1
<?php
2
/**
3
 * This file is part of the Shieldon package.
4
 *
5
 * (c) Terry L. <contact@terryl.in>
6
 *
7
 * For the full copyright and license information, please view the LICENSE
8
 * file that was distributed with this source code.
9
 * 
10
 * php version 7.1.0
11
 * 
12
 * @category  Web-security
13
 * @package   Shieldon
14
 * @author    Terry Lin <contact@terryl.in>
15
 * @copyright 2019 terrylinooo
16
 * @license   https://github.com/terrylinooo/shieldon/blob/2.x/LICENSE MIT
17
 * @link      https://github.com/terrylinooo/shieldon
18
 * @see       https://shieldon.io
19
 */
20

21
declare(strict_types=1);
22

23
namespace Shieldon\Firewall\Middleware;
24

25
use Psr\Http\Message\ResponseInterface;
26
use Psr\Http\Message\ServerRequestInterface;
27
use Psr\Http\Server\MiddlewareInterface;
28
use Psr\Http\Server\RequestHandlerInterface;
29
use Shieldon\Psr7\Response;
30
use function implode;
31
use function preg_match;
32

33
/**
34
 * A PSR-15 middleware that denys all malicious user-agent requests.
35
 */
36
class UserAgent implements MiddlewareInterface
37
{
38
    /**
39
     * 400 - Bad Request.
40
     *
41
     * @var int
42
     */
43
    const HTTP_STATUS_CODE = 400;
44

45
    /**
46
     * The URL list that you want to protect.
47
     *
48
     * @var array
49
     */
50
    protected $deniedList = [
51

52
        // Backlink crawlers
53
        'Ahrefs',     // http://ahrefs.com/robot/
54
        'roger',      // rogerbot (SEOMOZ)
55
        'moz.com',    // SEOMOZ crawlers
56
        'MJ12bot',    // Majestic crawlers
57
        'findlinks',  // http://wortschatz.uni-leipzig.de/findlinks
58
        'Semrush',    // http://www.semrush.com/bot.html
59

60
        // Web information crawlers
61
        'domain',     // Domain name information crawlers.
62
        'copyright',  // Copyright information crawlers.
63

64
        // Others
65
        'archive',    // Wayback machine
66
    ];
67

68
    /**
69
     * Constructor.
70
     * 
71
     * @param array $deniedList The list that want to be denied.
72
     *
73
     * @return void
74
     */
75 3
    public function __construct(array $deniedList = [])
76
    {
77 3
        if (!empty($deniedList)) {
78 3
            $this->deniedList = $deniedList;
79
        }
80
    }
81

82
    /**
83
     * Invoker.
84
     *
85
     * @param ServerRequestInterface  $request The PSR-7 server request.
86
     * @param RequestHandlerInterface $handler The PSR-15 request handler.
87
     *
88
     * @return ResponseInterface
89
     */
90 3
    public function process(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface
91
    {
92 3
        $userAgent = $request->getHeaderLine('user-agent');
93

94 3
        if (empty($userAgent)) {
95 3
            return (new Response)->withStatus(self::HTTP_STATUS_CODE);
96
        }
97

98 3
        if (!empty($this->deniedList)) {
99 3
            if (preg_match('/(' . implode('|', $this->deniedList). ')/i', $userAgent)) {
100 3
                return (new Response)->withStatus(self::HTTP_STATUS_CODE);
101
            }
102
        }
103

104 3
        return $handler->handle($request);
105
    }
106
}

Read our documentation on viewing source code .

Loading