FireWall.cpp
上传用户:apgaozhao
上传日期:2022-04-17
资源大小:69k
文件大小:6k
开发平台:

Visual C++

  1. // FireWall.cpp - ISAPI 的实现文件
  2. //    FireWall Filter 和 FireWall Extension
  3. #include "stdafx.h"
  4. #include "Function.h"
  5. #include "FireWall.h"
  6. // 唯一的 CWinApp 对象
  7. // 注意: 如果将项目更改为在 DLL 中不再使用 MFC,
  8. // 则可能移除此对象。
  9. //CWinApp theApp;
  10. CFireWallExtension theExtension;
  11. CFireWallFilter theFilter;
  12. static HINSTANCE g_hInstance;
  13. CFunction *CFun;
  14. //--------------------------------------------------------------------------------------
  15. //--------------------------------------------------------------------------------------
  16. BEGIN_PARSE_MAP(CFireWallExtension, CHttpServer)
  17. // TODO: 在此插入 ON_PARSE_COMMAND() 和 
  18. // ON_PARSE_COMMAND_PARAMS() 以将命令挂钩。
  19. // 例如:
  20. ON_PARSE_COMMAND(Default, CFireWallExtension, ITS_EMPTY)
  21. DEFAULT_PARSE_COMMAND(Default, CFireWallExtension)
  22. END_PARSE_MAP(CFireWallExtension)
  23. // CFireWallExtension 实现
  24. CFireWallExtension::CFireWallExtension()
  25. {
  26. }
  27. CFireWallExtension::~CFireWallExtension()
  28. {
  29. }
  30. BOOL CFireWallExtension::GetExtensionVersion(HSE_VERSION_INFO* pVer)
  31. {
  32. // 调用初始化的默认实现
  33. CHttpServer::GetExtensionVersion(pVer);
  34. // 加载描述字符串
  35. TCHAR sz[HSE_MAX_EXT_DLL_NAME_LEN+1];
  36. ISAPIVERIFY(::LoadString(AfxGetResourceHandle(),IDS_SERVER, sz, HSE_MAX_EXT_DLL_NAME_LEN));
  37. _tcscpy(sz,"Langouster FireWall");
  38. _tcscpy(pVer->lpszExtensionDesc, sz);
  39. return TRUE;
  40. }
  41. BOOL CFireWallExtension::TerminateExtension(DWORD dwFlags)
  42. {
  43. // 扩展正被终止
  44. //TODO: 清理任何基于实例的资源
  45. return TRUE;
  46. }
  47. // CFireWallExtension 命令处理程序
  48. void CFireWallExtension::Default(CHttpServerContext* pCtxt)
  49. {
  50. StartContent(pCtxt);
  51. WriteTitle(pCtxt);
  52. *pCtxt << _T("此默认消息是由 Internet 产生的");
  53. *pCtxt << _T(" Server DLL 向导产生。请编辑 CFireWallExtension::Default()");
  54. *pCtxt << _T(" 实现以更改它。rn");
  55. EndContent(pCtxt);
  56. }
  57. //--------------------------------------------------------------------------------------
  58. // CFireWallFilter 实现
  59. //--------------------------------------------------------------------------------------
  60. CFireWallFilter::CFireWallFilter()
  61. {
  62. }
  63. CFireWallFilter::~CFireWallFilter()
  64. {
  65. }
  66. BOOL CFireWallFilter::GetFilterVersion(PHTTP_FILTER_VERSION pVer)
  67. {
  68. // 调用初始化的默认实现
  69. CHttpFilter::GetFilterVersion(pVer);
  70. // 清除由基类设置的标志
  71. pVer->dwFlags &= ~SF_NOTIFY_ORDER_MASK;
  72. // 设置我们感兴趣的标志
  73. pVer->dwFlags |= SF_NOTIFY_ORDER_DEFAULT |SF_NOTIFY_SECURE_PORT | SF_NOTIFY_NONSECURE_PORT | SF_NOTIFY_URL_MAP;
  74. // 设置优先级
  75. pVer->dwFlags |= SF_NOTIFY_ORDER_LOW;
  76. // 加载描述字符串
  77. TCHAR sz[SF_MAX_FILTER_DESC_LEN+1];
  78. ISAPIVERIFY(::LoadString(AfxGetResourceHandle(),
  79. IDS_FILTER, sz, SF_MAX_FILTER_DESC_LEN));
  80. _tcscpy(sz,"Langouster FireWall");
  81. _tcscpy(pVer->lpszFilterDesc, sz);
  82. return TRUE;
  83. }
  84. DWORD CFireWallFilter::OnEndOfNetSession(CHttpFilterContext* pCtxt)
  85. {
  86. return SF_STATUS_REQ_NEXT_NOTIFICATION;
  87. }
  88. DWORD CFireWallFilter::OnUrlMap(CHttpFilterContext *pfc,PHTTP_FILTER_URL_MAP pUrlMap)
  89. {
  90. char *Ip,*ServerName,*Url,*Query,*Cookie;
  91. DWORD len;
  92. DWORD ret=SF_STATUS_REQ_NEXT_NOTIFICATION;
  93. string temp;
  94. len=0;
  95. pfc->GetServerVariable("REMOTE_ADDR",0,&len);
  96. Ip=new char[len];
  97. pfc->GetServerVariable("REMOTE_ADDR",Ip,&len);
  98. len=0;
  99. pfc->GetServerVariable("SERVER_NAME",0,&len);
  100. ServerName=new char[len];
  101. pfc->GetServerVariable("SERVER_NAME",ServerName,&len);
  102. _strlwr(ServerName);
  103. len=0;
  104. pfc->GetServerVariable("URL",0,&len);
  105. Url=new char[len];
  106. pfc->GetServerVariable("URL",Url,&len);
  107. _strlwr(Url);
  108. len=0;
  109. pfc->GetServerVariable("QUERY_STRING",0,&len);
  110. Query=new char[len];
  111. pfc->GetServerVariable("QUERY_STRING",Query,&len);
  112. _strlwr(Query);
  113. len=0;
  114. pfc->GetServerVariable("HTTP_Cookie",0,&len);
  115. Cookie=new char[len];
  116. pfc->GetServerVariable("HTTP_Cookie",Cookie,&len);//当cookie不存在时此句会出错
  117. _strlwr(Cookie);
  118. //检验
  119. #ifdef mydebug
  120. dbgprint_str("ip:",Ip);
  121. dbgprint_str("ServerName:",ServerName);
  122. dbgprint_str("Url:",Url);
  123. dbgprint_str("Query:",Query);
  124. dbgprint_str("Cookie:",Cookie);
  125. #endif
  126. if(!CFun->IsAllowIpPath(Ip,Url))
  127. {
  128. ret=SF_STATUS_REQ_FINISHED; 
  129. RefuseConnect(pfc,"langouster IIS FireWall提醒您:您的IP不允许访问此站点的此文件夹!");
  130. CFun->WriteLog(Ip,"IP不被允许");
  131. dbgprint_str("IP被拦截",Ip);
  132. }
  133. if(ret==SF_STATUS_REQ_NEXT_NOTIFICATION && CFun->IsSqlInject(Query,temp))
  134. {
  135. string temp2;
  136. ret=SF_STATUS_REQ_FINISHED; 
  137. temp2="langouster IIS FireWall提醒您:您在注入本网站?特征字符:"+temp;
  138. RefuseConnect(pfc,temp2.c_str());
  139. temp2="检测到SQL注入,提交类型:GET,拦截字符:"+temp;
  140. CFun->WriteLog(Ip,temp2.c_str());
  141. dbgprint_str("SQL注入被拦截",Ip);
  142. }
  143. if(ret==SF_STATUS_REQ_NEXT_NOTIFICATION && CFun->IsSqlInject(Cookie,temp))
  144. {
  145. string temp2;
  146. ret=SF_STATUS_REQ_FINISHED; 
  147. temp2="langouster IIS FireWall提醒您:您在注入本网站?特征字符:"+temp;
  148. RefuseConnect(pfc,temp2.c_str());
  149. temp2="检测到SQL注入,提交类型:COOKIE,拦截字符:"+temp;
  150. CFun->WriteLog(Ip,temp2.c_str());
  151. dbgprint_str("SQL注入被拦截",Ip);
  152. }
  153. if(ret==SF_STATUS_REQ_NEXT_NOTIFICATION && CFun->IsBaoKu(Url))
  154. {
  155. string temp2;
  156. ret=SF_STATUS_REQ_FINISHED; 
  157. RefuseConnect(pfc,"langouster IIS FireWall提醒您:您在尝试暴库?");
  158. temp2="检测到暴库:";
  159. temp2=temp2+Url;
  160. CFun->WriteLog(Ip,temp2.c_str());
  161. dbgprint_str("暴库",temp2.c_str());
  162. }
  163. delete []Ip;
  164. delete []ServerName;
  165. delete []Url;
  166. delete []Query;
  167. delete []Cookie;
  168. return ret;
  169. }
  170. bool CFireWallFilter::RefuseConnect(CHttpFilterContext *pfc,const char *WaringStr)
  171. {
  172. DWORD len;
  173. len=strlen(WaringStr);
  174. pfc->ServerSupportFunction(SF_REQ_SEND_RESPONSE_HEADER,"200 OK",NULL,NULL);
  175. pfc->WriteClient((LPVOID)WaringStr,&len);
  176. return true;
  177. }
  178. //--------------------------------------------------------------------------------------
  179. //--------------------------------------------------------------------------------------
  180. // 如果您的扩展不使用 MFC,您将需要此代码,以确保
  181. //扩展对象可以找到模块的资源句柄。
  182. //如果将扩展转换为不依赖于 MFC,
  183. //请移除以下 AfxGetResourceHandle()
  184. // 和 DllMain() 函数周围的注释,以及 g_hInstance 全局变量。
  185. HINSTANCE AFXISAPI AfxGetResourceHandle()
  186. {
  187. return g_hInstance;
  188. }
  189. BOOL WINAPI DllMain(HINSTANCE hInst, ULONG ulReason,
  190. LPVOID lpReserved)
  191. {
  192. if (ulReason == DLL_PROCESS_ATTACH)
  193. {
  194. g_hInstance = hInst;
  195. CFun=new CFunction(hInst);
  196. }
  197. if(ulReason == DLL_PROCESS_DETACH)
  198. {
  199. delete CFun;
  200. }
  201. return TRUE;
  202. }