$proxy_chk_cls = new Proxy_chk_cmd_cls();
// registrer tor_chk_cls and proxy_chk_cls
- printf("MAIN: Register 'tor_chk_cls'\n");
+ fprintf(STDERR, "MAIN: Register 'tor_chk_cls'\n");
if (($brisk->cds->cmd_cls_register($tor_chk_cls)) == FALSE) {
fprintf(STDERR, "MAIN: 'tor_chk_cls' registration failed\n");
return (FALSE);
}
- printf("MAIN: Register 'proxy_chk_cls'\n");
+ fprintf(STDERR, "MAIN: Register 'proxy_chk_cls'\n");
if (($brisk->cds->cmd_cls_register($proxy_chk_cls)) == FALSE) {
fprintf(STDERR, "MAIN: 'proxy_chk_cls' registration failed\n");
return (FALSE);
function brisk_cds_execute($brisk, $ghost, $real_idx, $sess, $ip, $authenticate, $header)
{
- if ($brisk->cds->execute("tor_chk", $brisk, $ghost, $sess, $ip, $authenticate != FALSE, $header) == FALSE) {
+ if ($brisk->cds->execute("tor_chk", $brisk, $real_idx, $sess, $ip, $authenticate != FALSE, $header) == FALSE) {
log_main("cds_execute failed");
}
- if ($brisk->cds->execute("proxy_chk", $brisk, $ghost, $sess, $ip, $authenticate != FALSE, $header) == FALSE) {
+ if ($brisk->cds->execute("proxy_chk", $brisk, $real_idx, $sess, $ip, $authenticate != FALSE, $header) == FALSE) {
log_main("cds_execute failed");
}
}
function create($cds, $ctx, $user_idx, $user_sess, $conn_ip, $is_auth)
{
if ($cds->dbg_get() > 0) {
- printf("'tor_chk'::create url:[%s]\n", 'TOR_CHK_URL');
+ fprintf(STDERR, "'tor_chk'::create url:[%s]\n", 'TOR_CHK_URL');
}
do {
if (parent::create($cds, $ch) == FALSE)
break;
+ $ctx->user[$user_idx]->pend_async++;
$cmd = new Tor_chk_cmd($this, $ch, $ctx, $user_idx, $user_sess, $conn_ip, $is_auth);
return $cmd;
function process($cmd, $ret)
{
if ($this->dbg_get() > 2) {
- printf("CURL: 'tor_chk' process: curl_multi_getcontent\n");
- print_r($ret);
+ fprintf(STDERR, "CURL: 'tor_chk' process: curl_multi_getcontent\n");
+ fprintf(STDERR, "%s", print_r($ret, TRUE));
}
$content = curl_multi_getcontent($cmd->ch_get());
- if ($this->dbg_get() > 0) { printf("'tor_chk' process: [%s]\n", $content); }
+ if ($this->dbg_get() > 0) { fprintf(STDERR, "'tor_chk' process: [%s]\n", $content); }
$is_tor = FALSE;
if (mb_strpos($content,
"The IP Address you entered matches one or more active Tor servers",
0, "UTF-8") !== FALSE) {
- // printf("WARNING: stripos ok\n");
+ // fprintf(STDERR, "WARNING: stripos ok\n");
$is_tor = TRUE;
}
else if (mb_strpos($content,
"The IP Address you entered is NOT an active Tor server",
0, "UTF-8") === FALSE) {
- printf("WARNING: tor check disabled\n");
+ fprintf(STDERR, "WARNING: tor check disabled\n");
}
else {
- // printf("WARNING: NOT an active Tor server on IP [%s]\n", $cmd->conn_ip);
+ // fprintf(STDERR, "WARNING: NOT an active Tor server on IP [%s]\n", $cmd->conn_ip);
;
}
parent::__construct("proxy_chk", 10);
$this->scan_headers = array(
- 'HTTP_VIA',
- 'HTTP_X_FORWARDED_FOR',
- 'HTTP_FORWARDED_FOR',
- 'HTTP_X_FORWARDED',
- 'HTTP_FORWARDED',
- 'HTTP_CLIENT_IP',
- 'HTTP_FORWARDED_FOR_IP',
- 'VIA',
- 'X_FORWARDED_FOR',
- 'FORWARDED_FOR',
- 'X_FORWARDED',
- 'FORWARDED',
- 'CLIENT_IP',
- 'FORWARDED_FOR_IP',
- 'HTTP_PROXY_CONNECTION'
+ 'Http-Via',
+ 'Http-X-Forwarded-For',
+ 'Http-Forwarded-For',
+ 'Http-X-Forwarded',
+ 'Http-Forwarded',
+ 'Http-Client-Ip',
+ 'Http-Forwarded-For-Ip',
+ 'Via',
+ 'X-Forwarded-For',
+ 'Forwarded-For',
+ 'X-Forwarded',
+ 'Forwarded',
+ 'Client-Ip',
+ 'Forwarded-For-Ip',
+ 'Http-Proxy-Connection'
);
}
function create($cds, $ctx, $user_idx, $user_sess, $conn_ip, $is_auth, $headers)
{
if ($cds->dbg_get() > 0) {
- printf("'proxy_chk'::create url:[%s]\n", 'PROXY_CHK_URL');
+ fprintf(STDERR, "'proxy_chk'::create url:[%s]\n", 'PROXY_CHK_URL');
}
foreach($this->scan_headers as $key){
//proxy detected? lets log...
- if($headers[$key]) {
+ if(array_key_exists($key, $headers)) {
// we already are behind a PROXY, this are our headers
- if ($key == 'X-Proxy-ID') {
- if ($headers[$key] == '860705422')
- continue;
- }
- else if ($key == 'X-Forwarded-For') {
- if ($headers[$key] == '172.16.9.66')
- continue;
- }
- else if ($key == 'Via') {
- if ($headers[$key] == '1.1 172.16.8.1 (Mikrotik HttpProxy)')
- continue;
- }
-
proxy_chk_postprocess($ctx, $user_idx, $user_sess, $conn_ip, $is_auth, TRUE);
return TRUE;
}
break;
$cmd = new Proxy_chk_cmd($this, $ch, $ctx, $user_idx, $user_sess, $conn_ip, $is_auth);
+ $ctx->user[$user_idx]->pend_async++;
return $cmd;
} while (FALSE);
function process($cmd, $ret)
{
if ($this->dbg_get() > 2) {
- printf("CURL: 'proxy_chk' process: curl_multi_getcontent\n");
- print_r($ret);
+ fprintf(STDERR, "CURL: 'proxy_chk' process: curl_multi_getcontent\n");
+ fprintf(STDERR, "%s", print_r($ret, TRUE));
}
$content = curl_multi_getcontent($cmd->ch_get());
- if ($this->dbg_get() > 0) { printf("'proxy_chk' process: [%s]\n", $content); }
+ if ($this->dbg_get() > 0) { fprintf(STDERR, "'proxy_chk' process: [%s]\n", $content); }
$is_proxy = FALSE;
if (mb_strpos($content, "is_proxy=true", 0, "UTF-8") !== FALSE) {
- // printf("WARNING: stripos ok\n");
+ // fprintf(STDERR, "WARNING: stripos ok\n");
$is_proxy = TRUE;
}
else if (mb_strpos($content, "is_proxy=false", 0, "UTF-8") === FALSE) {
- printf("WARNING: proxy check disabled\n");
+ fprintf(STDERR, "WARNING: proxy check disabled\n");
}
else {
- // printf("WARNING: NOT an active Proxy server on IP [%s]\n", $cmd->conn_ip);
+ // fprintf(STDERR, "WARNING: NOT an active Proxy server on IP [%s]\n", $cmd->conn_ip);
;
}
{
log_cds(sprintf("tor: user_idx: %d, user_sess: %s, conn_ip: %s, is_auth: %s, is_tor: %s",
$user_idx, $user_sess, $conn_ip, ($is_auth ? "YES" : "NO"), ($is_tor ? "YES" : "NO")));
+ if ($is_tor) {
+ $brisk->kickuser_by_sess($user_sess, 5); // GHOST_SESS_REAS_ANON
+ }
+ $brisk->user[$user_idx]->pend_async--;
}
function tor_chk_timeout_cb($brisk, $user_idx, $user_sess, $conn_ip, $is_auth)
{
log_cds(sprintf("tor: user_idx: %d, user_sess: %s, conn_ip: %s, is_auth: %s",
$user_idx, $user_sess, $conn_ip, ($is_auth ? "YES" : "NO")));
+ $brisk->user[$user_idx]->pend_async--;
}
function proxy_chk_postprocess($brisk, $user_idx, $user_sess, $conn_ip, $is_auth, $is_proxy)
{
log_cds(sprintf("proxy: user_idx: %d, user_sess: %s, conn_ip: %s, is_auth: %s, is_proxy: %s",
$user_idx, $user_sess, $conn_ip, ($is_auth ? "YES" : "NO"), ($is_proxy ? "YES" : "NO")));
+ if (!$brisk->user[$user_idx]->is_auth() && $is_proxy) {
+ $brisk->kickuser_by_sess($user_sess, 5); // GHOST_SESS_REAS_ANON
+ }
+ $brisk->user[$user_idx]->pend_async--;
}
function proxy_chk_timeout_cb($brisk, $user_idx, $user_sess, $conn_ip, $is_auth)
{
log_cds(sprintf("proxy timeout: user_idx: %d, user_sess: %s, conn_ip: %s, is_auth: %s",
$user_idx, $user_sess, $conn_ip, ($is_auth ? "YES" : "NO")));
+ $brisk->user[$user_idx]->pend_async--;
}
?>