" name="fireWall_options[2][value]" disabled>
|
50 |
+
<option value="1"> <?php echo $autoprepend; ?></option>
|
51 |
+
</select>
|
52 |
+
<?php if($firewallDisabled==0) { echo $autoprependMsg; } ?>
|
53 |
+
</td>
|
54 |
+
</tr>
|
55 |
+
<tr>
|
56 |
+
<th scope="row">Hacking Attempts</th>
|
57 |
+
<td></td>
|
58 |
+
<td align="left">
|
59 |
+
<a href="<?php echo Mage::helper("adminhtml")->getUrl("firewall/adminhtml_logs/index"); ?>">
|
60 |
+
<?php echo $_blockData = $wallHelper->getLogsCount(); ?>
|
61 |
+
</a>
|
62 |
+
</td>
|
63 |
+
</tr>
|
64 |
+
<tr><th><h2>Basic Configuration</h2></th></tr>
|
65 |
+
<tr>
|
66 |
+
<th scope="row"><?php echo $optionsAll[0]['text']; ?></th>
|
67 |
+
<td width="20" align="left">
|
68 |
+
<?php $imageIcon = ($optionsAll[0]['value']==1 && $firewallDisabled==1) ? 'success_msg_icon.gif' : 'error_msg_icon.gif';
|
69 |
+
echo '<img width="16" height="16" border="0" src="/skin/adminhtml/default/default/images/'.$imageIcon.'">'; ?>
|
70 |
+
</td>
|
71 |
+
<td align="left">
|
72 |
+
<input type="hidden" name="fireWall_options[1][option_id]" value="<?php echo $optionsAll[0]['option_id']; ?>">
|
73 |
+
<select style="width:200px" name="fireWall_options[1][value]" <?php echo ($firewallDisabled==0) ? "disabled" : ''; ?>>
|
74 |
+
<?php if($firewallDisabled==1) { ?> <option <?php echo ($optionsAll[0]['value']==1 && $firewallDisabled==1) ? 'selected=""' : ''; ?> value="1">Enabled</option> <?php } ?>
|
75 |
+
<option <?php echo ($optionsAll[0]['value']==0) ? 'selected=""' : ''; ?> value="0">Disabled</option>
|
76 |
+
</select>
|
77 |
+
</td>
|
78 |
+
</tr>
|
79 |
+
<tr>
|
80 |
+
<th scope="row"><?php echo $optionsAll[2]['text']; ?></th>
|
81 |
+
<td width="20" align="left">
|
82 |
+
</td>
|
83 |
+
<td align="left">
|
84 |
+
<input type="hidden" name="fireWall_options[3][option_id]" value="<?php echo $optionsAll[2]['option_id']; ?>">
|
85 |
+
<select style="width:200px" name="fireWall_options[3][value]">
|
86 |
+
<option <?php echo ($optionsAll[2]['value']==1) ? 'selected=""' : ''; ?> value="1">Enabled</option>
|
87 |
+
<option <?php echo ($optionsAll[2]['value']==0) ? 'selected=""' : ''; ?> value="0">Disabled</option>
|
88 |
+
</select>
|
89 |
+
</td>
|
90 |
+
</tr>
|
91 |
+
<tr>
|
92 |
+
<th scope="row"><?php echo $optionsAll[3]['text']; ?></th>
|
93 |
+
<td width="20" align="left">
|
94 |
+
</td>
|
95 |
+
<td align="left">
|
96 |
+
<input type="hidden" name="fireWall_options[4][option_id]" value="<?php echo $optionsAll[3]['option_id']; ?>">
|
97 |
+
<input type="text" name="fireWall_options[4][value]" value="<?php echo $optionsAll[3]['value']; ?>" />
|
98 |
+
</td>
|
99 |
+
</tr>
|
100 |
+
<tr>
|
101 |
+
<th scope="row"><?php echo $optionsAll[4]['text']; ?></th>
|
102 |
+
<td></td>
|
103 |
+
<td align="left">
|
104 |
+
<input type="hidden" name="fireWall_options[5][option_id]" value="<?php echo $optionsAll[4]['option_id']; ?>">
|
105 |
+
<input type="text" name="fireWall_options[5][value]" value="<?php echo (empty($optionsAll[4]['value'])) ? $senderEmail : $optionsAll[4]['value']; ?>" />
|
106 |
+
</td>
|
107 |
+
</tr>
|
108 |
+
<?php /*<tr>
|
109 |
+
<th scope="row"><?php echo $optionsAll[5]['text']; ?></th>
|
110 |
+
<td></td>
|
111 |
+
<td align="left">
|
112 |
+
<input type="hidden" name="fireWall_options[6][option_id]" value="<?php echo $optionsAll[5]['option_id']; ?>">
|
113 |
+
<select style="width:200px" name="fireWall_options[6][value]">
|
114 |
+
<option <?php echo ($optionsAll[5]['value']==1) ? 'selected=""' : ''; ?> value="1">Enabled</option>
|
115 |
+
<option <?php echo ($optionsAll[5]['value']==0) ? 'selected=""' : ''; ?> value="0">Disabled</option>
|
116 |
+
</select>
|
117 |
+
</td>
|
118 |
+
</tr> */ ?>
|
119 |
+
<tr>
|
120 |
+
<th scope="row"><?php echo $optionsAll[6]['text']; ?></th>
|
121 |
+
<td></td>
|
122 |
+
<td align="left">
|
123 |
+
|
124 |
+
<input type="hidden" name="fireWall_options[7][option_id]" value="<?php echo $optionsAll[6]['option_id']; ?>">
|
125 |
+
<input type="text" name="fireWall_options[7][value]" value="<?php echo $optionsAll[6]['value']; ?>" />
|
126 |
+
</td>
|
127 |
+
</tr>
|
128 |
+
<tr>
|
129 |
+
<th scope="row"><?php echo $optionsAll[7]['text']; ?></th>
|
130 |
+
<td></td>
|
131 |
+
<td align="left">
|
132 |
+
<input type="hidden" name="fireWall_options[8][option_id]" value="<?php echo $optionsAll[7]['option_id']; ?>"><select style="width:200px" name="fireWall_options[8][value]">
|
133 |
+
<option <?php echo ($optionsAll[7]['value']==1) ? 'selected=""' : ''; ?> value="1">Enabled</option>
|
134 |
+
<option <?php echo ($optionsAll[7]['value']==0) ? 'selected=""' : ''; ?> value="0">Disabled</option>
|
135 |
+
</select>
|
136 |
+
</td>
|
137 |
+
</tr>
|
138 |
+
</tbody>
|
139 |
+
</table>
|
140 |
+
<?php //echo $this->__($message) ?>
|
141 |
+
<br>
|
142 |
+
<br>
|
143 |
+
<button style="" onclick="firewallConfigForm.submit()" class="form-button" type="button" title="Save Config" id=""><span><span><span><?php echo $this->__('Save Configuration') ?></span></span></span></button>
|
144 |
+
</form>
|
145 |
+
<br>
|
146 |
+
<br>
|
147 |
+
<?php //echo $this->__('MageFirewall configuration : '.$autoprepend) ?>
|
148 |
+
<br>
|
149 |
+
<?php //echo $autoprependMsg; ?>
|
150 |
+
<script type="text/javascript">
|
151 |
+
var firewallConfigForm = new varienForm('edit_form');
|
152 |
+
</script>
|
app/design/adminhtml/default/default/template/firewall/diagnostic.phtml
ADDED
@@ -0,0 +1,13 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<iframe style="display:none; border: medium none;" id="iframess" src="" width="100%" height="700px"></iframe>
|
2 |
+
<script>
|
3 |
+
var url = "<?php echo Mage::helper('adminhtml')->getUrl('firewall/adminhtml_dashboard_View') ?>";
|
4 |
+
var baseUrl = "<?php echo Mage::getBaseUrl(); ?>";
|
5 |
+
var r = confirm("Press ok to scan you store. This may not work under intranet environment");
|
6 |
+
var iframe = document.getElementById('iframess');
|
7 |
+
if (r == true) {
|
8 |
+
iframe.src = 'http://magefirewall.com/scan.php?url='+baseUrl;
|
9 |
+
iframe.show();
|
10 |
+
} else {
|
11 |
+
window.location = url;
|
12 |
+
}
|
13 |
+
</script>
|
app/design/adminhtml/default/default/template/firewall/filechecker.phtml
ADDED
@@ -0,0 +1,22 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<h1>Diagnostic Result</h1>
|
2 |
+
<?php
|
3 |
+
$wallHelper = Mage::helper('firewall');
|
4 |
+
$phpVs = 0;
|
5 |
+
echo 'Magento version is: ', Mage::getVersion() . "<br />";
|
6 |
+
if (version_compare(phpversion(), '5.3.0', '<')===true) {
|
7 |
+
$phpVs = 1;
|
8 |
+
echo 'PHP version: ' . phpversion();
|
9 |
+
echo "<br /> Whoops, it looks like you have an older PHP version.";
|
10 |
+
} else {
|
11 |
+
echo 'PHP version: ' . phpversion() .' (stable)';
|
12 |
+
}
|
13 |
+
$check1[0]['exploitname'] = '';
|
14 |
+
$check1[0]['data'][0]['searchstring'] = "libxml_disable_entity_loader(\$loadEntities);";
|
15 |
+
$check1[0]['data'][0]['filelocation'] = "lib/Zend/XmlRpc/Response.php";
|
16 |
+
$check1[0]['error'] = "Major security issue please fix this!!!";
|
17 |
+
$phpVs = 1;
|
18 |
+
$wallHelper->startprocess($check1[0]);
|
19 |
+
echo "Currently your website is safe. ";
|
20 |
+
echo "<br />";
|
21 |
+
echo "<h3>Please contact us at <a href='http://magefirewall.com'>magefirewall</a> or Tweet us at <a href='https://twitter.com/MageFirewall'>@MageFirewall</a> </h3>";
|
22 |
+
?>
|
app/design/adminhtml/default/default/template/firewall/recentfile.phtml
ADDED
@@ -0,0 +1,6 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?php
|
2 |
+
$lists = Mage::helper('firewall')->getRecentEditedFiles();
|
3 |
+
echo "<b>Last ".$lists[0]." days modified files</b> <br> <br> <div style='height: 250px;overflow-y: scroll; border: 1px solid;padding: 5px;'>";
|
4 |
+
echo $lists[1];
|
5 |
+
echo "</div>";
|
6 |
+
?>
|
app/etc/modules/MageFirewall_Firewall.xml
ADDED
@@ -0,0 +1,9 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?xml version="1.0"?>
|
2 |
+
<config>
|
3 |
+
<modules>
|
4 |
+
<MageFirewall_Firewall>
|
5 |
+
<active>true</active>
|
6 |
+
<codePool>community</codePool>
|
7 |
+
</MageFirewall_Firewall>
|
8 |
+
</modules>
|
9 |
+
</config>
|
lib/firewall/firewall.php
ADDED
@@ -0,0 +1,383 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?php
|
2 |
+
/*
|
3 |
+
+------------------------------------------------------------------+
|
4 |
+
| Firewall (c)2012-2013 NinTechNet |
|
5 |
+
| <contact@ninjafirewall.com> |
|
6 |
+
| |
|
7 |
+
| EDITION : Free Edition |
|
8 |
+
+------------------------------------------------------------------+
|
9 |
+
| REVISION: 2013-12-28 18:21:33 |
|
10 |
+
+------------------------------------------------------------------+
|
11 |
+
| This program is free software: you can redistribute it and/or |
|
12 |
+
| modify it under the terms of the GNU General Public License as |
|
13 |
+
| published by the Free Software Foundation, either version 3 of |
|
14 |
+
| the License, or (at your option) any later version. |
|
15 |
+
| |
|
16 |
+
| This program is distributed in the hope that it will be useful, |
|
17 |
+
| but WITHOUT ANY WARRANTY; without even the implied warranty of |
|
18 |
+
| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
19 |
+
| GNU General Public License for more details. |
|
20 |
+
+------------------------------------------------------------------+
|
21 |
+
*/
|
22 |
+
$current_link = "$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]";
|
23 |
+
$host=$_SERVER['HTTP_HOST'].'/downloader/';
|
24 |
+
if (strpos($current_link, $host ) !== false) {
|
25 |
+
return; // firewall does not support magento connect downloader term in the URL without this condition.
|
26 |
+
}
|
27 |
+
$mageFilename = 'app/Mage.php';
|
28 |
+
require_once $mageFilename;
|
29 |
+
//Mage::setIsDeveloperMode(true);
|
30 |
+
//ini_set('display_errors', 1);
|
31 |
+
umask(0);
|
32 |
+
Mage::app();
|
33 |
+
if(!Mage::helper('core')->isModuleEnabled('MageFirewall_Firewall')) return;
|
34 |
+
$resource = Mage::getSingleton('core/resource');
|
35 |
+
$readConnection = $resource->getConnection('core_read');
|
36 |
+
$mageOptions = Mage::getModel('firewall/options');
|
37 |
+
$wallHelper = Mage::helper('firewall');
|
38 |
+
if($wallHelper->getOptionsData('firewall_enable')==0) return;
|
39 |
+
$ip_address = $wallHelper->getClientIp();
|
40 |
+
$WhiteListQuery = "SELECT * FROM ".$resource->getTableName('firewall_whitelist')." WHERE status=1 && is_delete!=1 && ip='$ip_address'";
|
41 |
+
$WhiteListResults = $readConnection->fetchAll($WhiteListQuery);
|
42 |
+
$MagenfCheckDebug = '';
|
43 |
+
//checking debug mode is enabled or not
|
44 |
+
if($wallHelper->getOptionsData('debug_mode')==1) $MagenfCheckDebug = 2;
|
45 |
+
$getIpOptionValue = $wallHelper->getOptionsData('banning_ip');
|
46 |
+
$CheckipOption = ($getIpOptionValue==0) ? 'off' : 'on';
|
47 |
+
define('NF_STARTTIME', microtime(true));
|
48 |
+
|
49 |
+
$MagenfCheckEnabled = 1; // $results['0']['enabled'];
|
50 |
+
$MagenfoptionApplication = 'generic|option|magento'; //$results['0']['application'];
|
51 |
+
|
52 |
+
if ($MagenfCheckDebug) {
|
53 |
+
register_shutdown_function('nf_debugfirewall', $MagenfCheckDebug);
|
54 |
+
define('STAG', '- ');
|
55 |
+
define('ETAG', "\n");
|
56 |
+
$nfdebug = STAG ."starting Firewall". ETAG ;// STAG ."hooked PHP script\t\t[----] ". $_SERVER['SCRIPT_FILENAME'] . ETAG;
|
57 |
+
}
|
58 |
+
|
59 |
+
if (! $MagenfCheckEnabled) {
|
60 |
+
if ($MagenfCheckDebug) { define('NFDEBUG', $nfdebug.= STAG ."protection is disabled\t[STOP]". ETAG . '::' . nf_benchmarks() ); }
|
61 |
+
//return;
|
62 |
+
}
|
63 |
+
if(empty($WhiteListResults)){
|
64 |
+
$blackListQuery = "SELECT * FROM ".$resource->getTableName('firewall_blacklist')." WHERE status=1 && is_delete!=1 && ip='$ip_address'";
|
65 |
+
$blackListResults = $readConnection->fetchAll($blackListQuery);
|
66 |
+
if(!empty($blackListResults)){
|
67 |
+
nf_write2log('Blacklist Ip trying to get site.', null, 2, 0);
|
68 |
+
//echo "You are in blacklist.";
|
69 |
+
//die();
|
70 |
+
}
|
71 |
+
}
|
72 |
+
if ($MagenfCheckDebug) { $nfdebug.= STAG ."checking user IP\t\t";}
|
73 |
+
if ( (preg_match('/^(?:::ffff:)?127\.0\.0\.1$/', $ip_address)) || ($ip_address == $_SERVER['SERVER_ADDR']) ) {
|
74 |
+
if ($MagenfCheckDebug) { define('NFDEBUG', $nfdebug.= '[STOP] '. $ip_address .' is whitelisted'. ETAG . '::' . nf_benchmarks() ); }
|
75 |
+
return;
|
76 |
+
}
|
77 |
+
|
78 |
+
if ($MagenfCheckDebug) { $nfdebug.= "[----] banning IP option is $CheckipOption". ETAG; }
|
79 |
+
if ( ($_SERVER['SCRIPT_FILENAME'] == dirname(__FILE__) .'/index.php') || ($_SERVER['SCRIPT_FILENAME'] == dirname(__FILE__) .'/login.php') ) {
|
80 |
+
if ($MagenfCheckDebug) { define('NFDEBUG', $nfdebug.= STAG ."script is whitelisted\t\t[STOP] ".$_SERVER['SCRIPT_NAME']. ETAG . '::' . nf_benchmarks() ); }
|
81 |
+
return;
|
82 |
+
}
|
83 |
+
if (preg_match('/^[\d.:]+$/', $_SERVER['HTTP_HOST'])) {
|
84 |
+
if ($MagenfCheckDebug) { $nfdebug.= STAG ."HTTP_HOST\t\t\t[FAIL] HTTP_HOST is an IP (".$_SERVER['HTTP_HOST'] .')'. ETAG; }
|
85 |
+
nf_write2log('HTTP_HOST is an IP', $_SERVER['HTTP_HOST'], 1, 0);
|
86 |
+
if($getIpOptionValue==1){
|
87 |
+
nf_block();
|
88 |
+
}
|
89 |
+
}
|
90 |
+
|
91 |
+
if ( strpos('GET|POST|HEAD', $_SERVER['REQUEST_METHOD']) === false ) {
|
92 |
+
if ($MagenfCheckDebug) { $nfdebug.= STAG ."REQUEST_METHOD\t\t[FAIL] ". nf_bin2hex_string($_SERVER['REQUEST_METHOD']) .' not allowed'. ETAG; }
|
93 |
+
nf_write2log('request method not allowed', $_SERVER['REQUEST_METHOD'], 2, 0);
|
94 |
+
nf_block();
|
95 |
+
}
|
96 |
+
nf_check_request();
|
97 |
+
|
98 |
+
if ($MagenfCheckDebug) { $nfdebug.= STAG ."checking uploads\t\t"; }
|
99 |
+
if (! empty($_FILES)) {
|
100 |
+
nf_check_upload();
|
101 |
+
} else {
|
102 |
+
if ($MagenfCheckDebug) { $nfdebug.= "[----] no upload detected". ETAG; }
|
103 |
+
}
|
104 |
+
$_GET = nf_sanitise( $_GET, 1, 'GET');
|
105 |
+
$_COOKIE = nf_sanitise( $_COOKIE, 1, 'COOKIE');
|
106 |
+
if (! empty($_SERVER['HTTP_USER_AGENT'])) {
|
107 |
+
$_SERVER['HTTP_USER_AGENT'] = nf_sanitise( $_SERVER['HTTP_USER_AGENT'], 1, 'HTTP_USER_AGENT');
|
108 |
+
}
|
109 |
+
if (! empty($_SERVER['HTTP_REFERER'])) {
|
110 |
+
$_SERVER['HTTP_REFERER'] = nf_sanitise( $_SERVER['HTTP_REFERER'], 1, 'HTTP_REFERER');
|
111 |
+
}
|
112 |
+
if (! empty($_SERVER['PATH_INFO'])) {
|
113 |
+
$_SERVER['PATH_INFO'] = nf_sanitise( $_SERVER['PATH_INFO'], 2, 'PATH_INFO');
|
114 |
+
}
|
115 |
+
if (! empty($_SERVER['PATH_TRANSLATED'])) {
|
116 |
+
$_SERVER['PATH_TRANSLATED'] = nf_sanitise( $_SERVER['PATH_TRANSLATED'], 2, 'PATH_TRANSLATED');
|
117 |
+
}
|
118 |
+
if (! empty($_SERVER['PHP_SELF'])) {
|
119 |
+
$_SERVER['PHP_SELF'] = nf_sanitise( $_SERVER['PHP_SELF'], 2, 'PHP_SELF');
|
120 |
+
}
|
121 |
+
|
122 |
+
if ( (! defined('NFDEBUG')) && ($nfdebug) ) { define('NFDEBUG',$nfdebug . '::' . nf_benchmarks() ); }
|
123 |
+
return;
|
124 |
+
|
125 |
+
/* ================================================================ */
|
126 |
+
function nf_debugfirewall($debug) {
|
127 |
+
|
128 |
+
if ( (defined('NF_NODBG')) || (! defined('NFDEBUG')) || (NFDEBUG == '') ) {
|
129 |
+
return;
|
130 |
+
}
|
131 |
+
list($nfdebug, $bench) = explode('::', NFDEBUG . '::');
|
132 |
+
|
133 |
+
if ($debug == 1) {
|
134 |
+
echo "\n<!--\n". htmlentities( $nfdebug ) ."- stopping Firewall\n- processing time:\t\t$bench s\n-->" ;
|
135 |
+
} else {
|
136 |
+
echo '<br><script>function onoff(){if(document.getElementById("tex").style.display=="none"){document.getElementById("tex").style.display="";document.getElementById("fie").style.background="#000000";document.cookie="tex=0; expires=Thu, 01-Jan-70 00:00:01 GMT;";}else{document.getElementById("tex").style.display="none";document.getElementById("fie").style.background="none";document.cookie="tex=1;";}}</script>'. "\n". '<center><fieldset id=fie style="width:85%;font-family:Verdana,Arial,sans-serif,Ubuntu;font-size:10px;background:';
|
137 |
+
if ( (isset($_COOKIE['tex'])) && ($_COOKIE['tex'])==1) {echo 'none';} else {echo '#000000';}
|
138 |
+
echo ';border:0px solid #000000;padding:0px;"><legend id=leg style="border:1px solid #ffd821;background:#ffd821;font-family:Verdana,Arial,sans-serif,Ubuntu;font-size:10px;"><a title=\'Click to mask/show the console\' href="javascript:onoff();" style="text-decoration: none;color:#000000;background:#ffd821;"><b> Firewall debug console </b></a></legend><textarea id=tex rows='. count(explode("\n", $nfdebug)) .' style="font-family:\'Courier New\',Courier,monospace,Verdana, Arial, sans-serif;font-size:12px;width:100%;border:none;padding:0px;background:#000000;color:#ffffff;line-height:14px;';
|
139 |
+
if ( (isset($_COOKIE['tex'])) && ($_COOKIE['tex'])==1) {echo 'display:none;'; }
|
140 |
+
echo '" wrap="off">'. htmlentities( $nfdebug ) ."- stopping Firewall\n- processing time\t\t$bench s</textarea></fieldset></center><br>";
|
141 |
+
}
|
142 |
+
}
|
143 |
+
/* ================================================================ */
|
144 |
+
function nf_check_request() {
|
145 |
+
global $resource;
|
146 |
+
global $readConnection;
|
147 |
+
global $MagenfCheckDebug;
|
148 |
+
global $MagenfoptionApplication;
|
149 |
+
global $nfdebug;
|
150 |
+
|
151 |
+
$rules_count = 0;
|
152 |
+
$query = 'SELECT * FROM ' . $resource->getTableName('firewall_rules'). ' WHERE `who` REGEXP "^('. $MagenfoptionApplication .')$" && `enabled` = "1"';
|
153 |
+
$results = $readConnection->fetchAll($query);
|
154 |
+
foreach($results as $rulesData){
|
155 |
+
$wherelist = explode('|', $rulesData['request']);
|
156 |
+
foreach ($wherelist as $where) {
|
157 |
+
if ( ($where == 'POST') || ($where == 'GET') ) {
|
158 |
+
foreach ($GLOBALS['_' . $where] as $reqkey => $reqvalue) {
|
159 |
+
if ( is_array($reqvalue) ) {
|
160 |
+
$res = nf_flatten( "\n", $reqvalue );
|
161 |
+
$reqvalue = $res;
|
162 |
+
|
163 |
+
$rulesData['what'] = '(?m:'. $rulesData['what'] .')';
|
164 |
+
} else {
|
165 |
+
if ( ($where == 'POST') && ($reqvalue) && (! isset( $b64_post[$reqkey])) ) {
|
166 |
+
$b64_post[$reqkey] = 1;
|
167 |
+
nf_check_b64($reqkey, $reqvalue);
|
168 |
+
}
|
169 |
+
}
|
170 |
+
// print_r("reqvalue." .$reqvalue ."=" );
|
171 |
+
if (! $reqvalue) {continue;}
|
172 |
+
$rules_count++;
|
173 |
+
|
174 |
+
// print_r($rulesData['what'] . "<br />");
|
175 |
+
if ( preg_match('`'.$rulesData['what'].'`', $reqvalue) ) {
|
176 |
+
|
177 |
+
if ($MagenfCheckDebug) { $nfdebug.= STAG ."checking request\t\t". '[FAIL] '. $where .' : ' . $rulesData['why'] . ' (#'. $rulesData['rules_id'] . ')' . ETAG; }
|
178 |
+
|
179 |
+
nf_write2log($rulesData['why'], $where . ':' . $reqkey . ' = ' . $reqvalue, $rulesData['level'], $rulesData['rules_id']);
|
180 |
+
nf_block();
|
181 |
+
}
|
182 |
+
|
183 |
+
|
184 |
+
}
|
185 |
+
continue;
|
186 |
+
}
|
187 |
+
|
188 |
+
$sub_value = explode(':', $where);
|
189 |
+
if ( (! empty($sub_value[1]) ) && ( @isset($GLOBALS['_' . $sub_value[0]] [$sub_value[1]]) ) ) {
|
190 |
+
$rules_count++;
|
191 |
+
if ( is_array($GLOBALS['_' . $sub_value[0]] [$sub_value[1]]) ) {
|
192 |
+
$res = nf_flatten( "\n", $GLOBALS['_' . $sub_value[0]] [$sub_value[1]] );
|
193 |
+
$GLOBALS['_' . $sub_value[0]] [$sub_value[1]] = $res;
|
194 |
+
$rulesData['what'] = '(?m:'. $rulesData['what'] .')';
|
195 |
+
}
|
196 |
+
if (! $GLOBALS['_' . $sub_value[0]] [$sub_value[1]]) {continue;}
|
197 |
+
if ( preg_match('`'. $rulesData['what'] .'`', $GLOBALS['_' . $sub_value[0]] [$sub_value[1]]) ) {
|
198 |
+
if ($MagenfCheckDebug) { $nfdebug.= STAG ."checking request\t\t". '[FAIL] '.$sub_value[0].':'.$sub_value[1].' : ' . $rulesData['why'] . ' (#'. $rulesData['rules_id'] . ')' . ETAG; }
|
199 |
+
nf_write2log($rulesData['why'], $sub_value[0].':'.$sub_value[1].' = ' . $GLOBALS['_' . $sub_value[0]] [$sub_value[1]], $rulesData['level'], $rulesData['rules_id']);
|
200 |
+
nf_block();
|
201 |
+
}
|
202 |
+
|
203 |
+
} elseif ( isset($_SERVER[$where]) ) {
|
204 |
+
$rules_count++;
|
205 |
+
if ( preg_match('`'. $rulesData['what'] .'`', $_SERVER[$where]) ) {
|
206 |
+
if ($MagenfCheckDebug) { $nfdebug.= STAG ."checking request\t\t". '[FAIL] ' . $where.' : ' . $rulesData['why'] . ' (#'. $rulesData['rules_id'] . ')' . ETAG; }
|
207 |
+
nf_write2log($rulesData['why'], $where . ':' . $_SERVER[$where], $rulesData['level'], $rulesData['rules_id']);
|
208 |
+
nf_block();
|
209 |
+
}
|
210 |
+
}
|
211 |
+
}
|
212 |
+
}
|
213 |
+
|
214 |
+
|
215 |
+
if ($MagenfCheckDebug) { $nfdebug.= STAG ."checking request\t\t". '[PASS] '. $rules_count . ' occurences checked' . ETAG; }
|
216 |
+
|
217 |
+
}
|
218 |
+
/* ================================================================ */
|
219 |
+
function nf_flatten($glue, $pieces) {
|
220 |
+
|
221 |
+
foreach ($pieces as $r_pieces) {
|
222 |
+
if ( is_array($r_pieces)) {
|
223 |
+
$ret[] = nf_flatten($glue, $r_pieces);
|
224 |
+
} else {
|
225 |
+
$ret[] = $r_pieces;
|
226 |
+
}
|
227 |
+
}
|
228 |
+
return implode($glue, $ret);
|
229 |
+
}
|
230 |
+
/* ================================================================ */
|
231 |
+
function nf_bin2hex_string($data) {
|
232 |
+
|
233 |
+
$res = '';
|
234 |
+
$string = str_split($data);
|
235 |
+
foreach ( $string as $char ) {
|
236 |
+
if ( ( ord($char) < 32 ) || ( ord($char) > 127 ) ) {
|
237 |
+
$res .= '%' . bin2hex($char);
|
238 |
+
} else {
|
239 |
+
$res .= $char;
|
240 |
+
}
|
241 |
+
}
|
242 |
+
return $res;
|
243 |
+
}
|
244 |
+
/* ================================================================== */
|
245 |
+
function nf_check_b64( $reqkey, $string ) {
|
246 |
+
|
247 |
+
global $MagenfCheckDebug;
|
248 |
+
global $nfdebug;
|
249 |
+
|
250 |
+
$string = preg_replace( '`[^A-Za-z0-9+/=]`', '', $string);
|
251 |
+
if ( (! $string) || (strlen($string) % 4 != 0) ) { return; }
|
252 |
+
if ( base64_encode( $decoded = base64_decode($string) ) === $string ) {
|
253 |
+
if ( preg_match( '`\b(?:\$?_(COOKIE|ENV|FILES|(?:GE|POS|REQUES)T|SE(RVER|SSION))|HTTP_(?:(?:POST|GET)_VARS|RAW_POST_DATA)|GLOBALS)\s*[=\[)]|\b(?i:array_map|assert|base64_(?:de|en)code|chmod|curl_exec|(?:ex|im)plode|error_reporting|eval|file(?:_get_contents)?|f(?:open|write|close)|fsockopen|function_exists|gzinflate|md5|move_uploaded_file|ob_start|passthru|preg_replace|phpinfo|stripslashes|strrev|(?:shell_)?exec|system|unlink)\s*\(|\becho\s*[\'"]|<\s*(?i:applet|div|embed|i?frame(?:set)?|img|meta|marquee|object|script|textarea)\b|\b(?i:(?:ht|f)tps?|php)://|\W\$\{\s*[\'"]\w+[\'"]|<\?(?i:php)`', $decoded) ) {
|
254 |
+
if ($MagenfCheckDebug) { $nfdebug.= STAG ."checking request\t\t". '[FAIL] POST[' . $reqkey . '] : BASE64-encoded injection' . ETAG; }
|
255 |
+
nf_write2log('BASE64-encoded injection', 'POST:' . $reqkey . ' = ' . $string, 3, 0);
|
256 |
+
nf_block();
|
257 |
+
}
|
258 |
+
}
|
259 |
+
}
|
260 |
+
/* ================================================================ */
|
261 |
+
function nf_sanitise($str, $how, $msg ) {
|
262 |
+
|
263 |
+
// global $dbh;
|
264 |
+
global $MagenfCheckDebug;
|
265 |
+
global $nfdebug;
|
266 |
+
if (! isset($str) ) {
|
267 |
+
return null;
|
268 |
+
} else if (is_string($str) ) {
|
269 |
+
if (get_magic_quotes_gpc() ) {$str = stripslashes($str);}
|
270 |
+
|
271 |
+
if ($how == 1) {
|
272 |
+
//$str2 = $dbh->real_escape_string($str);
|
273 |
+
$str2 = str_replace('`', '\`', $str);
|
274 |
+
} else {
|
275 |
+
$str2 = str_replace( array('\\', "'", '"', "\x0d", "\x0a", "\x00", "\x1a", '`', '<', '>'),
|
276 |
+
array('\\\\', "\\'", '\\"', 'X', 'X', 'X', 'X', '\\`', '\\<', '\\>'), $str);
|
277 |
+
}
|
278 |
+
if ($str2 != $str) {
|
279 |
+
nf_write2log('Sanitising user input', $msg . ': ' . $str, 6, 0);
|
280 |
+
if ($MagenfCheckDebug) { $nfdebug.= STAG . "sanitising $msg\t\t[WARN] string: " . nf_bin2hex_string($str) . ETAG; }
|
281 |
+
}
|
282 |
+
return $str2;
|
283 |
+
|
284 |
+
} else if (is_array($str) ) {
|
285 |
+
foreach($str as $key => $value) {
|
286 |
+
if (get_magic_quotes_gpc() ) {$key = stripslashes($key);}
|
287 |
+
|
288 |
+
$key2 = str_replace( array('\\', "'", '"', "\x0d", "\x0a", "\x00", "\x1a", '`', '<', '>'),
|
289 |
+
array('\\\\', "\\'", '\\"', 'X', 'X', 'X', 'X', '`', '<', '>'), $key, $occ);
|
290 |
+
if ($occ) {
|
291 |
+
unset($str[$key]);
|
292 |
+
nf_write2log('Sanitising user input', $msg . ': ' . $key, 6, 0);
|
293 |
+
if ($MagenfCheckDebug) { $nfdebug.= STAG . "sanitising $msg\t\t[WARN] string: " . nf_bin2hex_string($key) . ETAG; }
|
294 |
+
}
|
295 |
+
$str[$key2] = nf_sanitise($value, $how, $msg);
|
296 |
+
}
|
297 |
+
return $str;
|
298 |
+
}
|
299 |
+
}
|
300 |
+
/* ================================================================ */
|
301 |
+
function nf_check_upload() {
|
302 |
+
|
303 |
+
global $nfdebug;
|
304 |
+
global $MagenfCheckDebug;
|
305 |
+
$tmp = '';
|
306 |
+
foreach ($_FILES as $file) {
|
307 |
+
if ( is_array($file['name']) ) {
|
308 |
+
foreach($file['name'] as $key => $value) {
|
309 |
+
if (! $file['name'][$key]) { continue; }
|
310 |
+
$tmp .= $file['name'][$key] . ', ' . number_format($file['size'][$key]) . ' bytes ';
|
311 |
+
}
|
312 |
+
} else {
|
313 |
+
if (! $file['name']) { continue; }
|
314 |
+
$tmp .= $file['name'] . ', ' . number_format($file['size']) . ' bytes ';
|
315 |
+
}
|
316 |
+
}
|
317 |
+
if ($tmp) {
|
318 |
+
if ($MagenfCheckDebug) { $nfdebug.= '[FAIL] file upload attempt : '. nf_bin2hex_string($tmp) . ETAG; }
|
319 |
+
nf_write2log('File upload attempt', rtrim($tmp, ' '), 2, 0);
|
320 |
+
nf_block();
|
321 |
+
}
|
322 |
+
|
323 |
+
if ($MagenfCheckDebug) { $nfdebug.= '[----] upload field is empty' . ETAG; }
|
324 |
+
}
|
325 |
+
/* ================================================================ */
|
326 |
+
function nf_block() {
|
327 |
+
|
328 |
+
global $nfdebug;
|
329 |
+
global $rand_value;
|
330 |
+
global $ip_address;
|
331 |
+
|
332 |
+
header('HTTP/1.1 403 Forbidden');
|
333 |
+
header('Status: 403 Forbidden');
|
334 |
+
echo '<html><head><title>403 Forbidden</title><style>.smallblack{font-family:Verdana,Arial,Helvetica,Ubuntu,"Bitstream Vera Sans",sans-serif;font-size:12px;line-height:16px;color:#000000;}.tinygrey{font-family:Verdana,Arial,Helvetica,Ubuntu, "Bitstream Vera Sans",sans-serif;font-size:10px;line-height:12px;color:#999999;}</style></head><body><br><br><br><br><br><table align=center style="border:1px solid #FDCD25;" cellspacing=0 cellpadding=6 class=smallblack><tr><td align=center><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABmJLR0QA/wD/AP+gvaeTAAAACXBIWXMAAA3XAAAN1wFCKJt4AAAAB3RJTUUH1goFFS4tIeiJwwAAAqNJREFUOMttk9trXFUUxn97nz0zZ+ZEEnNFwSAhVQoKEcFCqaJ9CQhBnxRC639QCvqgkJdQGoo3fBbxQmlLzIPoQ0SKEAQlITEEL6mkScUmJ2MymclJzlzOTM6cs3w4U3OhH+yXtdb3fWvtxVKcwPI4g20Z3nW6H30509HvgCLcc2tVr/hT4PPRU1f5i4dhZhzjfpz+Mpx/25fdJZE4kkPEIt7vEi68429+kr3x66ekjpFlCqvwef+8FH6OJPRFQl+q+9vy9eQtuXnjupQK6/IgLsW5aOeLJxeXx0kDGIC8y2ePvzb+HCanKa8BsHLnH+YXFjHG0NUmDL/0bOKm07r7/MRQ+O1bX0E0au59wKmegadHMI6hsgoa0FD11snn81iWxc52BglslAAxoIzuHjg9vPbhn88Yx+G9VC7dTbCW9KMTo9r+Jq7rorVmr2ghQRqlFQgQQiqb7mxvY8zkOjgHGxCuQgSoRCQob+O6LkopdosCByrJCUkd97HbecGYHDZ6D6qzYPf8L1ArF9nY2Eg62G0iYQRKJSM0SqBLGIeMUVkUFnBwF9QWpOxkM3GdZrMJQHhQBGkk5LAOB34yrg1GFA1SgCWg90Htg4InHjtcc19PDaVqrS0AKaAJommYsMFstpNBaCVM8l48C79MgbsFr5wBbbdm161/MhB5LOlmhfdjGx/TEkgBaVhx4c3LcOkK/PF3EjtqIFnKUcA13TXKcrDDD7QRYx2KfHMb3H+hUITJaYj0EQGHuF7gx443WNQATpGLjT2WeIQIKyl6fQT6eqGrE0ZeBcsGrITc8FjOVrhw/B6+J1OfYyr28MRHxEfiKhIHiFQQKSOxh1ef5zuZwX7AUyevsjLNUKqXMauL51WOtIAioB6V+K1ZYsIZZvFo/X+fTjL6xSvBJAAAAABJRU5ErkJggg==" border=0 width=16 height=16><p>Sorry <b>'. $ip_address .'</b>, your request cannot be proceeded.<br>For security reason it was blocked and logged.<p>If you think that this was a mistake, please contact<br>the webmaster and enclose the following incident ID :<p>[<b>#' . $rand_value . '</b>]<br> </td></tr></table><br><br><br><br></body></html>';
|
335 |
+
|
336 |
+
if ($nfdebug) {define('NFDEBUG', $nfdebug . '::' . nf_benchmarks() );}
|
337 |
+
|
338 |
+
@$dbh->close();
|
339 |
+
exit;
|
340 |
+
}
|
341 |
+
/* ================================================================ */
|
342 |
+
function nf_write2log( $loginfo, $logdata, $loglevel, $ruleid ) {
|
343 |
+
|
344 |
+
global $MagenfCheckDebug;
|
345 |
+
global $rand_value;
|
346 |
+
global $nfdebug;
|
347 |
+
global $ip_address;
|
348 |
+
|
349 |
+
if ( ($loglevel == 6) || ($loglevel == 5) ) {
|
350 |
+
$rand_value = '0000000';
|
351 |
+
$http_ret_code = '200 OK';
|
352 |
+
} else {
|
353 |
+
$rand_value = mt_rand(1000000, 9000000);
|
354 |
+
$http_ret_code = '403 Forbidden';
|
355 |
+
}
|
356 |
+
|
357 |
+
/*$LOG_FILE = dirname(__FILE__) . '/var/logs/firewall_' . date('Y-m') . '.log';
|
358 |
+
if (! $handle = fopen($LOG_FILE, 'a') ) {
|
359 |
+
if ($MagenfCheckDebug) { $nfdebug.= STAG .'unable to write to log'. "\t" . '[ERROR] ' . $LOG_FILE . ETAG; }
|
360 |
+
return;
|
361 |
+
}*/
|
362 |
+
|
363 |
+
//if (strlen($logdata) > 100) { $logdata = substr($logdata, 0, 100) . '...'; }
|
364 |
+
|
365 |
+
$message =
|
366 |
+
'[' . $http_ret_code . '] ' . '[' . $_SERVER['REQUEST_METHOD'] . '] ' .
|
367 |
+
'[' . $_SERVER['SCRIPT_NAME'] . '] ' . '[' . $loginfo . '] ' .
|
368 |
+
'[' . nf_bin2hex_string($logdata) . ']' . "\n";
|
369 |
+
Mage::getModel('firewall/logs')
|
370 |
+
->setData(array('summary'=>$message,'ruleid'=>$ruleid,'level'=>$loglevel,'ip'=>$ip_address,'incidentid'=>$rand_value,'created_time'=>time()))
|
371 |
+
->save();
|
372 |
+
Mage::log($message, null, "firewall_-".date('Y-m-d').".log");
|
373 |
+
// fclose($handle);
|
374 |
+
}
|
375 |
+
/* ================================================================ */
|
376 |
+
function nf_benchmarks() {
|
377 |
+
|
378 |
+
return round( (microtime(true) - NF_STARTTIME), 5);
|
379 |
+
|
380 |
+
}
|
381 |
+
/* ================================================================ */
|
382 |
+
// EOF
|
383 |
+
?>
|
package.xml
ADDED
@@ -0,0 +1,18 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?xml version="1.0"?>
|
2 |
+
<package>
|
3 |
+
<name>MageFirewall_Firewall</name>
|
4 |
+
<version>0.1.0</version>
|
5 |
+
<stability>stable</stability>
|
6 |
+
<license>OSL v. 3.0</license>
|
7 |
+
<channel>community</channel>
|
8 |
+
<extends/>
|
9 |
+
<summary>Opensource Magento Firewall for securing your e-commerce system.</summary>
|
10 |
+
<description>It protects users magneto ecommerce systems with several security features.</description>
|
11 |
+
<notes>First release</notes>
|
12 |
+
<authors><author><name>paimpozhil</name><user>paimpozhil</user><email>paimpozhil@gmail.com</email></author></authors>
|
13 |
+
<date>2014-09-18</date>
|
14 |
+
<time>12:48:17</time>
|
15 |
+
<contents><target name="magecommunity"><dir name="MageFirewall"><dir name="Firewall"><dir name="Block"><dir name="Adminhtml"><dir name="Blacklist"><dir name="Edit"><file name="Form.php" hash="d26360056e1af1941f2055ce2f6d43c3"/><dir name="Tab"><file name="Form.php" hash="0bb50bc1207256d40e7bae26e7919789"/></dir><file name="Tabs.php" hash="ef545ebdef29eb8a07a0fe514e96a838"/></dir><file name="Edit.php" hash="8a0b682b1b1a13693828654fc465d03a"/><file name="Grid.php" hash="458ace727ba696dcff27220b702d9869"/></dir><file name="Blacklist.php" hash="8aafc52116e077dfd7568f02085ee216"/><dir name="Logs"><file name="Grid.php" hash="211ce1ba3dc311ea3a9926626d7549ab"/></dir><file name="Logs.php" hash="cfaf8454e04b9c29c19d49188e92278b"/><dir name="Rules"><dir name="Edit"><file name="Form.php" hash="af6478cdc0e8597539270574bf580732"/><dir name="Tab"><file name="Form.php" hash="964beb6b05ed7cfcdad228322700d680"/></dir><file name="Tabs.php" hash="588f28856122a51bbfcdc88b07eb7c78"/></dir><file name="Edit.php" hash="31a84e45679addebf887c283509cad74"/><file name="Grid.php" hash="177f832f0bf29b5b35e407c30bc3d53d"/></dir><file name="Rules.php" hash="a9b1815f6c762a33fe4af0d9e825e6b1"/><dir name="Whitelist"><dir name="Edit"><file name="Form.php" hash="24f87e125d1d354dcd49096e2da1a90d"/><dir name="Tab"><file name="Form.php" hash="bf8f74d7665ed79991081c4edef5a998"/></dir><file name="Tabs.php" hash="ce02a58a943827ccb9dde071e8777a1b"/></dir><file name="Edit.php" hash="c00bd6da06bb01bfbeeaed24e026de96"/><file name="Grid.php" hash="fe80f5ae18c2e74b53e90def5b1c7ce8"/></dir><file name="Whitelist.php" hash="e5ddc033500ffe525ce9b9a46e1686bf"/></dir></dir><dir name="Helper"><file name="Data.php" hash="c84897bcb7a2e6f36955f4261bf89486"/></dir><dir name="Model"><file name="Blacklist.php" hash="b9f445d0e476b13bba2d6082cafcf413"/><file name="Cron.php" hash="27fd2731368dd6b41d107361f450b794"/><file name="Logs.php" hash="81e0eeeb79349075393f37994edf2f45"/><dir name="Mysql4"><dir name="Blacklist"><file name="Collection.php" hash="70d70ef8a916a611852bb4403c833907"/></dir><file name="Blacklist.php" hash="78c956b15cb27ab5771585425b6e55ac"/><dir name="Logs"><file name="Collection.php" hash="8dbd26450f38fd779adeb2d4c8c6ecfc"/></dir><file name="Logs.php" hash="8597c4053eb34f82aa4f315648a55eae"/><dir name="Options"><file name="Collection.php" hash="551289eb76b05c994c92f7a7a03344ec"/></dir><file name="Options.php" hash="b6c0c2f3fe6090f24a19532087ba19c2"/><dir name="Rules"><file name="Collection.php" hash="0e16336936eea930eb9be37760cd3859"/></dir><file name="Rules.php" hash="708f759852fdfda07c04209e0cc4666c"/><dir name="Version"><file name="Collection.php" hash="d2742547114e9824f2a69efa094a2bcb"/></dir><file name="Version.php" hash="07c11bd747b44ef08b3772057c9a1b95"/><dir name="Whitelist"><file name="Collection.php" hash="ae8cac841ebd6cb95630b53dbcbee435"/></dir><file name="Whitelist.php" hash="921942f5c7d5f294e07fb73257a7e23d"/></dir><file name="Observer.php" hash="645cc56e5039f188e95e2797dd67a9e2"/><file name="Options.php" hash="3d3562b526556480e38e3f5939292a13"/><file name="Rules.php" hash="26f3b465b377fb3cc620c3e646a901ef"/><file name="Version.php" hash="dcafc9db7dfae1b4bc661824a5ceb8d0"/><file name="Whitelist.php" hash="f9c48424055eff408351eb7a995a756e"/></dir><dir name="controllers"><dir name="Adminhtml"><file name="BlacklistController.php" hash="eafd2d348873ab7ed8818a181adeaee2"/><dir name="Dashboard"><file name="DiagnosticController.php" hash="87c41a95b25174c03078bf46cf3b1419"/><file name="FilecheckerController.php" hash="12b8bb4454bcb6b78e4b7f8556856f70"/><file name="RecentController.php" hash="478f5b5aea6861764d29af9146c52764"/><file name="ViewController.php" hash="9fe90eac61581484055357ab52245848"/></dir><file name="LogsController.php" hash="555ab9ab642e538b3619d60ba2f12187"/><file name="RulesController.php" hash="185a0da146bc4a5aec80b227065aa53d"/><file name="WhitelistController.php" hash="544c62f98e22d1b5d0d561778df7d310"/></dir></dir><dir name="data"><dir name="firewall_setup"><file name="data-install-0.1.0.php" hash="c6a2451a59e0cea5d4ebbf7d36f20a95"/></dir></dir><dir name="etc"><file name="config.xml" hash="c7d67c3014f973ea2f4293d3b13bdcc9"/></dir><dir name="sql"><dir name="firewall_setup"><file name="mysql4-install-0.1.0.php" hash="535a6fd1a31529f877521f2378f7bfba"/></dir></dir></dir></dir></target><target name="magedesign"><dir name="adminhtml"><dir name="default"><dir name="default"><dir name="template"><dir name="firewall"><file name="dashboard.phtml" hash="b5c056f7651668f40003d95f6f87868f"/><file name="diagnostic.phtml" hash="700a66064a5536f116c1e95c44f1fd60"/><file name="filechecker.phtml" hash="080be0a8975e968c68717831d1d8cd23"/><file name="recentfile.phtml" hash="d731d305ae36c3c930ccf521d02eb150"/></dir></dir></dir></dir></dir></target><target name="mageetc"><dir name="modules"><file name="MageFirewall_Firewall.xml" hash="58c9780878d409245f613b460d080d96"/></dir></target><target name="magelib"><dir name="firewall"><file name="firewall.php" hash="a2a84e69a9854203d7c20af000e4c6d8"/></dir></target></contents>
|
16 |
+
<compatible/>
|
17 |
+
<dependencies><required><php><min>5.2.0</min><max>5.6.0</max></php></required></dependencies>
|
18 |
+
</package>
|