PHP Application Firewall

The purpose of application firewalls is to filter users input in a smarter way. They work on a higher level of the OSI model than the standard network firewall and they have to understand entirely the payload.

The following script is an very simple but yet effective PHP Application Firewall. It filters PHP GET requests when jos_users or two dots are met in the variable. Jos_users is often found in Joomla sql injections while .. is usually connected with local file inclusions.

The script purpose is to demonstrate how simple it is to create a php application firewall yourself. So take it as the basis and adapt it for your php application.
//A simple php application firewall
//Copyright (C) 2010 Anatoliy Dimitrov, website-security.info

function sanitize(&$subject) {

$filter = array( 'jos_users', '..');

foreach ($filter as $k) {
$subject = str_replace($k,'', $subject);
}
}

//next walk the INPUT arrays and apply the function to each value.
//In our example we will use only $_GET but you might get input
// from $_POST, $_COOKIE or $_REQUEST too. It depends entirely on 
//the script which arrays to sanitize. You can go through all 
//of them but it will slow down the script and may cause unforseen issues

array_walk($_GET, 'sanitize');

//finally print the $_GET array to see what has been filtered. Used only for debugging.
print_r($_GET);
The above code should be included before any other code is processed. If you include it in the end of a script it will do nothing.

blog comments powered by Disqus