上篇介绍了服务器遭遇攻击的背景以及解决方法,这一片没有废话直接上代码
对称加密算法,我从网上抄的;大家可以抄一下别的加密算法,比如 凯撒加密等等
php代码: 连接地址:http://www.thinkphp.cn/code/282.html
/**
* 简单对称加密算法之加密
* @param String $string 需要加密的字串
* @param String $skey 加密EKY
* @author Anyon Zou <zoujingli@qq.com>
* @date 2013-08-13 19:30
* @update 2014-10-10 10:10
* @return String
*/
function encode($string = '', $skey = 'cxphp') {
$strArr = str_split(base64_encode($string));
$strCount = count($strArr);
foreach (str_split($skey) as $key => $value)
$key < $strCount && $strArr[$key].=$value;
return str_replace(array('=', '+', '/'), array('O0O0O', 'o000o', 'oo00o'), join('', $strArr));
}
/**
* 简单对称加密算法之解密
* @param String $string 需要解密的字串
* @param String $skey 解密KEY
* @author Anyon Zou <zoujingli@qq.com>
* @date 2013-08-13 19:30
* @update 2014-10-10 10:10
* @return String
*/
function decode($string = '', $skey = 'cxphp') {
$strArr = str_split(str_replace(array('O0O0O', 'o000o', 'oo00o'), array('=', '+', '/'), $string), 2);
$strCount = count($strArr);
foreach (str_split($skey) as $key => $value)
$key <= $strCount && isset($strArr[$key]) && $strArr[$key][1] === $value && $strArr[$key] = $strArr[$key][0];
return base64_decode(join('', $strArr));
}
下面这一段是 lua脚本代码,其实就是翻译了一下 php的加密算法的代码(这段代码不是我写的,是我的一个做ios开发的朋友写的)
require('math') local __author__ = 'Daniel Lindsley' local __version__ = 'scm-1' local __license__ = 'BSD' local index_table = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/' function to_binary(integer) local remaining = tonumber(integer) local bin_bits = '' for i = 7, 0, -1 do local current_power = math.pow(2, i) if remaining >= current_power then bin_bits = bin_bits .. '1' remaining = remaining - current_power else bin_bits = bin_bits .. '0' end end return bin_bits end function from_binary(bin_bits) return tonumber(bin_bits, 2) end function to_base64(to_encode) local bit_pattern = '' local encoded = '' local trailing = '' for i = 1, string.len(to_encode) do bit_pattern = bit_pattern .. to_binary(string.byte(string.sub(to_encode, i, i))) end -- Check the number of bytes. If it's not evenly divisible by three, -- zero-pad the ending & append on the correct number of ``=``s. if math.mod(string.len(bit_pattern), 3) == 2 then trailing = '==' bit_pattern = bit_pattern .. '0000000000000000' elseif math.mod(string.len(bit_pattern), 3) == 1 then trailing = '=' bit_pattern = bit_pattern .. '00000000' end for i = 1, string.len(bit_pattern), 6 do local byte = string.sub(bit_pattern, i, i+5) local offset = tonumber(from_binary(byte)) encoded = encoded .. string.sub(index_table, offset+1, offset+1) end return string.sub(encoded, 1, -1 - string.len(trailing)) .. trailing end function from_base64(to_decode) local padded = to_decode:gsub("%s", "") local unpadded = padded:gsub("=", "") local bit_pattern = '' local decoded = '' for i = 1, string.len(unpadded) do local char = string.sub(to_decode, i, i) local offset, _ = string.find(index_table, char) if offset == nil then error("Invalid character '" .. char .. "' found.") end bit_pattern = bit_pattern .. string.sub(to_binary(offset-1), 3) end for i = 1, string.len(bit_pattern), 8 do local byte = string.sub(bit_pattern, i, i+7) decoded = decoded .. string.char(from_binary(byte)) end local padding_length = padded:len()-unpadded:len() if (padding_length == 1 or padding_length == 2) then decoded = decoded:sub(1,-2) end return decoded end local function caesarDecode(sourceString,skey) if (sourceString == nil or (sourceString ~= nil and string.len(sourceString) == 0)) then sourceString = "" end if (skey == nil or (skey ~= nil and string.len(skey) == 0)) then skey = 1234567890 end local resultString = "" sourceString = string.gsub(sourceString,"O0O0O","=") sourceString = string.gsub(sourceString,"o000o","+") sourceString = string.gsub(sourceString,"oo00o","/") local length = string.len(sourceString) local sourceArray = {} for i=1,length,2 do local index = (i+1)/2 if (i == length) then sourceArray[index] = string.sub(sourceString,i,i) else sourceArray[index] = string.sub(sourceString,i,i+1) end end local minLength = math.min(string.len(skey),table.getn(sourceArray)) for j=1,minLength,1 do local tempString = sourceArray[j] if (tempString ~= nil and string.len(tempString) > 0) then if (string.len(tempString) == 2 and string.sub(tempString,2,2) == string.sub(skey,j,j)) then sourceArray[j] = string.sub(tempString,1,1) end end end resultString = table.concat(sourceArray); return from_base64(resultString) end local function caesarEncode(sourceString,skey) if (sourceString == nil or (sourceString ~= nil and string.len(sourceString) == 0)) then sourceString = "" end if (skey == nil or (skey ~= nil and string.len(skey) == 0)) then skey = 1234567890 end local resultString = "" local base64SourceString = to_base64(sourceString) local length = string.len(base64SourceString) local sourceArray = {} for i=1,length,1 do sourceArray[i] = string.sub(base64SourceString,i,i) end local minLength = math.min(string.len(skey),table.getn(sourceArray)) for j=1,minLength,1 do sourceArray[j] = sourceArray[j]..string.sub(skey,j,j) end resultString = table.concat(sourceArray); resultString = string.gsub(resultString,"=","O0O0O") resultString = string.gsub(resultString,"+","o000o") resultString = string.gsub(resultString,"/","oo00o") return resultString end -- 用指定字符串切割另一个字符串 local function strSplit(str, delimeter) local find, sub, insert = string.find, string.sub, table.insert local res = {} local start, start_pos, end_pos = 1, 1, 1 while true do start_pos, end_pos = find(str, delimeter, start, true) if not start_pos then break end insert(res, sub(str, start, start_pos - 1)) start = end_pos + 1 end insert(res, sub(str,start)) return res end -- 验证user-agent function validateAgent(user_agent) if string.find(user_agent,"myappuseragen") == nil then return false end local sourceArray = strSplit(user_agent, ",") if table.getn(sourceArray) == 3 then local sourceString = sourceArray[1] local timeStamp = tonumber(sourceArray[2]) local time = os.time() if (time-timeStamp>60) then return false end local encryption = sourceArray[3] if (sourceString..timeStamp == caesarDecode(encryption,"")) then return true else return false end else return false end end -- 验证request_uri function validateRequestUri(request_uri) if request_uri == "/api/abcd" then return true elseif request_uri == "/api/test" then return true else return false end end -- 请求头 local headers = ngx.req.get_headers() --请求的user_agent local user_agent = headers["user-agent"] local request_uri = ngx.var.request_uri if validateRequestUri(request_uri) then -- ngx.say("HTTP_OK") -- ngx.exit(ngx.HTTP_OK) elseif validateAgent(user_agent) then -- ngx.say("HTTP_OK") -- ngx.exit(ngx.HTTP_OK) else -- ngx.say("HTTP_FORBIDDEN") ngx.exit(ngx.HTTP_FORBIDDEN) end