class-disable-access-system-file-rules.php
11 months ago
class-recovery-codes.php
4 months ago
class-time-based-one-time-password.php
4 months ago
class-waf-rules.php
1 year ago
class-disable-access-system-file-rules.php
101 lines
| 1 | <?php |
| 2 | |
| 3 | if ( ! defined( 'ABSPATH' ) ) { |
| 4 | exit; |
| 5 | } |
| 6 | |
| 7 | /** |
| 8 | * 設定ファイルアクセス防止で使用するルール設定用のクラス |
| 9 | */ |
| 10 | class CloudSecureWP_Disable_Access_System_File_Rules { |
| 11 | // ルールの定義 |
| 12 | private const DISABLE_ACCESS_SYSTEM_FILE_RULES = array( |
| 13 | array( |
| 14 | 'id' => '1000301', |
| 15 | 'skip' => 1, |
| 16 | 'skipafter' => '', |
| 17 | 'chain' => false, |
| 18 | 'variables' => array( 'request_filename', 'args', 'args_names', 'request_headers', 'xml' ), |
| 19 | 'remove_variables' => array(), |
| 20 | 'attack' => '', |
| 21 | 'regex_pattern' => '\.www_acl|\.htpasswd|\.htaccess|boot\.ini|httpd\.conf|\/etc\/|\.htgroup|global\.asa|\.wwwacl', |
| 22 | 'transformations' => array( 'htmlentitydecode', 'lowercase' ), |
| 23 | ), |
| 24 | array( |
| 25 | 'id' => '1000302', |
| 26 | 'skip' => 0, |
| 27 | 'skipafter' => '959005', |
| 28 | 'chain' => false, |
| 29 | 'variables' => array(), |
| 30 | 'remove_variables' => array(), |
| 31 | 'attack' => '', |
| 32 | 'regex_pattern' => '', |
| 33 | 'transformations' => array(), |
| 34 | ), |
| 35 | array( |
| 36 | 'id' => '950005', |
| 37 | 'skip' => 0, |
| 38 | 'skipafter' => '', |
| 39 | 'chain' => false, |
| 40 | 'variables' => array( 'request_filename', 'args', 'args_names' ), |
| 41 | 'remove_variables' => array(), |
| 42 | 'attack' => 1, |
| 43 | 'regex_pattern' => '(?:\b(?:\.(?:ht(?:access|passwd|group)|www_?acl)|global\.asa|httpd\.conf|boot\.ini)\b|\/etc\/)', |
| 44 | 'transformations' => array( 'htmlentitydecode', 'lowercase' ), |
| 45 | ), |
| 46 | array( |
| 47 | 'id' => '959005', |
| 48 | 'skip' => 0, |
| 49 | 'skipafter' => '', |
| 50 | 'chain' => false, |
| 51 | 'variables' => array( 'request_headers', 'xml' ), |
| 52 | 'remove_variables' => array(), |
| 53 | 'attack' => 1, |
| 54 | 'regex_pattern' => '(?:\b(?:\.(?:ht(?:access|passwd|group)|www_?acl)|global\.asa|httpd\.conf|boot\.ini)\b|\/etc\/)', |
| 55 | 'transformations' => array( 'htmlentitydecode', 'lowercase' ), |
| 56 | ), |
| 57 | array( |
| 58 | 'id' => 'n101001', |
| 59 | 'skip' => 0, |
| 60 | 'skipafter' => '', |
| 61 | 'chain' => false, |
| 62 | 'variables' => array( 'request_filename' ), |
| 63 | 'remove_variables' => array(), |
| 64 | 'attack' => 1, |
| 65 | 'regex_pattern' => '(\.env|\.git)', |
| 66 | 'transformations' => array( 'htmlentitydecode', 'lowercase' ), |
| 67 | ), |
| 68 | array( |
| 69 | 'id' => 'n102001', |
| 70 | 'skip' => 0, |
| 71 | 'skipafter' => '', |
| 72 | 'chain' => false, |
| 73 | 'variables' => array( 'request_filename' ), |
| 74 | 'remove_variables' => array(), |
| 75 | 'attack' => 1, |
| 76 | 'regex_pattern' => 'wp-config\.php', |
| 77 | 'transformations' => array( 'htmlentitydecode', 'lowercase' ), |
| 78 | ), |
| 79 | ); |
| 80 | |
| 81 | private const LOCATIONMATCH_RULES = array(); |
| 82 | |
| 83 | /** |
| 84 | * ルールの取得 |
| 85 | * |
| 86 | * @return array |
| 87 | */ |
| 88 | public function get_waf_rules(): array { |
| 89 | return self::DISABLE_ACCESS_SYSTEM_FILE_RULES; |
| 90 | } |
| 91 | |
| 92 | /** |
| 93 | * LocationMatchルールの取得 |
| 94 | * |
| 95 | * @return array |
| 96 | */ |
| 97 | public function get_locationmatch_rules(): array { |
| 98 | return self::LOCATIONMATCH_RULES; |
| 99 | } |
| 100 | } |
| 101 |