mexon/friendica
1
0
Fork 0
Code Pull requests Activity

Improved DDoS detection

Browse source
This commit is contained in:
Michael Vogel 2016-04-20 22:10:05 +02:00 committed by Roland Haeder
parent ede888dd4c
commit f7010edeb0
No known key found for this signature in database
GPG key ID: B72F8185C6C7BD78
1 changed files with 9 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
index.php
View file

@ -118,14 +118,20 @@ if((x($_SESSION,'language')) && ($_SESSION['language'] !== $lang)) {
if((x($_GET,'zrl')) && (!$install && !$maintenance)) { if((x($_GET,'zrl')) && (!$install && !$maintenance)) {
// Only continue when the given profile link seems valid // Only continue when the given profile link seems valid
// Valid profile links contain a path and no query parameters // Valid profile links contain a path with "/profile/" and no query parameters
if ((parse_url($_GET['zrl'], PHP_URL_QUERY) == "") AND if ((parse_url($_GET['zrl'], PHP_URL_QUERY) == "") AND
(parse_url($_GET['zrl'], PHP_URL_PATH) != "")) { strstr(parse_url($_GET['zrl'], PHP_URL_PATH), "/profile/")) {
$_SESSION['my_url'] = $_GET['zrl']; $_SESSION['my_url'] = $_GET['zrl'];
$a->query_string = preg_replace('/[\?&]zrl=(.*?)([\?&]|$)/is','',$a->query_string); $a->query_string = preg_replace('/[\?&]zrl=(.*?)([\?&]|$)/is','',$a->query_string);
zrl_init($a); zrl_init($a);
} else } else {
// Someone came with an invalid parameter, maybe as a DDoS attempt
// We simply stop processing here
logger("Invalid ZRL parameter ".$_GET['zrl'], LOGGER_DEBUG); logger("Invalid ZRL parameter ".$_GET['zrl'], LOGGER_DEBUG);
header('HTTP/1.1 403 Forbidden');
echo "<h1>403 Forbidden</h1>";
killme();
}
} }
/** /**