|
/** |
|
* Block potential harmful requests |
|
*/ |
|
global $user_ID; if($user_ID) { |
|
if(!current_user_can('administrator')) { |
|
if (strlen($_SERVER['REQUEST_URI']) > 255 || |
|
stripos($_SERVER['REQUEST_URI'], "eval(") || |
|
stripos($_SERVER['REQUEST_URI'], "CONCAT") || |
|
stripos($_SERVER['REQUEST_URI'], "UNION+SELECT") || |
|
stripos($_SERVER['REQUEST_URI'], "base64")) { |
|
@header("HTTP/1.1 414 Request-URI Too Long"); |
|
@header("Status: 414 Request-URI Too Long"); |
|
@header("Connection: Close"); |
|
@exit; |
|
} |
|
} |
|
} |
These line are the seed of
- https://github.com/szepeviktor/waf4wordpress/tree/master/http-analyzer
- and https://github.com/szepeviktor/waf4wordpress/tree/master/core-events
Update as I work.
