صفحهٔ اصلی گشت‌و‌گذار راهنما
ورود
mirrors
/
mailcow-dockerized
mirrorاز https://github.com/mailcow/mailcow-dockerized
2
0
انشعاب 0
پرونده‌ها مشکلات 0 ویکی
درخت: 5e590ea119
شاخه‌ها تگ‌ها
mailcow-dockeri...
/
data
/
web
/
inc
/
functions.fail2ban.inc.php

functions.fail2ban.inc.php 6.6 KB
تاريخچه خام

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179 
  1. <?php
    2. 

  2. function valid_network($network) {
    3. 

  3.   $cidr = explode('/', $network);
    4. 

  4.   if (filter_var($cidr[0], FILTER_VALIDATE_IP, FILTER_FLAG_IPV4) && (!isset($cidr[1]) || ($cidr[1] >= 0 && $cidr[1] <= 32))) {
    5. 

  5.     return true;
    6. 

  6.   }
    7. 

  7.   elseif (filter_var($cidr[0], FILTER_VALIDATE_IP, FILTER_FLAG_IPV6) && (!isset($cidr[1]) || ($cidr[1] >= 0 && $cidr[1] <= 128))) {
    8. 

  8.     return true;
    9. 

  9.   }
    10. 

  10.   return false;
    11. 

  11. }
    12. 

  12. function fail2ban($_action, $_data = null) {
    13. 

  13.   global $redis;
    14. 

  14.   global $lang;
    15. 

  15.   switch ($_action) {
    16. 

  16.     case 'get':
    17. 

  17.       $f2b_options = array();
    18. 

  18.       if ($_SESSION['mailcow_cc_role'] != "admin") {
    19. 

  19.         return false;
    20. 

  20.       }
    21. 

  21.       try {
    22. 

  22.         $f2b_options = json_decode($redis->Get('F2B_OPTIONS'), true);
    23. 

  23.         $wl = $redis->hGetAll('F2B_WHITELIST');
    24. 

  24.         if (is_array($wl)) {
    25. 

  25.           foreach ($wl as $key => $value) {
    26. 

  26.             $tmp_wl_data[] = $key;
    27. 

  27.           }
    28. 

  28.           if (isset($tmp_wl_data)) {
    29. 

  29.             sort($tmp_wl_data);
    30. 

  30.             $f2b_options['whitelist'] = implode(PHP_EOL, $tmp_wl_data);
    31. 

  31.           }
    32. 

  32.           else {
    33. 

  33.             $f2b_options['whitelist'] = "";
    34. 

  34.           }
    35. 

  35.         }
    36. 

  36.         else {
    37. 

  37.           $f2b_options['whitelist'] = "";
    38. 

  38.         }
    39. 

  39.         $bl = $redis->hGetAll('F2B_BLACKLIST');
    40. 

  40.         if (is_array($bl)) {
    41. 

  41.           foreach ($bl as $key => $value) {
    42. 

  42.             $tmp_bl_data[] = $key;
    43. 

  43.           }
    44. 

  44.           if (isset($tmp_bl_data)) {
    45. 

  45.             sort($tmp_bl_data);
    46. 

  46.             $f2b_options['blacklist'] = implode(PHP_EOL, $tmp_bl_data);
    47. 

  47.           }
    48. 

  48.           else {
    49. 

  49.             $f2b_options['blacklist'] = "";
    50. 

  50.           }
    51. 

  51.         }
    52. 

  52.         else {
    53. 

  53.           $f2b_options['blacklist'] = "";
    54. 

  54.         }
    55. 

  55.         $active_bans = $redis->hGetAll('F2B_ACTIVE_BANS');
    56. 

  56.         $queue_unban = $redis->hGetAll('F2B_QUEUE_UNBAN');
    57. 

  57.         if (is_array($active_bans)) {
    58. 

  58.           foreach ($active_bans as $network => $banned_until) {
    59. 

  59.             $queued_for_unban = (isset($queue_unban[$network]) && $queue_unban[$network] == 1) ? 1 : 0;
    60. 

  60.             $difference = $banned_until - time();
    61. 

  61.             $f2b_options['active_bans'][] = array(
    62. 

  62.               'queued_for_unban' => $queued_for_unban,
    63. 

  63.               'network' => $network,
    64. 

  64.               'banned_until' => sprintf('%02dh %02dm %02ds', ($difference/3600), ($difference/60%60), $difference%60)
    65. 

  65.             );
    66. 

  66.           }
    67. 

  67.         }
    68. 

  68.         else {
    69. 

  69.           $f2b_options['active_bans'] = "";
    70. 

  70.         }
    71. 

  71.       }
    72. 

  72.       catch (RedisException $e) {
    73. 

  73.         $_SESSION['return'] = array(
    74. 

  74.           'type' => 'danger',
    75. 

  75.           'msg' => 'Redis: '.$e
    76. 

  76.         );
    77. 

  77.         return false;
    78. 

  78.       }
    79. 

  79.       return $f2b_options;
    80. 

  80.     break;
    81. 

  81.     case 'edit':
    82. 

  82.       if ($_SESSION['mailcow_cc_role'] != "admin") {
    83. 

  83.         $_SESSION['return'] = array(
    84. 

  84.           'type' => 'danger',
    85. 

  85.           'msg' => sprintf($lang['danger']['access_denied'])
    86. 

  86.         );
    87. 

  87.         return false;
    88. 

  88.       }
    89. 

  89.       if (isset($_data['action']) && !empty($_data['network'])) {
    90. 

  90.         $networks = (array) $_data['network'];
    91. 

  91.         foreach ($networks as $network) {
    92. 

  92.           if ($_data['action'] == "unban") {
    93. 

  93.             if (valid_network($network)) {
    94. 

  94.               $redis->hSet('F2B_QUEUE_UNBAN', $network, 1);
    95. 

  95.             }
    96. 

  96.           }
    97. 

  97.           elseif ($_data['action'] == "whitelist") {
    98. 

  98.             if (valid_network($network)) {
    99. 

  99.               $redis->hSet('F2B_WHITELIST', $network, 1);
    100. 

  100.               $redis->hDel('F2B_BLACKLIST', $network, 1);
    101. 

  101.               $redis->hSet('F2B_QUEUE_UNBAN', $network, 1);
    102. 

  102.             }
    103. 

  103.           }
    104. 

  104.           elseif ($_data['action'] == "blacklist") {
    105. 

  105.             if (valid_network($network)) {
    106. 

  106.               $redis->hSet('F2B_BLACKLIST', $network, 1);
    107. 

  107.             }
    108. 

  108.           }
    109. 

  109.         }
    110. 

  110.         $_SESSION['return'] = array(
    111. 

  111.           'type' => 'success',
    112. 

  112.           'msg' => sprintf($lang['success']['object_modified'], htmlspecialchars(implode(', ', $networks)))
    113. 

  113.         );
    114. 

  114.         return true;
    115. 

  115.       }
    116. 

  116.       $is_now = fail2ban('get');
    117. 

  117.       if (!empty($is_now)) {
    118. 

  118.         $ban_time = intval((isset($_data['ban_time'])) ? $_data['ban_time'] : $is_now['ban_time']);
    119. 

  119.         $max_attempts = intval((isset($_data['max_attempts'])) ? $_data['max_attempts'] : $is_now['active_int']);
    120. 

  120.         $retry_window = intval((isset($_data['retry_window'])) ? $_data['retry_window'] : $is_now['retry_window']);
    121. 

  121.         $netban_ipv4 = intval((isset($_data['netban_ipv4'])) ? $_data['netban_ipv4'] : $is_now['netban_ipv4']);
    122. 

  122.         $netban_ipv6 = intval((isset($_data['netban_ipv6'])) ? $_data['netban_ipv6'] : $is_now['netban_ipv6']);
    123. 

  123.         $wl = (isset($_data['whitelist'])) ? $_data['whitelist'] : $is_now['whitelist'];
    124. 

  124.         $bl = (isset($_data['blacklist'])) ? $_data['blacklist'] : $is_now['blacklist'];
    125. 

  125.       }
    126. 

  126.       else {
    127. 

  127.         $_SESSION['return'] = array(
    128. 

  128.           'type' => 'danger',
    129. 

  129.           'msg' => sprintf($lang['danger']['access_denied'])
    130. 

  130.         );
    131. 

  131.         return false;
    132. 

  132.       }
    133. 

  133.       $f2b_options = array();
    134. 

  134.       $f2b_options['ban_time'] = ($ban_time < 60) ? 60 : $ban_time;
    135. 

  135.       $f2b_options['netban_ipv4'] = ($netban_ipv4 < 8) ? 8 : $netban_ipv4;
    136. 

  136.       $f2b_options['netban_ipv6'] = ($netban_ipv6 < 8) ? 8 : $netban_ipv6;
    137. 

  137.       $f2b_options['netban_ipv4'] = ($netban_ipv4 > 32) ? 32 : $netban_ipv4;
    138. 

  138.       $f2b_options['netban_ipv6'] = ($netban_ipv6 > 128) ? 128 : $netban_ipv6;
    139. 

  139.       $f2b_options['max_attempts'] = ($max_attempts < 1) ? 1 : $max_attempts;
    140. 

  140.       $f2b_options['retry_window'] = ($retry_window < 1) ? 1 : $retry_window;
    141. 

  141.       try {
    142. 

  142.         $redis->Set('F2B_OPTIONS', json_encode($f2b_options));
    143. 

  143.         $redis->Del('F2B_WHITELIST');
    144. 

  144.         $redis->Del('F2B_BLACKLIST');
    145. 

  145.         if(!empty($wl)) {
    146. 

  146.           $wl_array = array_map('trim', preg_split( "/( |,|;|\n)/", $wl));
    147. 

  147.           if (is_array($wl_array)) {
    148. 

  148.             foreach ($wl_array as $wl_item) {
    149. 

  149.               if (valid_network($wl_item)) {
    150. 

  150.                 $redis->hSet('F2B_WHITELIST', $wl_item, 1);
    151. 

  151.               }
    152. 

  152.             }
    153. 

  153.           }
    154. 

  154.         }
    155. 

  155.         if(!empty($bl)) {
    156. 

  156.           $bl_array = array_map('trim', preg_split( "/( |,|;|\n)/", $bl));
    157. 

  157.           if (is_array($bl_array)) {
    158. 

  158.             foreach ($bl_array as $bl_item) {
    159. 

  159.               if (valid_network($bl_item)) {
    160. 

  160.                 $redis->hSet('F2B_BLACKLIST', $bl_item, 1);
    161. 

  161.               }
    162. 

  162.             }
    163. 

  163.           }
    164. 

  164.         }
    165. 

  165.       }
    166. 

  166.       catch (RedisException $e) {
    167. 

  167.         $_SESSION['return'] = array(
    168. 

  168.           'type' => 'danger',
    169. 

  169.           'msg' => 'Redis: '.$e
    170. 

  170.         );
    171. 

  171.         return false;
    172. 

  172.       }
    173. 

  173.       $_SESSION['return'] = array(
    174. 

  174.         'type' => 'success',
    175. 

  175.         'msg' => sprintf($lang['success']['f2b_modified'])
    176. 

  176.       );
    177. 

  177.     break;
    178. 

  178.   }
    179. 

  179. }
    180.