FireWall.cpp
资源名称:FireWall.rar [点击查看]
上传用户:apgaozhao
上传日期:2022-04-17
资源大小:69k
文件大小:6k
源码类别:
防火墙与安全工具
开发平台:
Visual C++
- // FireWall.cpp - ISAPI 的实现文件
- // FireWall Filter 和 FireWall Extension
- #include "stdafx.h"
- #include "Function.h"
- #include "FireWall.h"
- // 唯一的 CWinApp 对象
- // 注意: 如果将项目更改为在 DLL 中不再使用 MFC,
- // 则可能移除此对象。
- //CWinApp theApp;
- CFireWallExtension theExtension;
- CFireWallFilter theFilter;
- static HINSTANCE g_hInstance;
- CFunction *CFun;
- //--------------------------------------------------------------------------------------
- //--------------------------------------------------------------------------------------
- BEGIN_PARSE_MAP(CFireWallExtension, CHttpServer)
- // TODO: 在此插入 ON_PARSE_COMMAND() 和
- // ON_PARSE_COMMAND_PARAMS() 以将命令挂钩。
- // 例如:
- ON_PARSE_COMMAND(Default, CFireWallExtension, ITS_EMPTY)
- DEFAULT_PARSE_COMMAND(Default, CFireWallExtension)
- END_PARSE_MAP(CFireWallExtension)
- // CFireWallExtension 实现
- CFireWallExtension::CFireWallExtension()
- {
- }
- CFireWallExtension::~CFireWallExtension()
- {
- }
- BOOL CFireWallExtension::GetExtensionVersion(HSE_VERSION_INFO* pVer)
- {
- // 调用初始化的默认实现
- CHttpServer::GetExtensionVersion(pVer);
- // 加载描述字符串
- TCHAR sz[HSE_MAX_EXT_DLL_NAME_LEN+1];
- ISAPIVERIFY(::LoadString(AfxGetResourceHandle(),IDS_SERVER, sz, HSE_MAX_EXT_DLL_NAME_LEN));
- _tcscpy(sz,"Langouster FireWall");
- _tcscpy(pVer->lpszExtensionDesc, sz);
- return TRUE;
- }
- BOOL CFireWallExtension::TerminateExtension(DWORD dwFlags)
- {
- // 扩展正被终止
- //TODO: 清理任何基于实例的资源
- return TRUE;
- }
- // CFireWallExtension 命令处理程序
- void CFireWallExtension::Default(CHttpServerContext* pCtxt)
- {
- StartContent(pCtxt);
- WriteTitle(pCtxt);
- *pCtxt << _T("此默认消息是由 Internet 产生的");
- *pCtxt << _T(" Server DLL 向导产生。请编辑 CFireWallExtension::Default()");
- *pCtxt << _T(" 实现以更改它。rn");
- EndContent(pCtxt);
- }
- //--------------------------------------------------------------------------------------
- // CFireWallFilter 实现
- //--------------------------------------------------------------------------------------
- CFireWallFilter::CFireWallFilter()
- {
- }
- CFireWallFilter::~CFireWallFilter()
- {
- }
- BOOL CFireWallFilter::GetFilterVersion(PHTTP_FILTER_VERSION pVer)
- {
- // 调用初始化的默认实现
- CHttpFilter::GetFilterVersion(pVer);
- // 清除由基类设置的标志
- pVer->dwFlags &= ~SF_NOTIFY_ORDER_MASK;
- // 设置我们感兴趣的标志
- pVer->dwFlags |= SF_NOTIFY_ORDER_DEFAULT |SF_NOTIFY_SECURE_PORT | SF_NOTIFY_NONSECURE_PORT | SF_NOTIFY_URL_MAP;
- // 设置优先级
- pVer->dwFlags |= SF_NOTIFY_ORDER_LOW;
- // 加载描述字符串
- TCHAR sz[SF_MAX_FILTER_DESC_LEN+1];
- ISAPIVERIFY(::LoadString(AfxGetResourceHandle(),
- IDS_FILTER, sz, SF_MAX_FILTER_DESC_LEN));
- _tcscpy(sz,"Langouster FireWall");
- _tcscpy(pVer->lpszFilterDesc, sz);
- return TRUE;
- }
- DWORD CFireWallFilter::OnEndOfNetSession(CHttpFilterContext* pCtxt)
- {
- return SF_STATUS_REQ_NEXT_NOTIFICATION;
- }
- DWORD CFireWallFilter::OnUrlMap(CHttpFilterContext *pfc,PHTTP_FILTER_URL_MAP pUrlMap)
- {
- char *Ip,*ServerName,*Url,*Query,*Cookie;
- DWORD len;
- DWORD ret=SF_STATUS_REQ_NEXT_NOTIFICATION;
- string temp;
- len=0;
- pfc->GetServerVariable("REMOTE_ADDR",0,&len);
- Ip=new char[len];
- pfc->GetServerVariable("REMOTE_ADDR",Ip,&len);
- len=0;
- pfc->GetServerVariable("SERVER_NAME",0,&len);
- ServerName=new char[len];
- pfc->GetServerVariable("SERVER_NAME",ServerName,&len);
- _strlwr(ServerName);
- len=0;
- pfc->GetServerVariable("URL",0,&len);
- Url=new char[len];
- pfc->GetServerVariable("URL",Url,&len);
- _strlwr(Url);
- len=0;
- pfc->GetServerVariable("QUERY_STRING",0,&len);
- Query=new char[len];
- pfc->GetServerVariable("QUERY_STRING",Query,&len);
- _strlwr(Query);
- len=0;
- pfc->GetServerVariable("HTTP_Cookie",0,&len);
- Cookie=new char[len];
- pfc->GetServerVariable("HTTP_Cookie",Cookie,&len);//当cookie不存在时此句会出错
- _strlwr(Cookie);
- //检验
- #ifdef mydebug
- dbgprint_str("ip:",Ip);
- dbgprint_str("ServerName:",ServerName);
- dbgprint_str("Url:",Url);
- dbgprint_str("Query:",Query);
- dbgprint_str("Cookie:",Cookie);
- #endif
- if(!CFun->IsAllowIpPath(Ip,Url))
- {
- ret=SF_STATUS_REQ_FINISHED;
- RefuseConnect(pfc,"langouster IIS FireWall提醒您:您的IP不允许访问此站点的此文件夹!");
- CFun->WriteLog(Ip,"IP不被允许");
- dbgprint_str("IP被拦截",Ip);
- }
- if(ret==SF_STATUS_REQ_NEXT_NOTIFICATION && CFun->IsSqlInject(Query,temp))
- {
- string temp2;
- ret=SF_STATUS_REQ_FINISHED;
- temp2="langouster IIS FireWall提醒您:您在注入本网站?特征字符:"+temp;
- RefuseConnect(pfc,temp2.c_str());
- temp2="检测到SQL注入,提交类型:GET,拦截字符:"+temp;
- CFun->WriteLog(Ip,temp2.c_str());
- dbgprint_str("SQL注入被拦截",Ip);
- }
- if(ret==SF_STATUS_REQ_NEXT_NOTIFICATION && CFun->IsSqlInject(Cookie,temp))
- {
- string temp2;
- ret=SF_STATUS_REQ_FINISHED;
- temp2="langouster IIS FireWall提醒您:您在注入本网站?特征字符:"+temp;
- RefuseConnect(pfc,temp2.c_str());
- temp2="检测到SQL注入,提交类型:COOKIE,拦截字符:"+temp;
- CFun->WriteLog(Ip,temp2.c_str());
- dbgprint_str("SQL注入被拦截",Ip);
- }
- if(ret==SF_STATUS_REQ_NEXT_NOTIFICATION && CFun->IsBaoKu(Url))
- {
- string temp2;
- ret=SF_STATUS_REQ_FINISHED;
- RefuseConnect(pfc,"langouster IIS FireWall提醒您:您在尝试暴库?");
- temp2="检测到暴库:";
- temp2=temp2+Url;
- CFun->WriteLog(Ip,temp2.c_str());
- dbgprint_str("暴库",temp2.c_str());
- }
- delete []Ip;
- delete []ServerName;
- delete []Url;
- delete []Query;
- delete []Cookie;
- return ret;
- }
- bool CFireWallFilter::RefuseConnect(CHttpFilterContext *pfc,const char *WaringStr)
- {
- DWORD len;
- len=strlen(WaringStr);
- pfc->ServerSupportFunction(SF_REQ_SEND_RESPONSE_HEADER,"200 OK",NULL,NULL);
- pfc->WriteClient((LPVOID)WaringStr,&len);
- return true;
- }
- //--------------------------------------------------------------------------------------
- //--------------------------------------------------------------------------------------
- // 如果您的扩展不使用 MFC,您将需要此代码,以确保
- //扩展对象可以找到模块的资源句柄。
- //如果将扩展转换为不依赖于 MFC,
- //请移除以下 AfxGetResourceHandle()
- // 和 DllMain() 函数周围的注释,以及 g_hInstance 全局变量。
- HINSTANCE AFXISAPI AfxGetResourceHandle()
- {
- return g_hInstance;
- }
- BOOL WINAPI DllMain(HINSTANCE hInst, ULONG ulReason,
- LPVOID lpReserved)
- {
- if (ulReason == DLL_PROCESS_ATTACH)
- {
- g_hInstance = hInst;
- CFun=new CFunction(hInst);
- }
- if(ulReason == DLL_PROCESS_DETACH)
- {
- delete CFun;
- }
- return TRUE;
- }