介绍:
由于自己使用API经常被频繁请求,还偶尔被CC攻击,找到一套防止非正常高频率请求和防止一般CC攻击的PHP源码。
优势:
- 简单易用,无论你懂不懂PHP开发,只要会复制粘贴就行。
- Memcached内存缓存技术,高性能,高并发。
- 精准无误,0误封。
- 能防护QPS10000以内的CC攻击,看机器配置,有可能更高。
- 支持范围较广,直接你网站支持PHP就行。
- 源码简单,可自行修改,可以套自己喜欢的前端模板主题。
要求:
- PHP版本 ≥ 7.2
- PHP需安装Memcached扩展
- Memcached ≥1.6
使用方法:
以下开源代码添加到你网站核心文件中,相当于你网站任何页面都会引用的一个文件。类似于:config.php
或者根据你的程序逻辑添加到需要防CC的PHP文件头部即可。
源码:
<span class="php"><span class="hljs-meta"><?php</span><span class="hljs-comment">/*** 防止频繁请求,防范CC攻击,支持上万并发* 原创作者:小伟* 转载请保留版权,谢谢!*/</span>ini_set(<span class="hljs-string">"display_errors"</span>, <span class="hljs-string">"Off"</span>);error_reporting(E_ALL ^ E_NOTICE ^ E_WARNING);extension_loaded(<span class="hljs-string">'<a target="_blank" href="https://labishaxin.com/tag/781.html" title="View all posts in memcached">memcached</a>'</span>) <span class="hljs-keyword">or</span> <span class="hljs-keyword">die</span>(<span class="hljs-string">'memcached扩展未安装!'</span>); $logPath = $_SERVER[<span class="hljs-string">'DOCUMENT_ROOT'</span>] . <span class="hljs-string">'/waf/waf.log'</span>; <span class="hljs-comment">//日志记录文件保存路径,$_SERVER['DOCUMENT_ROOT']是网站根目录</span> $fileht = $_SERVER[<span class="hljs-string">'DOCUMENT_ROOT'</span>] . <span class="hljs-string">'/waf/ban.log'</span>; <span class="hljs-comment">//被拉黑IP记录文件保存路径</span><span class="hljs-keyword">if</span> (!file_exists($logPath)) { @mkdir($_SERVER[<span class="hljs-string">'DOCUMENT_ROOT'</span>] . <span class="hljs-string">'/waf/'</span>, <span class="hljs-number">0777</span>, <span class="hljs-keyword">true</span>); @file_put_contents($logPath, <span class="hljs-string">''</span>); @file_put_contents($fileht, <span class="hljs-string">''</span>);} $allowtime = <span class="hljs-number">2</span>; <span class="hljs-comment">//防刷新时间(秒)</span> $allownum = <span class="hljs-number">5</span>; <span class="hljs-comment">//防刷新次数(比如2秒5次,超过就警告)</span> $allowRefresh = <span class="hljs-number">10</span>; <span class="hljs-comment">//在此警告次数之后拉黑IP</span> $bantime = <span class="hljs-number">600</span>; <span class="hljs-comment">//封禁时间,超时自动解封(秒)</span> $ip = $_SERVER[<span class="hljs-string">'HTTP_X_FORWARDED_FOR'</span>] ? $_SERVER[<span class="hljs-string">'HTTP_X_FORWARDED_FOR'</span>] : $_SERVER[<span class="hljs-string">'REMOTE_ADDR'</span>]; $uri = $_SERVER[<span class="hljs-string">'PHP_SELF'</span>]; $cache = <span class="hljs-keyword">new</span> Memcached(); $cache->addServer(<span class="hljs-string">'127.0.0.1'</span>, <span class="hljs-string">'11211'</span>) <span class="hljs-keyword">or</span> <span class="hljs-keyword">die</span>(<span class="hljs-string">'memcached连接失败!'</span>); $inban = $cache->get(<span class="hljs-string">'waf-ban-'</span> . $ip);<span class="hljs-keyword">if</span> ($inban) { header(<span class="hljs-string">"HTTP/1.1 403 Forbidden"</span>); <span class="hljs-keyword">exit</span>(<span class="hljs-string">'<h1>403 Forbidden 非法访问</h1> <p>你的请求似乎不符合常理,已被服务器防火墙拦截,如有疑问请联系管理员QQ:XXXXXX</br>如果你在开发测试过程中超频被封IP,请等待'</span> . ($bantime / <span class="hljs-number">60</span>) . <span class="hljs-string">'分钟后自动解封</br>你的IP:'</span> . $ip . <span class="hljs-string">'</p>'</span>);} $wafarr = $cache->get(<span class="hljs-string">'waf-'</span> . $ip);<span class="hljs-keyword">if</span> (!$wafarr) { $wafarr = [ <span class="hljs-string">'path'</span> => $uri, <span class="hljs-string">'time'</span> => time() + $allowtime, <span class="hljs-string">'sum'</span> => <span class="hljs-number">1</span>, ]; $cache->set(<span class="hljs-string">'waf-'</span> . $ip, $wafarr, time() + $allowtime);} <span class="hljs-keyword">else</span> { <span class="hljs-keyword">if</span> ($wafarr[<span class="hljs-string">'sum'</span>] > $allownum) { $wafsum_arr = $cache->get(<span class="hljs-string">'waf-sum-'</span> . $ip); <span class="hljs-keyword">if</span> (!$wafsum_arr) { $wafsum_arr = [ <span class="hljs-string">'sum'</span> => <span class="hljs-number">1</span>, ]; $cache->set(<span class="hljs-string">'waf-sum-'</span> . $ip, $wafsum_arr, time() + $bantime); } <span class="hljs-keyword">else</span> { <span class="hljs-keyword">if</span> ($wafsum_arr[<span class="hljs-string">'sum'</span>] > $allowRefresh) { $cache->set(<span class="hljs-string">'waf-ban-'</span> . $ip, <span class="hljs-number">1</span>, time() + $bantime); file_put_contents($fileht, $ip . <span class="hljs-string">"n"</span>, FILE_APPEND); } <span class="hljs-keyword">else</span> { $wafsum_arr[<span class="hljs-string">'sum'</span>]++; $cache->set(<span class="hljs-string">'waf-sum-'</span> . $ip, $wafsum_arr, time() + $bantime); } } file_put_contents($logPath, $ip . <span class="hljs-string">'--'</span> . date(<span class="hljs-string">'Y-m-d H:i:s'</span>, time()) . <span class="hljs-string">'--'</span> . $uri . <span class="hljs-string">"n"</span>, FILE_APPEND); header(<span class="hljs-string">"HTTP/1.1 403 Forbidden"</span>); <span class="hljs-keyword">exit</span>(<span class="hljs-string">"请求频率QPS超过限制,请酌情访问,多次提醒后会封禁IP!"</span>); } <span class="hljs-keyword">else</span> { $wafarr[<span class="hljs-string">'sum'</span>]++; $cache->set(<span class="hljs-string">'waf-'</span> . $ip, $wafarr, $wafarr[<span class="hljs-string">'time'</span>]); }}</span><span class="php"><span class="hljs-meta"><?php</span>
<span class="hljs-comment">/**
* 防止频繁请求,防范CC攻击,支持上万并发
* 原创作者:小伟
* 转载请保留版权,谢谢!
*/</span>
ini_set(<span class="hljs-string">"display_errors"</span>, <span class="hljs-string">"Off"</span>);
error_reporting(E_ALL ^ E_NOTICE ^ E_WARNING);
extension_loaded(<span class="hljs-string">'<a target="_blank" href="https://labishaxin.com/tag/781.html" title="View all posts in memcached">memcached</a>'</span>) <span class="hljs-keyword">or</span> <span class="hljs-keyword">die</span>(<span class="hljs-string">'memcached扩展未安装!'</span>);
$logPath = $_SERVER[<span class="hljs-string">'DOCUMENT_ROOT'</span>] . <span class="hljs-string">'/waf/waf.log'</span>; <span class="hljs-comment">//日志记录文件保存路径,$_SERVER['DOCUMENT_ROOT']是网站根目录</span>
$fileht = $_SERVER[<span class="hljs-string">'DOCUMENT_ROOT'</span>] . <span class="hljs-string">'/waf/ban.log'</span>; <span class="hljs-comment">//被拉黑IP记录文件保存路径</span>
<span class="hljs-keyword">if</span> (!file_exists($logPath)) {
@mkdir($_SERVER[<span class="hljs-string">'DOCUMENT_ROOT'</span>] . <span class="hljs-string">'/waf/'</span>, <span class="hljs-number">0777</span>, <span class="hljs-keyword">true</span>);
@file_put_contents($logPath, <span class="hljs-string">''</span>);
@file_put_contents($fileht, <span class="hljs-string">''</span>);
}
$allowtime = <span class="hljs-number">2</span>; <span class="hljs-comment">//防刷新时间(秒)</span>
$allownum = <span class="hljs-number">5</span>; <span class="hljs-comment">//防刷新次数(比如2秒5次,超过就警告)</span>
$allowRefresh = <span class="hljs-number">10</span>; <span class="hljs-comment">//在此警告次数之后拉黑IP</span>
$bantime = <span class="hljs-number">600</span>; <span class="hljs-comment">//封禁时间,超时自动解封(秒)</span>
$ip = $_SERVER[<span class="hljs-string">'HTTP_X_FORWARDED_FOR'</span>] ? $_SERVER[<span class="hljs-string">'HTTP_X_FORWARDED_FOR'</span>] : $_SERVER[<span class="hljs-string">'REMOTE_ADDR'</span>];
$uri = $_SERVER[<span class="hljs-string">'PHP_SELF'</span>];
$cache = <span class="hljs-keyword">new</span> Memcached();
$cache->addServer(<span class="hljs-string">'127.0.0.1'</span>, <span class="hljs-string">'11211'</span>) <span class="hljs-keyword">or</span> <span class="hljs-keyword">die</span>(<span class="hljs-string">'memcached连接失败!'</span>);
$inban = $cache->get(<span class="hljs-string">'waf-ban-'</span> . $ip);
<span class="hljs-keyword">if</span> ($inban) {
header(<span class="hljs-string">"HTTP/1.1 403 Forbidden"</span>);
<span class="hljs-keyword">exit</span>(<span class="hljs-string">'<h1>403 Forbidden 非法访问</h1>
<p>你的请求似乎不符合常理,已被服务器防火墙拦截,如有疑问请联系管理员QQ:XXXXXX</br>如果你在开发测试过程中超频被封IP,请等待'</span> . ($bantime / <span class="hljs-number">60</span>) . <span class="hljs-string">'分钟后自动解封</br>你的IP:'</span> . $ip . <span class="hljs-string">'</p>'</span>);
}
$wafarr = $cache->get(<span class="hljs-string">'waf-'</span> . $ip);
<span class="hljs-keyword">if</span> (!$wafarr) {
$wafarr = [
<span class="hljs-string">'path'</span> => $uri,
<span class="hljs-string">'time'</span> => time() + $allowtime,
<span class="hljs-string">'sum'</span> => <span class="hljs-number">1</span>,
];
$cache->set(<span class="hljs-string">'waf-'</span> . $ip, $wafarr, time() + $allowtime);
} <span class="hljs-keyword">else</span> {
<span class="hljs-keyword">if</span> ($wafarr[<span class="hljs-string">'sum'</span>] > $allownum) {
$wafsum_arr = $cache->get(<span class="hljs-string">'waf-sum-'</span> . $ip);
<span class="hljs-keyword">if</span> (!$wafsum_arr) {
$wafsum_arr = [
<span class="hljs-string">'sum'</span> => <span class="hljs-number">1</span>,
];
$cache->set(<span class="hljs-string">'waf-sum-'</span> . $ip, $wafsum_arr, time() + $bantime);
} <span class="hljs-keyword">else</span> {
<span class="hljs-keyword">if</span> ($wafsum_arr[<span class="hljs-string">'sum'</span>] > $allowRefresh) {
$cache->set(<span class="hljs-string">'waf-ban-'</span> . $ip, <span class="hljs-number">1</span>, time() + $bantime);
file_put_contents($fileht, $ip . <span class="hljs-string">"n"</span>, FILE_APPEND);
} <span class="hljs-keyword">else</span> {
$wafsum_arr[<span class="hljs-string">'sum'</span>]++;
$cache->set(<span class="hljs-string">'waf-sum-'</span> . $ip, $wafsum_arr, time() + $bantime);
}
}
file_put_contents($logPath, $ip . <span class="hljs-string">'--'</span> . date(<span class="hljs-string">'Y-m-d H:i:s'</span>, time()) . <span class="hljs-string">'--'</span> . $uri . <span class="hljs-string">"n"</span>, FILE_APPEND);
header(<span class="hljs-string">"HTTP/1.1 403 Forbidden"</span>);
<span class="hljs-keyword">exit</span>(<span class="hljs-string">"请求频率QPS超过限制,请酌情访问,多次提醒后会封禁IP!"</span>);
} <span class="hljs-keyword">else</span> {
$wafarr[<span class="hljs-string">'sum'</span>]++;
$cache->set(<span class="hljs-string">'waf-'</span> . $ip, $wafarr, $wafarr[<span class="hljs-string">'time'</span>]);
}
}</span><?php
/**
* 防止频繁请求,防范CC攻击,支持上万并发
* 原创作者:小伟
* 转载请保留版权,谢谢!
*/
ini_set("display_errors", "Off");
error_reporting(E_ALL ^ E_NOTICE ^ E_WARNING);
extension_loaded('memcached') or die('memcached扩展未安装!');
$logPath = $_SERVER['DOCUMENT_ROOT'] . '/waf/waf.log'; //日志记录文件保存路径,$_SERVER['DOCUMENT_ROOT']是网站根目录
$fileht = $_SERVER['DOCUMENT_ROOT'] . '/waf/ban.log'; //被拉黑IP记录文件保存路径
if (!file_exists($logPath)) {
@mkdir($_SERVER['DOCUMENT_ROOT'] . '/waf/', 0777, true);
@file_put_contents($logPath, '');
@file_put_contents($fileht, '');
}
$allowtime = 2; //防刷新时间(秒)
$allownum = 5; //防刷新次数(比如2秒5次,超过就警告)
$allowRefresh = 10; //在此警告次数之后拉黑IP
$bantime = 600; //封禁时间,超时自动解封(秒)
$ip = $_SERVER['HTTP_X_FORWARDED_FOR'] ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR'];
$uri = $_SERVER['PHP_SELF'];
$cache = new Memcached();
$cache->addServer('127.0.0.1', '11211') or die('memcached连接失败!');
$inban = $cache->get('waf-ban-' . $ip);
if ($inban) {
header("HTTP/1.1 403 Forbidden");
exit('<h1>403 Forbidden 非法访问</h1>
<p>你的请求似乎不符合常理,已被服务器防火墙拦截,如有疑问请联系管理员QQ:XXXXXX</br>如果你在开发测试过程中超频被封IP,请等待' . ($bantime / 60) . '分钟后自动解封</br>你的IP:' . $ip . '</p>');
}
$wafarr = $cache->get('waf-' . $ip);
if (!$wafarr) {
$wafarr = [
'path' => $uri,
'time' => time() + $allowtime,
'sum' => 1,
];
$cache->set('waf-' . $ip, $wafarr, time() + $allowtime);
} else {
if ($wafarr['sum'] > $allownum) {
$wafsum_arr = $cache->get('waf-sum-' . $ip);
if (!$wafsum_arr) {
$wafsum_arr = [
'sum' => 1,
];
$cache->set('waf-sum-' . $ip, $wafsum_arr, time() + $bantime);
} else {
if ($wafsum_arr['sum'] > $allowRefresh) {
$cache->set('waf-ban-' . $ip, 1, time() + $bantime);
file_put_contents($fileht, $ip . "n", FILE_APPEND);
} else {
$wafsum_arr['sum']++;
$cache->set('waf-sum-' . $ip, $wafsum_arr, time() + $bantime);
}
}
file_put_contents($logPath, $ip . '--' . date('Y-m-d H:i:s', time()) . '--' . $uri . "n", FILE_APPEND);
header("HTTP/1.1 403 Forbidden");
exit("请求频率QPS超过限制,请酌情访问,多次提醒后会封禁IP!");
} else {
$wafarr['sum']++;
$cache->set('waf-' . $ip, $wafarr, $wafarr['time']);
}
}
内容看完了
© 版权声明
请登录后发表评论
注册