Ubuntu
������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������
title = __( 'Check if bad request methods can access your website.', 'secupress' );
$this->more = __( 'There are malicious scripts and bots out there, hammering your site with bad HTTP GET requests. Let\'s check if your website can handle that.', 'secupress' );
$this->more_fix = sprintf(
__( 'Activate the option %1$s in the %2$s module.', 'secupress' ),
'' . __( 'Block Bad Request Methods', 'secupress' ) . '',
'' . __( 'Firewall', 'secupress' ) . ''
);
}
/**
* Get messages.
*
* @since 1.0
*
* @param (int) $message_id A message ID.
*
* @return (string|array) A message if a message ID is provided. An array containing all messages otherwise.
*/
public static function get_messages( $message_id = null ) {
$messages = array(
// "good"
0 => __( 'You are currently blocking bad request methods.', 'secupress' ),
1 => __( 'Protection activated', 'secupress' ),
// "warning"
100 => _n_noop( 'Unable to determine the status of your homepage for %s request method.', 'Unable to determine the status of your homepage for %s request methods.', 'secupress' ),
101 => sprintf(
/** Translators: 1 is the name of a protection, 2 is the name of a module. */
__( 'But you can activate the %1$s protection from the module %2$s.', 'secupress' ),
'' . __( 'Block Bad Request Methods', 'secupress' ) . '',
'' . __( 'Firewall', 'secupress' ) . ''
),
// "bad"
200 => _n_noop( 'Your website should block %s request method.', 'Your website should block %s request methods.', 'secupress' ),
);
if ( isset( $message_id ) ) {
return isset( $messages[ $message_id ] ) ? $messages[ $message_id ] : __( 'Unknown message', 'secupress' );
}
return $messages;
}
/** Getters. ================================================================================ */
/**
* Get the documentation URL.
*
* @since 1.2.3
*
* @return (string)
*/
public static function get_docs_url() {
return __( 'http://docs.secupress.me/article/112-bad-request-method-scan', 'secupress' );
}
/** Scan. =================================================================================== */
/**
* Scan for flaw(s).
*
* @since 1.0
*
* @return (array) The scan results.
*/
public function scan() {
$activated = secupress_filter_scanner( __CLASS__ );
if ( true === $activated ) {
$this->add_message( 0 );
return parent::scan();
}
// These methods should be blocked.
$methods = array( 'TRACK', 'OPTIONS', 'CONNECT', 'SECUPRESS_TEST_' . time() );
if ( secupress_is_submodule_active( 'sensitive-data', 'restapi' ) ) {
// Sub-module activated === REST API disabled === these methods should also be blocked.
$methods = array_merge( $methods, array( 'PUT', 'PATCH', 'DELETE' ) );
}
$bads = array();
$warnings = array();
$request_args = $this->get_default_request_args();
foreach ( $methods as $method ) {
$request_args['method'] = $method;
$response = wp_remote_request( add_query_arg( secupress_generate_key( 6 ), secupress_generate_key( 8 ), user_trailingslashit( home_url() ) ), $request_args );
if ( ! is_wp_error( $response ) && 200 === wp_remote_retrieve_response_code( $response ) && '' !== wp_remote_retrieve_body( $response ) ) {
// "bad"
$bads[] = '' . $method . '';
}
}
if ( $bads ) {
// "bad"
$this->add_message( 200, array( count( $bads ), $bads ) );
}
// "good"
$this->maybe_set_status( 0 );
return parent::scan();
}
/** Fix. ==================================================================================== */
/**
* Try to fix the flaw(s).
*
* @since 1.4.5
*
* @return (array) The fix results.
*/
public function need_manual_fix() {
return [ 'fix' => 'fix' ];
}
/**
* Get an array containing ALL the forms that would fix the scan if it requires user action.
*
* @since 1.4.5
*
* @return (array) An array of HTML templates (form contents most of the time).
*/
protected function get_fix_action_template_parts() {
return [ 'fix' => ' ' ];
}
/**
* Try to fix the flaw(s) after requiring user action.
*
* @since 1.4.5
*
* @return (array) The fix results.
*/
public function manual_fix() {
if ( $this->has_fix_action_part( 'fix' ) ) {
$this->fix();
}
// "good"
$this->add_fix_message( 1 );
return parent::manual_fix();
}
/**
* Try to fix the flaw(s).
*
* @since 1.0
*
* @return (array) The fix results.
*/
public function fix() {
// Activate.
secupress_activate_submodule( 'firewall', 'request-methods-header' );
// "good"
$this->add_fix_message( 1 );
return parent::fix();
}
}