[Xfce4-commits] <forum:master> Update to bad-behaviour 2.1.10.
Nick Schermer
noreply at xfce.org
Sun Feb 13 11:16:01 CET 2011
Updating branch refs/heads/master
to 35c4a05cff457b86ce4e2184018f19eaf59f0eec (commit)
from 54c43bab13f0bcde143109e391b5eda6201338b2 (commit)
commit 35c4a05cff457b86ce4e2184018f19eaf59f0eec
Author: Nick Schermer <nick at xfce.org>
Date: Sun Feb 13 11:15:36 2011 +0100
Update to bad-behaviour 2.1.10.
include/bad-behavior-fluxbb.php | 34 +++++++++-------
include/bad-behavior/banned.inc.php | 2 -
include/bad-behavior/blackhole.inc.php | 5 ++-
include/bad-behavior/blacklist.inc.php | 2 -
include/bad-behavior/browser.inc.php | 2 -
include/bad-behavior/cloudflare.inc.php | 2 -
include/bad-behavior/common_tests.inc.php | 2 -
include/bad-behavior/core.inc.php | 62 +++++++++++++++++++++-------
include/bad-behavior/functions.inc.php | 3 +-
include/bad-behavior/movabletype.inc.php | 2 -
include/bad-behavior/post.inc.php | 4 +-
include/bad-behavior/responses.inc.php | 1 -
include/bad-behavior/screener.inc.php | 1 -
include/bad-behavior/searchengine.inc.php | 2 -
include/bad-behavior/whitelist.inc.php | 2 -
15 files changed, 71 insertions(+), 55 deletions(-)
diff --git a/include/bad-behavior-fluxbb.php b/include/bad-behavior-fluxbb.php
index a041590..8b33521 100644
--- a/include/bad-behavior-fluxbb.php
+++ b/include/bad-behavior-fluxbb.php
@@ -1,29 +1,30 @@
<?php
/*
-http://www.bad-behavior.ioerror.us/
-
Bad Behavior - detects and blocks unwanted Web accesses
-Copyright (C) 2005 Michael Hampton
+Copyright (C) 2005,2006,2007,2008,2009,2010,2011 Michael Hampton
+
+Bad Behavior is free software; you can redistribute it and/or modify it under
+the terms of the GNU Lesser General Public License as published by the Free
+Software Foundation; either version 3 of the License, or (at your option) any
+later version.
-This program is free software; you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation; either version 2 of the License, or
-(at your option) any later version.
+This program is distributed in the hope that it will be useful, but WITHOUT ANY
+WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-GNU General Public License for more details.
+You should have received a copy of the GNU Lesser General Public License along
+with this program. If not, see <http://www.gnu.org/licenses/>.
-You should have received a copy of the GNU General Public License
-along with this program; if not, write to the Free Software
-Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+Please report any problems to bad . bots AT ioerror DOT us
+http://www.bad-behavior.ioerror.us/
*/
// This file is the entry point for Bad Behavior.
-
if (!defined('PUN_ROOT')) exit;
+###############################################################################
+###############################################################################
+
define('BB2_CWD', dirname(__FILE__));
// Settings you can adjust for Bad Behavior.
@@ -38,6 +39,9 @@ $bb2_settings_defaults = array(
'httpbl_threat' => '25',
'httpbl_maxage' => '30',
'offsite_forms' => false,
+ 'reverse_proxy' = false,
+ 'reverse_proxy_header' => 'X-Forwarded-For',
+ 'reverse_proxy_addresses' => array()
);
// Bad Behavior callback functions.
diff --git a/include/bad-behavior/banned.inc.php b/include/bad-behavior/banned.inc.php
index a92178a..476a366 100644
--- a/include/bad-behavior/banned.inc.php
+++ b/include/bad-behavior/banned.inc.php
@@ -61,5 +61,3 @@ function bb2_log_denial($settings, $package, $key, $previous_key=false)
if (!$settings['logging']) return;
bb2_db_query(bb2_insert($settings, $package, $key));
}
-
-?>
diff --git a/include/bad-behavior/blackhole.inc.php b/include/bad-behavior/blackhole.inc.php
index f3bdff9..44e8d12 100644
--- a/include/bad-behavior/blackhole.inc.php
+++ b/include/bad-behavior/blackhole.inc.php
@@ -58,7 +58,10 @@ function bb2_httpbl($settings, $package) {
if ($ip[0] == 127 && ($ip[3] & 7) && $ip[2] >= $settings['httpbl_threat'] && $ip[1] <= $settings['httpbl_maxage']) {
return '2b021b1f';
}
+ // Check if search engine
+ if ($ip[3] == 0) {
+ return 1;
+ }
}
return false;
}
-?>
diff --git a/include/bad-behavior/blacklist.inc.php b/include/bad-behavior/blacklist.inc.php
index 2b1c666..8b2723c 100644
--- a/include/bad-behavior/blacklist.inc.php
+++ b/include/bad-behavior/blacklist.inc.php
@@ -125,5 +125,3 @@ function bb2_blacklist($package) {
return FALSE;
}
-
-?>
diff --git a/include/bad-behavior/browser.inc.php b/include/bad-behavior/browser.inc.php
index 773d6ef..b9c9aea 100644
--- a/include/bad-behavior/browser.inc.php
+++ b/include/bad-behavior/browser.inc.php
@@ -82,5 +82,3 @@ function bb2_safari($package)
}
return false;
}
-
-?>
diff --git a/include/bad-behavior/cloudflare.inc.php b/include/bad-behavior/cloudflare.inc.php
index 99319f5..11f59ba 100644
--- a/include/bad-behavior/cloudflare.inc.php
+++ b/include/bad-behavior/cloudflare.inc.php
@@ -12,5 +12,3 @@ function bb2_cloudflare($package)
# }
return false;
}
-
-?>
diff --git a/include/bad-behavior/common_tests.inc.php b/include/bad-behavior/common_tests.inc.php
index 2826ee5..abff3a3 100644
--- a/include/bad-behavior/common_tests.inc.php
+++ b/include/bad-behavior/common_tests.inc.php
@@ -146,5 +146,3 @@ function bb2_misc_headers($settings, $package)
return false;
}
-
-?>
diff --git a/include/bad-behavior/core.inc.php b/include/bad-behavior/core.inc.php
index 663e44b..43205d1 100644
--- a/include/bad-behavior/core.inc.php
+++ b/include/bad-behavior/core.inc.php
@@ -1,5 +1,5 @@
<?php if (!defined('BB2_CWD')) die("I said no cheating!");
-define('BB2_VERSION', "2.1.8");
+define('BB2_VERSION', "2.1.10");
// Bad Behavior entry point is bb2_start()
// If you're reading this, you are probably lost.
@@ -40,6 +40,19 @@ function bb2_approved($settings, $package)
}
}
+// If this is reverse-proxied or load balanced, obtain the actual client IP
+function bb2_reverse_proxy($settings, $headers_mixed)
+{
+ $addrs = array_reverse(preg_split("/[\s,]+/", $headers_mixed[$settings['reverse_proxy_header']]));
+ if (!empty($settings['reverse_proxy_addresses'])) {
+ foreach ($addrs as $addr) {
+ if (!match_cidr($addr, $settings['reverse_proxy_addresses'])) {
+ return $addr;
+ }
+ }
+ }
+ return $addrs[0];
+}
// Let God sort 'em out!
function bb2_start($settings)
@@ -67,11 +80,15 @@ function bb2_start($settings)
$request_uri = $_SERVER["REQUEST_URI"];
if (!$request_uri) $request_uri = $_SERVER['SCRIPT_NAME']; # IIS
- # Nasty CloudFlare hack provided by butchs at simplemachines
- $ip_temp = preg_replace("/^::ffff:/", "", (array_key_exists('Cf-Connecting-Ip', $headers_mixed)) ? $_SERVER['HTTP_CF_CONNECTING_IP'] : $_SERVER['REMOTE_ADDR']);
- $cloudflare_ip = preg_replace("/^::ffff:/", "", $_SERVER['REMOTE_ADDR']);
+ if ($settings['reverse_proxy']) {
+ $headers['X-Bad-Behavior-Remote-Address'] = $_SERVER['REMOTE_ADDR'];
+ $headers_mixed['X-Bad-Behavior-Remote-Address'] = $_SERVER['REMOTE_ADDR'];
+ $ip = bb2_reverse_proxy($settings, $headers_mixed);
+ } else {
+ $ip = $_SERVER['REMOTE_ADDR'];
+ }
- @$package = array('ip' => $ip_temp, 'headers' => $headers, 'headers_mixed' => $headers_mixed, 'request_method' => $_SERVER['REQUEST_METHOD'], 'request_uri' => $request_uri, 'server_protocol' => $_SERVER['SERVER_PROTOCOL'], 'request_entity' => $request_entity, 'user_agent' => $_SERVER['HTTP_USER_AGENT'], 'is_browser' => false, 'cloudflare' => $cloudflare_ip);
+ @$package = array('ip' => $ip, 'headers' => $headers, 'headers_mixed' => $headers_mixed, 'request_method' => $_SERVER['REQUEST_METHOD'], 'request_uri' => $request_uri, 'server_protocol' => $_SERVER['SERVER_PROTOCOL'], 'request_entity' => $request_entity, 'user_agent' => $_SERVER['HTTP_USER_AGENT'], 'is_browser' => false,);
$result = bb2_screen($settings, $package);
if ($result && !defined('BB2_TEST')) bb2_banned($settings, $package, $result);
@@ -104,7 +121,10 @@ function bb2_screen($settings, $package)
// Check the http:BL
require_once(BB2_CORE . "/blackhole.inc.php");
- if ($r = bb2_httpbl($settings, $package)) return $r;
+ if ($r = bb2_httpbl($settings, $package)) {
+ if ($r == 1) return false; # whitelisted
+ return $r;
+ }
// Check for common stuff
require_once(BB2_CORE . "/common_tests.inc.php");
@@ -114,6 +134,26 @@ function bb2_screen($settings, $package)
// Specific checks
@$ua = $package['user_agent'];
+ // Search engine checks come first
+ if (stripos($ua, "bingbot") !== FALSE || stripos($ua, "msnbot") !== FALSE || stripos($ua, "MS Search") !== FALSE) {
+ require_once(BB2_CORE . "/searchengine.inc.php");
+ if ($r = bb2_msnbot($package)) {
+ if ($r == 1) return false; # whitelisted
+ return $r;
+ }
+ } elseif (stripos($ua, "Googlebot") !== FALSE || stripos($ua, "Mediapartners-Google") !== FALSE || stripos($ua, "Google Wireless") !== FALSE) {
+ require_once(BB2_CORE . "/searchengine.inc.php");
+ if ($r = bb2_google($package)) {
+ if ($r == 1) return false; # whitelisted
+ return $r;
+ }
+ } elseif (stripos($ua, "Yahoo! Slurp") !== FALSE || stripos($ua, "Yahoo! SearchMonkey") !== FALSE) {
+ require_once(BB2_CORE . "/searchengine.inc.php");
+ if ($r = bb2_yahoo($package)) {
+ if ($r == 1) return false; # whitelisted
+ return $r;
+ }
+ }
// MSIE checks
if (stripos($ua, "; MSIE") !== FALSE) {
$package['is_browser'] = true;
@@ -142,15 +182,6 @@ function bb2_screen($settings, $package)
} elseif (stripos($ua, "MovableType") !== FALSE) {
require_once(BB2_CORE . "/movabletype.inc.php");
if ($r = bb2_movabletype($package)) return $r;
- } elseif (stripos($ua, "msnbot") !== FALSE || stripos($ua, "MS Search") !== FALSE) {
- require_once(BB2_CORE . "/searchengine.inc.php");
- if ($r = bb2_msnbot($package)) return $r;
- } elseif (stripos($ua, "Googlebot") !== FALSE || stripos($ua, "Mediapartners-Google") !== FALSE || stripos($ua, "Google Wireless") !== FALSE) {
- require_once(BB2_CORE . "/searchengine.inc.php");
- if ($r = bb2_google($package)) return $r;
- } elseif (stripos($ua, "Yahoo! Slurp") !== FALSE || stripos($ua, "Yahoo! SearchMonkey") !== FALSE) {
- require_once(BB2_CORE . "/searchengine.inc.php");
- if ($r = bb2_yahoo($package)) return $r;
} elseif (stripos($ua, "Mozilla") !== FALSE && stripos($ua, "Mozilla") == 0) {
$package['is_browser'] = true;
require_once(BB2_CORE . "/browser.inc.php");
@@ -172,4 +203,3 @@ function bb2_screen($settings, $package)
bb2_approved($settings, $package);
return false;
}
-?>
diff --git a/include/bad-behavior/functions.inc.php b/include/bad-behavior/functions.inc.php
index 436cf6a..9833805 100644
--- a/include/bad-behavior/functions.inc.php
+++ b/include/bad-behavior/functions.inc.php
@@ -46,6 +46,7 @@ function match_cidr($addr, $cidr) {
foreach ($cidr as $cidrlet) {
if (match_cidr($addr, $cidrlet)) {
$output = true;
+ break;
}
}
} else {
@@ -71,5 +72,3 @@ function bb2_load_headers() {
}
return $headers;
}
-
-?>
diff --git a/include/bad-behavior/movabletype.inc.php b/include/bad-behavior/movabletype.inc.php
index b15fe9c..04c4625 100644
--- a/include/bad-behavior/movabletype.inc.php
+++ b/include/bad-behavior/movabletype.inc.php
@@ -10,5 +10,3 @@ function bb2_movabletype($package)
}
return false;
}
-
-?>
diff --git a/include/bad-behavior/post.inc.php b/include/bad-behavior/post.inc.php
index e1d8ffa..39f7d34 100644
--- a/include/bad-behavior/post.inc.php
+++ b/include/bad-behavior/post.inc.php
@@ -54,7 +54,7 @@ function bb2_post($settings, $package)
}
// If Referer exists, it should refer to a page on our site
- if ($settings['offsite_forms'] && array_key_exists('Referer', $package['headers_mixed']) && stripos($package['headers_mixed']['Referer'], $package['headers_mixed']['Host']) === FALSE) {
+ if (!$settings['offsite_forms'] && array_key_exists('Referer', $package['headers_mixed']) && stripos($package['headers_mixed']['Referer'], $package['headers_mixed']['Host']) === FALSE) {
return "cd361abb";
}
@@ -100,5 +100,3 @@ function bb2_post($settings, $package)
return false;
}
-
-?>
diff --git a/include/bad-behavior/responses.inc.php b/include/bad-behavior/responses.inc.php
index 48e9702..139641c 100644
--- a/include/bad-behavior/responses.inc.php
+++ b/include/bad-behavior/responses.inc.php
@@ -49,4 +49,3 @@ function bb2_get_response($key) {
if (array_key_exists($key, $bb2_responses)) return $bb2_responses[$key];
return array('00000000');
}
-?>
diff --git a/include/bad-behavior/screener.inc.php b/include/bad-behavior/screener.inc.php
index 55da198..8f5a624 100644
--- a/include/bad-behavior/screener.inc.php
+++ b/include/bad-behavior/screener.inc.php
@@ -60,4 +60,3 @@ function bb2_screener($settings, $package)
bb2_screener_cookie($settings, $package, BB2_COOKIE, $cookie_value);
bb2_screener_javascript($settings, $package, BB2_COOKIE, $cookie_value);
}
-?>
diff --git a/include/bad-behavior/searchengine.inc.php b/include/bad-behavior/searchengine.inc.php
index 582bf0f..9013dd7 100644
--- a/include/bad-behavior/searchengine.inc.php
+++ b/include/bad-behavior/searchengine.inc.php
@@ -43,5 +43,3 @@ function bb2_yahoo($package)
# }
return false;
}
-
-?>
diff --git a/include/bad-behavior/whitelist.inc.php b/include/bad-behavior/whitelist.inc.php
index 6fa023f..ac35af6 100644
--- a/include/bad-behavior/whitelist.inc.php
+++ b/include/bad-behavior/whitelist.inc.php
@@ -26,5 +26,3 @@ function bb2_whitelist($package)
}
return false;
}
-
-?>
More information about the Xfce4-commits
mailing list