[Sommaire] [Imprimer]

   1  <?php if (!defined('BB2_CORE')) die('I said no cheating!');
   2  
   3  // Enforce adherence to protocol version claimed by user-agent.
   4  
   5  function bb2_protocol($settings, $package)
   6  {
   7      // Is it claiming to be HTTP/1.0?  Then it shouldn't do HTTP/1.1 things
   8      // Always run this test; we should never see Expect:
   9      if (array_key_exists('Expect', $package['headers_mixed']) && stripos($package['headers_mixed']['Expect'], "100-continue") !== FALSE) {
  10          return "a0105122";
  11      }
  12  
  13      // Is it claiming to be HTTP/1.1?  Then it shouldn't do HTTP/1.0 things
  14      // Blocks some common corporate proxy servers in strict mode
  15      if ($settings['strict'] && !strcmp($package['server_protocol'], "HTTP/1.1")) {
  16          if (array_key_exists('Pragma', $package['headers_mixed']) && strpos($package['headers_mixed']['Pragma'], "no-cache") !== FALSE && !array_key_exists('Cache-Control', $package['headers_mixed'])) {
  17              return "41feed15";
  18          }
  19      }
  20      return false;
  21  }
  22  
  23  function bb2_misc_headers($settings, $package)
  24  {
  25      $ua = $package['headers_mixed']['User-Agent'];
  26  
  27      if (!strcmp($package['request_method'], "POST") && empty($ua)) {
  28          return "f9f2b8b9";
  29      }
  30  
  31      // Broken spambots send URLs with various invalid characters
  32      // Some broken browsers send the #vector in the referer field :(
  33      // if (strpos($package['request_uri'], "#") !== FALSE || strpos($package['headers_mixed']['Referer'], "#") !== FALSE) {
  34      if (strpos($package['request_uri'], "#") !== FALSE) {
  35          return "dfd9b1ad";
  36      }
  37  
  38      // Range: field exists and begins with 0
  39      // Real user-agents do not start ranges at 0
  40      // NOTE: this blocks the whois.sc bot. No big loss.
  41      // Exceptions: MT (not fixable); LJ (refuses to fix; may be
  42      // blocked again in the future)
  43      if (array_key_exists('Range', $package['headers_mixed']) && strpos($package['headers_mixed']['Range'], "=0-") !== FALSE) {
  44          if (strncmp($ua, "MovableType", 11) && strncmp($ua, "URI::Fetch", 10)) {
  45              return "7ad04a8a";
  46          }
  47      }
  48  
  49      // Content-Range is a response header, not a request header
  50      if (array_key_exists('Content-Range', $package['headers_mixed'])) {
  51          return '7d12528e';
  52      }
  53  
  54      // Lowercase via is used by open proxies/referrer spammers
  55      // Exceptions: Clearswift uses lowercase via (refuses to fix;
  56      // may be blocked again in the future)
  57      if (array_key_exists('via', $package['headers']) &&
  58          !strstr($package['headers']['via'],'Clearswift Web Policy Engine')) {
  59          return "9c9e4979";
  60      }
  61  
  62      // pinappleproxy is used by referrer spammers
  63      if (array_key_exists('Via', $package['headers_mixed'])) {
  64          if (stripos($package['headers_mixed']['Via'], "pinappleproxy") !== FALSE || stripos($package['headers_mixed']['Via'], "PCNETSERVER") !== FALSE || stripos($package['headers_mixed']['Via'], "Invisiware") !== FALSE) {
  65              return "939a6fbb";
  66          }
  67      }
  68  
  69      // TE: if present must have Connection: TE
  70      // RFC 2616 14.39
  71      // Blocks Microsoft ISA Server 2004 in strict mode. Contact Microsoft
  72      // to obtain a hotfix.
  73      if ($settings['strict'] && array_key_exists('Te', $package['headers_mixed'])) {
  74          if (!preg_match('/\bTE\b/', $package['headers_mixed']['Connection'])) {
  75              return "582ec5e4";
  76          }
  77      }
  78  
  79      if (array_key_exists('Connection', $package['headers_mixed'])) {
  80          // Connection: keep-alive and close are mutually exclusive
  81          if (preg_match('/\bKeep-Alive\b/i', $package['headers_mixed']['Connection']) && preg_match('/\bClose\b/i', $package['headers_mixed']['Connection'])) {
  82              return "a52f0448";
  83          }
  84          // Close shouldn't appear twice
  85          if (preg_match('/\bclose,\s?close\b/i', $package['headers_mixed']['Connection'])) {
  86              return "a52f0448";
  87          }
  88          // Keey-Alive shouldn't appear twice either
  89          if (preg_match('/\bkeep-alive,\s?keep-alive\b/i', $package['headers_mixed']['Connection'])) {
  90              return "a52f0448";
  91          }
  92      }
  93      
  94  
  95      // Headers which are not seen from normal user agents; only malicious bots
  96      if (array_key_exists('X-Aaaaaaaaaaaa', $package['headers_mixed']) || array_key_exists('X-Aaaaaaaaaa', $package['headers_mixed'])) {
  97          return "b9cc1d86";
  98      }
  99      if (array_key_exists('Proxy-Connection', $package['headers_mixed'])) {
 100          return "b7830251";
 101      }
 102  
 103      if (array_key_exists('Referer', $package['headers_mixed'])) {
 104          // Referer, if it exists, must not be blank
 105          if (empty($package['headers_mixed'])) {
 106              return "69920ee5";
 107          }
 108  
 109          // Referer, if it exists, must contain a :
 110          // While a relative URL is technically valid in Referer, all known
 111          // legit user-agents send an absolute URL
 112          if (strpos($package['headers_mixed']['Referer'], ":") === FALSE) {
 113              return "45b35e30";
 114          }
 115      }
 116      
 117      return false;
 118  }
 119  
 120  ?>