home *** CD-ROM | disk | FTP | other *** search
// SmartDesk Personal Web Server v2.0 - Event Handler // (c) 1997-98 SmartDesk, Inc., All Rights Reserved LIBRARY sysclass GLOBAL logLocalHost STATIC websrvr, sessionId, ClientAddr FUNCTION main( _websrvr, _sessionId, _hServer, _hClient ) // Parameters: // // websrvr Pointer to internal server data // sessionId Session ID // hServer Handle of Server listen socket // hClient Handle of Client connetion socket local hServer, hClient, hackcnt local session, command, url, param, defURL, apLibs local filename, data, err, flag, webhost, i, fname TRY websrvr = 0 + _websrvr sessionId = 0 + _sessionId hServer = 0 + _hServer hClient = 0 + _hClient // Initialize the Active Page generator... _apGenerate( ) // get the local host if ( type( logLocalHost ) != "C" ) logLocalHost = "" end defURL = webServerDefFile( websrvr ) // default URL to display if none specified apLibs = "sysclass" // List of libraries to include when running ap files, ";" delimited // get the session data session = new( "session", websrvr, sessionId ) ClientAddr = session.data( "REMOTE_ADDR" ) command = session.data( "REQUEST_METHOD" ) url = session.data( "PATH_INFO" ) filename = session.data( "PATH_TRANSLATED" ) param = session.data( "QUERY_STRING" ) // let 'em know somebody is here... mprint( date( ) + " " + time( ) + " CONNECTED (" + hClient + ") " + ClientAddr ) // check for multiple 404 accesses... hackcnt = 0 + session.data( "404COUNT" ) if ( hackcnt > 5 ) if ( sessionDataExpired( websrvr, sessionId, "404COUNT", 60 ) ) session.data( "404COUNT", "0" ) else webhost = webhostfromaddr( ClientAddr ) if ( type( webhost ) != "C" ) webhost = "" end data = "<H1><FONT COLOR=red>Hack Attack Notification!!!</FONT></H1>You have had way too many attempts accessing unauthorized files on this server. " data += "Your internal identification information (<FONT COLOR=red>" + webhost + " </FONT>/<FONT COLOR=\"#0000FF\"> " + ClientAddr + "</FONT>) has been logged to a our security system " data += " and further access to this site will be denied. Have a nice day...<FONT SIZE=1><BR><BR>SmartDesk Personal Web Server v1.1, www.smartdesk.com</FONT><BR>\r\n" webServerSend( websrvr, hclient, "HTTP/1.0 200 Success\r\nDate: " + webGMT( ) + "\r\nContent-Type: text/html\r\nContent-Length: " + len( data ) + "\r\n\r\n" + data ) mprint( " HACKER REJECTED!!!\r\n" ) mprintln( date( ) + " " + time( ) + " DISCONNECTED (" + hClient + ") " + ClientAddr ) webServerLogAddEntry( ClientAddr, command, url, param ) return( 0 ) end end // log the entry webServerLogAddEntry( ClientAddr, command, url, param ) // validate the URI data if ( ( at( "*", filename ) > 0 ) || ( at( "?", filename ) > 0 ) ) // check for wildcards filename = "" elseif ( strempty( filename ) || ( filename == "\\" ) ) // check for non-specific request, use default URL if non specified filename = webServerFile( websrvr, defURL ) elseif ( strat( "..", filename ) > 0 ) // Oops...potential security violation webServerLogAddEntry( ClientAddr, "SECURITY_DIRECTORY_ACCESS_ATTEMPT", filename, "" ) filename = "" end if ( IsWin32( ) ) fname = lfnLongToShort( filename ) if ( type( fname ) == "C" ) if ( ! strempty( fname ) ) filename = fname end end end // check if the file is available flag = 1 if ( ! fileExists( filename ) ) if ( strat( ".HTML", upper( filename ) ) > 1 ) fname = strextract( filename, ".", 1 ) + ".htm" if ( fileExists( fname ) ) filename = fname flag = 0 else // check if an AP page exists fname = strextract( filename, ".", 1 ) + ".ap" if ( fileExists( fname ) ) filename = fname flag = 0 end end elseif ( strat( ".HTM", upper( filename ) ) > 1 ) // check if an AP page exists fname = strextract( filename, ".", 1 ) + ".ap" if ( fileExists( fname ) ) filename = fname flag = 0 end elseif ( isdir( filename ) || right( filename, 1 ) == "//" ) // check if it references another directory fname = fileFixPath( filename + "\\" + defURL ) if ( fileExists( fname ) ) filename = fname flag = 0 else fname = fileFixPath( filename + "\\index.ap" ) if ( fileExists( fname ) ) filename = fname flag = 0 else fname = fileFixPath( filename + "\\index.htm" ) if ( fileExists( fname ) ) filename = fname flag = 0 end end end end if ( flag ) data = "<H1>File Not Found</H1>The server was unable to locate the <B>" + url + "</B> file.<FONT SIZE=1><BR>SmartDesk Personal Web Server v1.1, www.smartdesk.com</FONT><BR>\r\n" webServerSend( websrvr, hclient, "HTTP/1.0 404 Resource not found\r\nDate: " + webGMT( ) + "\r\nContent-Type: text/html\r\nContent-Length: " + len( data ) + "\r\n\r\n" + data ) mprint( " GET/404 " + url + "\r\n" ) mprintln( date( ) + " " + time( ) + " DISCONNECTED (" + hClient + ") " + ClientAddr ) if ( strempty( session.data( "REFERER" ) ) ) session.data( "404COUNT", "" + ( hackcnt + 1 ) ) end return( 0 ) end end mprint( " " + command + " " + url + " " ) // display the first part of the paramater line if ( ! strempty( param ) ) mprintln( "" ) if ( len( param ) > 75 ) mprint( left( param, 75 ) + "... ") else mprint( param + " " ) end end // process command specific stuff switch ( upper( command ) ) case "GET" case "POST" case "HEAD" switch ( upper( fileExtension( filename ) ) ) case "HTM" // htm or html file if ( command == "HEAD" ) webServerSendFileHead( websrvr, hClient, filename ) else webServerSendFile( websrvr, hClient, filename ) end webServerLogAddEntry( ClientAddr, "SEND_FILE_HTML", filename, "" ) break case "AP" // SmartDesk Active Server Page data = apServePageToBuffer( filename, aplibs, websrvr, sessionID ) + "\r\n" // Check if the AP file processed its own HTTP header if ( left( data, 5 ) == "HTTP/" ) if ( command == "HEAD" ) i = strat( "\r\n\r\n", data ) if ( i > 0 ) data = left( data, i ) + "\r\n\r\n" end end webServerSend( websrvr, hClient, data ) else webServerSend( websrvr, hClient, "HTTP/1.0 200 Success\r\nDate: " + webGMT( ) + "\r\nContent-Type: text/html\r\nContent-Length: " + len( data ) + "\r\n\r\n" + data ) end webServerLogAddEntry( ClientAddr, ( command == "HEAD" ? "AP_HEAD_INFO" : "AP_SERVE_FILE" ), filename, "" ) break case "EXE" case "FGL" case "FGX" case "COM" case "BAT" // check if this is a local request if ( webAddrFromHost( webHostName( ) ) == ClientAddr ) // run the application locally smartrun( filename ) break end // otherwise, fall through to the default handler... default // default to binary data if ( command == "HEAD" ) webServerSendFileHead( websrvr, hClient, filename ) else webServerSendFile( websrvr, hClient, filename ) end webServerLogAddEntry( ClientAddr, "SEND_FILE_BINARY", filename, "" ) end break default // error in processing read request, echo back command webServerSend( websrvr, hClient, webHeader( ) + "Unsupported HTTP request. Error processing requested command:<BR>" + command + " " + url + webFooter( ) ) webServerLogAddEntry( ClientAddr, "ERROR_GET_UNKOWN_URL", filename, "" ) end mprintln( "" ) mprintln( date( ) + " " + time( ) + " DISCONNECTED (" + hClient + ") " + ClientAddr ) return( 1 ) CATCH ( err ) msgDelay( 3000, "Error [" + err.errornum + "] at line #" + err.errorline + " (" + ErrorAsText( err.errornum ) + ")" ) return( 0 ) END END FUNCTION webServerLogAddEntry( url, command, param, data ) local SummaryFile, LogEntry SummaryFile = 1 // Set this to 0 to capture all of the details (big file!) // don't log the chat update window... if ( strat( "CHATTEXT.AP", upper( param ) ) > 0 ) return( 1 ) end if ( ! webLogLocal( websrvr ) ) if ( ClientAddr == webLocalHost( ) ) return( 1 ) elseif ( ClientAddr == "127.0.0.1" ) return( 1 ) end end // build the log entry data if ( SummaryFile ) logEntry = date( "YYYY-MM-DD" ) + "," + time( ) + "," + url + "," + command + "," + param + "\r\n" else logEntry = date( "YYYY-MM-DD" ) + "," + time( ) + "," + url + "," + data + "\r\n" end webLogEntry( websrvr, logEntry ) return( 1 ) END FUNCTION mprint( str ) if ( ! webMonitoring( websrvr ) ) return( 0 ) end print( str ) // change this line to send the monitor output somewhere else return( 1 ) END FUNCTION mprintln( str ) return( mprint( str + "\r" ) ) END � 
