ddosfilter.net | php http firewall

1. <?php
2. /*
3.  * @package     PHP HTTP Firewall
4.  * @author      DSTAT | @DDoS_Filter
5.  * @copyright   Copyright © [2023] [@DDoS_Filter] https://www.copyright.gov/dmca/
6.  * @file        /firewall.php
7.  * @version     2.0
8.  * @site        http://ddosfilter.net
9.  * @comment     Public release of firewall.php from http://ddosfilter.net/
10.  
11. *********************************************************************************
12. SETUP: (Based on stock apache2 install on ubuntu)
13. 1.
14. In the terminal command line of your server type:
15. crontab -e
16. (If prompted to choose a text editor choose nano.)
17.  
18. 2.
19. Paste these 2 lines (lines 22 and 23) into the crontab and save: (Change directory to match your setup.)
20. */// Don't Include the first 2 // when you copy and paste!
21.  
22. // */1 * * * * > /var/www/html/firewall/connections.txt
23. // 0 */1 * * * > /var/www/html/firewall/blacklist.txt
24.  
25. /*
26. 3.
27. Press Ctrl + o
28. Press Enter
29. Press Ctrl + x
30.  
31. 4.
32. Run this command in terminal:
33. mkdir /var/www/html/firewall/ && > /var/www/html/firewall/connections.txt && > /var/www/html/firewall/blacklist.txt && chmod 646 /var/www/html/firewall/connections.txt && chmod 646 /var/www/html/firewall/blacklist.txt
34.  
35. 5.
36. Run this command in terminal:
37. nano /var/www/html/firewall/firewall.php
38.  
39. 6.
40. *Paste this entire document into the terminal window.*
41.  
42. 7.
43. Press Ctrl + o
44. Press Enter
45. Press Ctrl + x
46.  
47. OR:
48. Manually add firewall.php to the /var/www/html/firewall/ directory.
49.  
50. Done!
51.  
52. 8.
53. To protect a .php page with firewall.php add this code to the top of your php pages:
54. require '/var/www/html/firewall/firewall.php';
55.  
56. **********************************************************************************/
57.  
58.  
59. $l7path = '/var/www/html/firewall/';        // Full path to firewall files.
60. $title = 'IP Blocked By @DDoS_Filter';      // Page title when displaying firewall.php.
61. $iplimit = 30;                              // SETS MAX REQUESTS PER MINUTE LIMIT.
62. $ualimit = 40;                              // SETS MAX TIMES A USERAGENT CAN BE USED IN A MINUTE.
63. $enable_protection = true;                  // Disables all protection.
64.  
65. if (isset($_SERVER['HTTP_CF_CONNECTING_IP'])) {
66.     $CFrequest = true;
67.     $ip = $_SERVER['HTTP_CF_CONNECTING_IP'];
68. } else {
69.     $CFrequest = false;
70.     $ip = $_SERVER['REMOTE_ADDR'];
71. }
72.  
73. if ($enable_protection === true) {
74.    
75.     // Spam filters
76.     $spam = false;
77.     if (isset($_SERVER['HTTP_USER_AGENT']) && strlen($_SERVER['HTTP_USER_AGENT']) > 32) {
78.         $ua = substr($_SERVER['HTTP_USER_AGENT'],0,150);
79.         if (
80.             (array_key_exists('HTTP_X_FORWARDED_FOR', $_SERVER))    // Block Most HTTP Proxies
81.             // || strpos($ua, 'WordPress') !== false                // Block WordPress
82.             // || strlen($_SERVER['QUERY_STRING']) > 40             // Block Large QUERY_STRING. Example: file.php?id=lsdlfjsdfjdsklfklsd&user=lskjflsdjfjskfsjlflskjdj...
83.             // || strlen($_SERVER['REQUEST_URI']) > 50              // Block Large REQUEST_URI. Example: /a/b/c/d/e/f/g/h/islkfsljfd/example.php?id=lsdlfjsdfjdsklfklsd...
84.         )
85.         {
86.             die('Request Detected As Spam And Was Blocked');
87.         }
88.     } else {
89.         die('Request Detected As Spam And Was Blocked');
90.     }
91.     // Spam filters
92.  
93.     if (($blacklist = fopen($l7path.'blacklist.txt', 'r')) !== false) { // Blacklist
94.         while (!feof($blacklist)) {
95.             $bip = fgets($blacklist); // Read IP
96.             if (strlen($ip."\n") == strlen($bip)) { // Check IPs lengths
97.                 if (strpos($bip, $ip) !== false) { // Check if IP is blacklisted
98.                     fclose($blacklist);
99.                     die('<html><head><title>'.$title.'</title></head><body><center><h1>Your IP is temporarily blacklisted.</h1></center></body></html>');
100.                 }
101.             }
102.         }
103.         fclose($blacklist);
104.         $blacklist = ''; // Free up resources
105.     } else {
106.         die('Error: Unable to process request. (blacklist file error');
107.     }
108.  
109.     file_put_contents($l7path.'connections.txt',$ip.' '.$ua."\n", FILE_APPEND | LOCK_EX); // Add IP to temp connections list
110.     $tempconns = file_get_contents($l7path.'connections.txt') or die('Error: Unable to process request. (conns file error)'); // Read temp IP file
111.  
112.     $ipcount = substr_count($tempconns,$ip); // Count IPs requests
113.     if ($ipcount == $iplimit) {
114.         $spam = true;
115.     } else {
116.         $uacount = substr_count($tempconns,$ua); // Count Useragents requests
117.         if ($uacount >= $ualimit) {
118.             $spam = true;
119.         }
120.     }
121.     $tempconns = ''; // Free up resources
122.  
123.     if ($spam === true) { // Conditions for blacklisting connections
124.         file_put_contents($l7path.'blacklist.txt',$ip."\n", FILE_APPEND); // Add IP to blacklist
125.         die('<html><head><title>'.$title.'</title></head><body><center><h1>Your IP ('.$ip.') has been temporarily blacklisted. Please try again later.</h1></center></body></html>');
126.     }
127. }