上面仅仅对于方法控制权限,接下来我们为程序增加7层防火墙功能
<?php
/*
* =====================================
* Website: http://netkiller.github.com
* Author: neo <netkiller@msn.com>
* Email: netkiller@msn.com
* =====================================
*/
class Firewall{
protected $status;
protected $policy;
protected $chain;
protected $rule;
protected $match;
private $debug;
//$get,$post,$cookie,$server;
public function __construct() {
$this->name = "Firewall";
}
public function __destruct() {
//print "Destroying " . $this->name . "\n";
}
public function enable(){
$this->status = true;
}
public function disable(){
$this->status = false;
}
public function get(){
if($this->status){
$this->chain = $_GET;
return($this);
}else{
return($this->status);
}
}
public function post(){
if($this->status){
$this->chain = $_GET;
return($this);
}else{
return($this->status);
}
$this->chain = $_POST;
}
public function cookie() {
if($this->status){
$this->chain = $_COOKIE;
return($this);
}else{
return($this->status);
}
}
public function server(){
if($this->status){
$this->chain = $_SERVER;
return($this);
}else{
return($this->status);
}
}
public function match($key, $value){
if($this->debug) print_r($this->chain);
$this->match = false;
if(!array_key_exists($this->chain, $key)){
if($this->chain[$key] == $value){
$this->match = true;
}
}
return($this);
}
public function policy($p){
$this->policy = $p;
}
public function counter($tm, $cnt){
return($this);
}
public function allow($fun = null){
if($this->status && $this->match){
if($fun){
$fun();
}
}
$this->destroy();
return($this->status);
}
public function deny($fun = null){
if($this->status && $this->match){
if($fun){
$fun();
}
}
$this->destroy();
return($this->status);
}
public function debug($tmp){
$this->debug = $tmp;
}
public function ip($ipaddr){
return $this->server()->match('REMOTE_ADDR', $ipaddr);
}
public function destroy(){
$this->chain = array();
$this->match = false;
}
};
#include_once('firewall.php')
$fw = new Firewall();
$fw->debug(true);
$fw->debug(false);
$fw->enable();
//$fw->disable();
function test(){
echo 'OK';
};
function allow(){
echo 'allow';
};
function deny(){
echo 'deny';
};
//$fw->policy('blacklist');
$fw->ip('192.168.3.17')->allow('allow');
$fw->ip('192.168.3.17')->deny('deny');
$fw->counter('1m',5)->match('id','1000')->deny('test');
/*
$fw->ip('172.16.0.0/24')->allow();
$fw->ip('172.16.0.0','255.255.255.0')->allow();
$fw->header(array('User-Agent' => 'MSIE5'))->deny()
*/
$fw->get()->match('id','1000')->deny('test');
$fw->get()->match('name','chen')->allow('test');
//$fw->get()->match(array('id' => '1000'))->deny();
/*
$fw->post()->data(array('action'=>'/login.php'))->allow()
$fw->cookie()->data(array('userid'=>'test'))->deny()
*/
$fw->server()->match('HTTP_REFERER', 'http://www.mydomain.com/index.html')->allow('test');
$fw->server()->match('REQUEST_METHOD', 'GET')->deny('test');
$fw->disable();
//$fw->destroy();
这里仅仅给你一个思路,我并没有写完程序。例如控制IP请求次数可以如下实现,请自行改善程序
<?php
/*
* =====================================
* Website: http://netkiller.github.com
* Author: neo <netkiller@msn.com>
* Email: netkiller@msn.com
* =====================================
*/
require 'SharedConfigurations.php';
$single_server = array(
'host' => '127.0.0.1',
'port' => 6379,
'database' => 0
);
$multiple_servers = array(
array(
'host' => '127.0.0.1',
'port' => 6379,
'database' => 15,
'alias' => 'first',
),
array(
'host' => '127.0.0.1',
'port' => 6380,
'database' => 15,
'alias' => 'second',
),
);
$client = new Predis\Client($single_server, array('prefix' => 'fw:'));
$key=$_SERVER['REMOTE_ADDR'];
if(!$client->exists($key)){
$client->setex($key, 20, 1);
}else{
$client->incrby($key,1);
}
$counter = $client->get($key);
if($counter > 10){
echo 'Deny';
}
print_r($client->get($key));
//var_dump($client->keys('*'));
原文出处:Netkiller 系列 手札
本文作者:陈景峯
转载请与作者联系,同时请务必标明文章原始出处和作者信息及本声明。
