Skip to content

Instantly share code, notes, and snippets.

@JosephShenton
Created September 8, 2017 03:38
Show Gist options
  • Star 3 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save JosephShenton/bd766dc634088873af7ea61bfc5d1f76 to your computer and use it in GitHub Desktop.
Save JosephShenton/bd766dc634088873af7ea61bfc5d1f76 to your computer and use it in GitHub Desktop.
Layer 7 DDoS Protection PHP
<?php
$key = "La1az>T.}+w:uMoZ"; // CHANGE THIS STRING
$code = md5($_SERVER['REMOTE_ADDR'].$_SERVER['HTTP_HOST'].$key);
$cookie = isset($_COOKIE['l7code']) ? $_COOKIE['l7code'] : FALSE ;
$ignored_uri = array();
$ignore = false;
foreach($ignored_uri as $u){
if(preg_match("#".str_replace('*', '(.*)', $u)."#", $_SERVER['REQUEST_URI'])){
$ignore = true;
break;
}
}
if($cookie != $code && !$ignore){
$l7code = isset($_GET['l7code']) ? $_GET['l7code'] : FALSE ;
$url = "http://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'].(empty($_GET)?'?':'&').'l7code='.$code;
$script = <<<EOT
<script>
<!--
location.href = "$url";
//-->
</script>
EOT;
if($l7code !== FALSE){
if($l7code == $code){
setcookie("l7code", $l7code, time()+86400, "/", ".".$_SERVER['HTTP_HOST']);
$query = preg_replace('/(?|&)?l7code=[^&]+/', '', $_SERVER['REQUEST_URI']);
header('Location: http://'.$_SERVER['HTTP_HOST'].($query=='/?'?'/':$query));
} else {
$script = "";
}
}
echo <<<EOT
<!DOCTYPE html>
<html>
<head>
<title></title>
<meta charset="utf-8">
<meta name="robots" content="noindex,nofollow">
<style>
body { background: #eee; }
noscript { width: 500px; text-align: center; margin-left: -250px; color: #999; margin-top: -60px; position: absolute; top: 50%; left: 50%; display: block; }
noscript b { color: #333; }
noscript img { margin-top: 10px; }
</style>
</head>
<body>
<noscript>
This website requires <b>JavaScript</b> and <b>Cookies</b>.<br>You can turn it on in the settings of your web browser.<br>
<img alt="" src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAEAAAABACAYAAACqaXHeAAAABHNCSVQICAgIfAhkiAAAAAlwSFlzAAALEwAACxMBAJqcGAAAAX5JREFUeJztmMGOwkAMQ8OKD/efs6c5gCqaTpw4ZeZJPTZ+tjigmnGBmb2SH5CdacDyy7cdAVZXvt0IsPrybUaA6crLR8CJ2E+PgKDwrUdAcpHWI0AgpMhsJ6LM7iGgdJAFd3ApD+zkVBbU0S09gECaY9rhBHDgE3KlHzzg7OZVaM60QyewB6C4hw9cIGMAs0CH6RcnyRrAbLJLZXlPXhQ4Mt7yKst78hjAkXNpAJDEPHks4MhyDQCilCePCc7yHo7QB1mqVd4fOex27AHUAmr2AGoBNXsAtYCaPYBaQM0eQC2g5inIZP/XD7H8L2APoBZQ4xkA5MzqDyJhoeU/ie2PosYdIXsAODLe8q6+gKBg5gBw3D/sMv3iBFkDwHH7a4fwAScZA9DcaYe+wB6A7kw/mAgOfCiuaYeJpDumBwQocysL6uxUHtjRRRbcyUEpoMyWiygyqUKVD9Jaf4DkIq3LDxAUvnX5AU7Efrr8ALZw+QFs4fID2MLlB7Cblf8HGIpOZ4g/3t0AAAAASUVORK5CYII=" alt="">
</noscript>
$script
</body>
</html>
EOT;
die();
}
@l3rodey
Copy link

l3rodey commented Mar 1, 2022

Using single quotes as opposed to doubles is far quicker in PHP. This is mixed, everything here could be converted to single quotes to get far better speeds out of your script. Here are a couple of other things I noticed:

  • $_SERVER['HTTP_HOST'] is used 4 times, make a variable of it.
  • $_SERVER['REQUEST_URI'] - used 3 times, could also be a variable.
  • The redirect goes to http:// whereas, it should really go to https:// anyone trying to secure their site should really be on SSL
  • You could make use of parse_url() here, especially around the scheme, host, path and query.

Great script though! I've made some changes, but I'm using it!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment