$wgDefaultBlockExpiry = "24 hours"; # default expiry time
# strtotime format, or "infinite" for an infinite block
$wgAutoblockExpiry = 86400; # Number of seconds before autoblock entries expire
+$wgBlockOpenProxies = false; # Automatic open proxy test on edit
+$wgProxyPorts = array( 80, 81, 1080, 3128, 8080 );
+$wgProxyScriptPath = "$IP/proxy_check.php";
+$wgProxyMemcExpiry = 86400;
# Client-side caching:
$wgCachePages = true; # Allow client-side caching of pages
$this->edittime = $this->mArticle->getTimestamp();
$this->textbox1 = $this->mArticle->getContent(true);
$this->summary = "";
+ $this->proxyCheck();
}
$wgOut->setRobotpolicy( "noindex,nofollow" );
$wgOut->returnToMain( false );
}
+ # Forks processes to scan the originating IP for an open proxy server
+ # MemCached can be used to skip IPs that have already been scanned
+ function proxyCheck()
+ {
+ global $wgBlockOpenProxies, $wgProxyPorts, $wgProxyScriptPath;
+ global $wgIP, $wgUseMemCached, $wgMemc, $wgDBname, $wgProxyMemcExpiry;
+
+ if ( !$wgBlockOpenProxies ) {
+ return;
+ }
+
+ # Get MemCached key
+ $skip = false;
+ if ( !$wgUseMemCached ) {
+ $mcKey = "$wgDBname:proxy:ip:$wgIP";
+ $mcValue = $wgMemc->get( $mcKey );
+ if ( $mcValue ) {
+ $skip = true;
+ }
+ }
+ # Fork the processes
+ if ( !$skip ) {
+ $title = Title::makeTitle( NS_SPECIAL, "Blockme" );
+ $url = $title->getFullURL();
+ foreach ( $wgProxyPorts as $port ) {
+ $params = implode( " ", array(
+ escapeshellarg( $wgProxyScriptPath ),
+ escapeshellarg( $wgIP ),
+ escapeshellarg( $port ),
+ escapeshellarg( $url )
+ ));
+ exec( "php $params &>/dev/null &" );
+ }
+ # Set MemCached key
+ if ( $wgUseMemCached ) {
+ $wgMemc->set( $mcKey, 1, $wgProxyMemcExpiry );
+ }
+ }
+ }
}
?>
--- /dev/null
+<?php
+
+# Command line script to check for an open proxy at a specified location
+
+# Exit if there are not enough parameters, or if it's not command line mode
+
+if ( ( isset( $_REQUEST ) && array_key_exists( "argv", $_REQUEST ) ) || count( $argv ) < 4 ) {
+ exit();
+}
+
+# Get parameters
+$ip = $argv[1];
+$port = $argv[2];
+$url = $argv[3];
+
+# Open socket
+$sock = fsockopen($ip, $port, $errno, $errstr, 5);
+if ($errno == 0 ) {
+ # Send payload
+ $request = "GET $url HTTP/1.0\r\n";
+ $request .= "Proxy-Connection: Keep-Alive\r\n";
+ $request .= "Pragma: no-cache\r\n";
+ $request .= "Host: ".$url."\r\n";
+ $request .= "User-Agent: MediaWiki open proxy check\r\n";
+ $request .= "\r\n";
+ fputs($sock, $request);
+ $response = fgets($sock, 128);
+ fclose($sock);
+}
+?>
"Whatlinkshere" => "",
"Recentchangeslinked" => "",
"Movepage" => "",
+ "Blockme" => "",
"Booksources" => "External book sources",
# "Categories" => "Page categories",
"Export" => "XML page export",
"range_block_disabled" => "The sysop ability to create range blocks is disabled.",
"ipb_expiry_invalid" => "Expiry time invalid.",
"ip_range_invalid" => "Invalid IP range.\n",
+"proxyblocker" => "Proxy blocker",
+"proxyblockreason" => "Your IP address has been blocked because it is an open proxy. Please contact your Internet service provider or tech support and inform them of this serious security problem.",
+"proxyblocksuccess" => "Done.\n",
# Developer tools
#
dépôts / lhc / web / wiklou.git / commitdiff