X-Git-Url: https://mop.ddnsfree.com/gitweb/?a=blobdiff_plain;f=web%2FObj%2Fcurl-de-brisk.phh;h=261617313dc163600c5adc80460f64e45d9d5546;hb=330a6163c96ac025cf14fb946ed58f0917c82278;hp=3c6696b89e417a413cb0de94827b1fc2e2f7ad72;hpb=6928afe91102eca663992247d3459065fd87d849;p=curl-de-sac.git diff --git a/web/Obj/curl-de-brisk.phh b/web/Obj/curl-de-brisk.phh index 3c6696b..2616173 100755 --- a/web/Obj/curl-de-brisk.phh +++ b/web/Obj/curl-de-brisk.phh @@ -23,12 +23,12 @@ function brisk_cds_reload($brisk) $proxy_chk_cls = new Proxy_chk_cmd_cls(); // registrer tor_chk_cls and proxy_chk_cls - printf("MAIN: Register 'tor_chk_cls'\n"); + fprintf(STDERR, "MAIN: Register 'tor_chk_cls'\n"); if (($brisk->cds->cmd_cls_register($tor_chk_cls)) == FALSE) { fprintf(STDERR, "MAIN: 'tor_chk_cls' registration failed\n"); return (FALSE); } - printf("MAIN: Register 'proxy_chk_cls'\n"); + fprintf(STDERR, "MAIN: Register 'proxy_chk_cls'\n"); if (($brisk->cds->cmd_cls_register($proxy_chk_cls)) == FALSE) { fprintf(STDERR, "MAIN: 'proxy_chk_cls' registration failed\n"); return (FALSE); @@ -77,7 +77,7 @@ class Tor_chk_cmd_cls extends CDS_cmd_cls { function create($cds, $ctx, $user_idx, $user_sess, $conn_ip, $is_auth) { if ($cds->dbg_get() > 0) { - printf("'tor_chk'::create url:[%s]\n", 'TOR_CHK_URL'); + fprintf(STDERR, "'tor_chk'::create url:[%s]\n", 'TOR_CHK_URL'); } do { @@ -106,27 +106,27 @@ class Tor_chk_cmd_cls extends CDS_cmd_cls { function process($cmd, $ret) { if ($this->dbg_get() > 2) { - printf("CURL: 'tor_chk' process: curl_multi_getcontent\n"); - print_r($ret); + fprintf(STDERR, "CURL: 'tor_chk' process: curl_multi_getcontent\n"); + fprintf(STDERR, "%s", print_r($ret, TRUE)); } $content = curl_multi_getcontent($cmd->ch_get()); - if ($this->dbg_get() > 0) { printf("'tor_chk' process: [%s]\n", $content); } + if ($this->dbg_get() > 0) { fprintf(STDERR, "'tor_chk' process: [%s]\n", $content); } $is_tor = FALSE; if (mb_strpos($content, "The IP Address you entered matches one or more active Tor servers", 0, "UTF-8") !== FALSE) { - // printf("WARNING: stripos ok\n"); + // fprintf(STDERR, "WARNING: stripos ok\n"); $is_tor = TRUE; } else if (mb_strpos($content, "The IP Address you entered is NOT an active Tor server", 0, "UTF-8") === FALSE) { - printf("WARNING: tor check disabled\n"); + fprintf(STDERR, "WARNING: tor check disabled\n"); } else { - // printf("WARNING: NOT an active Tor server on IP [%s]\n", $cmd->conn_ip); + // fprintf(STDERR, "WARNING: NOT an active Tor server on IP [%s]\n", $cmd->conn_ip); ; } @@ -165,47 +165,48 @@ class Proxy_chk_cmd_cls extends CDS_cmd_cls { parent::__construct("proxy_chk", 10); $this->scan_headers = array( - 'HTTP_VIA', - 'HTTP_X_FORWARDED_FOR', - 'HTTP_FORWARDED_FOR', - 'HTTP_X_FORWARDED', - 'HTTP_FORWARDED', - 'HTTP_CLIENT_IP', - 'HTTP_FORWARDED_FOR_IP', - 'VIA', - 'X_FORWARDED_FOR', - 'FORWARDED_FOR', - 'X_FORWARDED', - 'FORWARDED', - 'CLIENT_IP', - 'FORWARDED_FOR_IP', - 'HTTP_PROXY_CONNECTION' + 'Http-Via', + 'Http-X-Forwarded-For', + 'Http-Forwarded-For', + 'Http-X-Forwarded', + 'Http-Forwarded', + 'Http-Client-Ip', + 'Http-Forwarded-For-Ip', + 'Via', + 'X-Forwarded-For', + 'Forwarded-For', + 'X-Forwarded', + 'Forwarded', + 'Client-Ip', + 'Forwarded-For-Ip', + 'Http-Proxy-Connection' ); } function create($cds, $ctx, $user_idx, $user_sess, $conn_ip, $is_auth, $headers) { + GLOBAL $G_proxy_white_list; + if ($cds->dbg_get() > 0) { - printf("'proxy_chk'::create url:[%s]\n", 'PROXY_CHK_URL'); + fprintf(STDERR, "'proxy_chk'::create url:[%s]\n", 'PROXY_CHK_URL'); + } + + if ($is_auth) { + proxy_chk_postprocess($ctx, $user_idx, $user_sess, $conn_ip, $is_auth, FALSE); + return FALSE; + } + + foreach($G_proxy_white_list as $authproxy) { + if ($conn_ip == $authproxy) { + proxy_chk_postprocess($ctx, $user_idx, $user_sess, $conn_ip, $is_auth, FALSE); + return (FALSE); + } } foreach($this->scan_headers as $key){ //proxy detected? lets log... if(array_key_exists($key, $headers)) { // we already are behind a PROXY, this are our headers - if ($key == 'X-Proxy-ID') { - if ($headers[$key] == '860705422') - continue; - } - else if ($key == 'X-Forwarded-For') { - if ($headers[$key] == '172.16.9.66') - continue; - } - else if ($key == 'Via') { - if ($headers[$key] == '1.1 172.16.8.1 (Mikrotik HttpProxy)') - continue; - } - proxy_chk_postprocess($ctx, $user_idx, $user_sess, $conn_ip, $is_auth, TRUE); return TRUE; } @@ -237,23 +238,23 @@ class Proxy_chk_cmd_cls extends CDS_cmd_cls { function process($cmd, $ret) { if ($this->dbg_get() > 2) { - printf("CURL: 'proxy_chk' process: curl_multi_getcontent\n"); - print_r($ret); + fprintf(STDERR, "CURL: 'proxy_chk' process: curl_multi_getcontent\n"); + fprintf(STDERR, "%s", print_r($ret, TRUE)); } $content = curl_multi_getcontent($cmd->ch_get()); - if ($this->dbg_get() > 0) { printf("'proxy_chk' process: [%s]\n", $content); } + if ($this->dbg_get() > 0) { fprintf(STDERR, "'proxy_chk' process: [%s]\n", $content); } $is_proxy = FALSE; if (mb_strpos($content, "is_proxy=true", 0, "UTF-8") !== FALSE) { - // printf("WARNING: stripos ok\n"); + // fprintf(STDERR, "WARNING: stripos ok\n"); $is_proxy = TRUE; } else if (mb_strpos($content, "is_proxy=false", 0, "UTF-8") === FALSE) { - printf("WARNING: proxy check disabled\n"); + fprintf(STDERR, "WARNING: proxy check disabled\n"); } else { - // printf("WARNING: NOT an active Proxy server on IP [%s]\n", $cmd->conn_ip); + // fprintf(STDERR, "WARNING: NOT an active Proxy server on IP [%s]\n", $cmd->conn_ip); ; } @@ -289,8 +290,8 @@ function proxy_chk_postprocess($brisk, $user_idx, $user_sess, $conn_ip, $is_auth { log_cds(sprintf("proxy: user_idx: %d, user_sess: %s, conn_ip: %s, is_auth: %s, is_proxy: %s", $user_idx, $user_sess, $conn_ip, ($is_auth ? "YES" : "NO"), ($is_proxy ? "YES" : "NO"))); - if (FALSE && $is_proxy) { - $brisk->kickuser_by_sess($user_sess, 5); // GHOST_SESS_REAS_ANON + if ($is_proxy) { + $brisk->kickuser_by_sess($user_sess, 6); // GHOST_SESS_REAS_PROX } $brisk->user[$user_idx]->pend_async--; }