Simple URL Filtering Script
This php script will simply allow you to filter any request to your page by its Query String. You can even track people who has accessed that forbidden request. They usualy request it for finding out any sql injection or xss vulnerability on the page.
By adding the log script you can have their activity recorded on your host. You can also add more info to the log, just modify it if you want 
Here’s the script…
-
<?php
/* Copyright (C) 2009 crazydavinci.net */
/* Simple URL Filter + Activity Logger */function jebak($url){
?>
<body bgcolor="black" text="red">
<h1 align="center">HEY DUDE, WHAT THE HELL ARE U DOING HERE ?!<br>
You Activity Has Been Logged !!! Thanks For Trying…</h1>
</body>
<?php
$ip = $_SERVER['REMOTE_ADDR'];
$date=date("d/M/y g:i:s a");
$file= fopen('log.txt', 'a');
fwrite($file, "\r\nURI : $url – $date – IP : $ip\r\n");
fclose($file);
die();
}
$ref=strtolower($_SERVER['QUERY_STRING']);
$filter=array('http://','select','order','=-','null','%3c','%3e','from','–','/*','+','t;','&#');
for($i=0; $i<count($filter); $i++)
{
if(strstr($ref,$filter[$i]))jebak($ref);
}?>
Put it on the first line of your php so it will be evaluated first, before loading the real content of the page. Try out the sample page here…
You can see that the character open and close tag for the html is filtered by the script, you can add or remove the filter entries by modifying the array variable ($filter)
To have the log file, make sure you create the log.txt file on the same directory and make it writeable…
Here’s what you will see on the log file :
- URI : paged=%3chtml%3etest%3c/html%3e – 07/Apr/09 9:07:53 am – IP : xxx.xxx.xxx.xxx
May 8th, 2009 at 3:39 pm
zzzzzzzzzzzzzzzzzzzzzzzzzzzzzz
blzannya mna coy…………..
May 28th, 2009 at 6:22 pm
om joy..
klw di kombinasikn sma script php fs gmn?
koq sy “gatot” trs… T.T
akhir’a sy pk warning’a ajj…xixi
tnx b4
June 6th, 2009 at 6:49 am
Ma JOY, bisakah file PHP tersebut diatas dikombinasikan dgn file PHP cookies saya?
Teima Kasih, smoga dijawab.
December 28th, 2009 at 6:59 pm
bang joy ne gmn c cr kerjanya???mohon tutor diperluas bang joy..,help please
March 8th, 2010 at 3:58 pm
cara kerja dia, filter berdasarkan url yg ada di addressbar lex..
jd misal yg mengandung kata2 yg dilarang, kaya union, schema dll langsung ke blok
kurang lebih bgt, cara pakenya tgl require aja di baris awal kode phpnya..
May 14th, 2010 at 4:14 pm
This is a good blog post, I was wondering if I could use this piece on my website, I will link it back to your website though. If this is a problem please let me know and I will take it down right away.
May 15th, 2010 at 1:07 am
@ Gerry Slama
sure, you can use it on any php based website, try it and let me know if it’s working on your page or not. good luck
October 24th, 2010 at 10:17 am
bang joy…
saya masih kurang paham makenya ini bang joy,,,
file ini di include di file HTML utama ato gimana bang joy ???
mohon pencerahannya bang joy..
oh ya,,sekalian saya mau tanya bang joy,,
site ini kan isi loading pagenya,,
nah,,saya coba applikasiin ke site saya,,
di bantu ama brada strezzpc..
tapi ga mau ngeblock kayak di site ini,,
mohon pencerahan nya bang joy,
makasih
October 31st, 2010 at 4:48 am
@ R_Die
include di php bro, klo d html biasa ga kan jln
btw, loading pagenya itu jalan td br q cek.. nice bro
November 12th, 2010 at 1:39 am
hmmm,,
maksdnya script ini di jadikan php dulu,,baru kemudian di masukin ke HTML utama gitu ya om ???
jadi,,script di atas itu adi file sendiri ya ???