Initial import of the logger, should be working

dd5f28a5 · Reinhold Kainhofer · dd5f28a5 · dd5f28a5
Commit dd5f28a5 authored Aug 30, 2016 by Reinhold Kainhofer
--- a/.htaccess
+++ b/.htaccess
+Header set Content-Security-Policy-Report-Only "default-src 'self'; script-src 'self' 'unsafe-inline' https://www.google.com/recaptcha/ 'unsafe-eval' https://www.gstatic.com/recaptcha/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/css; font-src 'self' https://fonts.gstatic.com; img-src 'self' https://secure.gravatar.com ; frame-src 'self' https://www.google.com/recaptcha/ ; report-uri https://open-tools.net/csp-logger/logger.php "
+
+##
+# @package		Joomla
+# @copyright	Copyright (C) 2005 - 2013 Open Source Matters. All rights reserved.
+# @license		GNU General Public License version 2 or later; see LICENSE.txt
+##
+
+##
+# READ THIS COMPLETELY IF YOU CHOOSE TO USE THIS FILE!
+#
+# The line just below this section: 'Options +FollowSymLinks' may cause problems
+# with some server configurations.  It is required for use of mod_rewrite, but may already
+# be set by your server administrator in a way that dissallows changing it in
+# your .htaccess file.  If using it causes your server to error out, comment it out (add # to
+# beginning of line), reload your site in your browser and test your sef url's.  If they work,
+# it has been set by your server administrator and you do not need it set here.
+##
+
+<IfModule mod_expires.c>
+  FileETag MTime Size
+  AddOutputFilterByType DEFLATE text/plain text/html text/xml text/css application/xml application/xhtml+xml application/rss+xml application/javascript application/x-javascript
+  ExpiresActive On
+  ExpiresDefault "access plus 5 seconds"
+#  ExpiresByType text/html "access plus 600 seconds"
+  ExpiresByType text/css "access plus 604800 seconds"
+  ExpiresByType text/javascript "access plus 216000 seconds"
+#  ExpiresByType application/xhtml+xml "access plus 600 seconds"
+  ExpiresByType application/javascript "access plus 216000 seconds"
+  ExpiresByType application/x-javascript "access plus 216000 seconds"
+  ExpiresByType image/x-icon "access plus 2592000 seconds"
+  ExpiresByType image/jpeg "access plus 2592000 seconds"
+  ExpiresByType image/png "access plus 2592000 seconds"
+  ExpiresByType image/gif "access plus 2592000 seconds"
+</IfModule>
+
+
+## Can be commented out if causes errors, see notes above.
+Options +FollowSymLinks
+
+## Mod_rewrite in use.
+
+RewriteEngine On
+
+Redirect permanent /virtuemart-2-extensions/vm2-ordernumber-plugin.html                /virtuemart/advanced-ordernumbers.html
+Redirect permanent /virtuemart-2-extensions/vm2-ordernumber-plugin                     /virtuemart/advanced-ordernumbers
+
+Redirect permanent /virtuemart-2-extensions/vm2-downloads-for-sale.html                /virtuemart/downloads-for-sale.html
+Redirect permanent /virtuemart-2-extensions/vm2-downloads-for-sale                     /virtuemart/downloads-for-sale
+
+Redirect permanent /virtuemart-2-extensions/vm2-shipping-by-rules-plugin.html          /virtuemart/shipping-by-rules.html
+Redirect permanent /virtuemart-2-extensions/vm2-shipping-by-rules-plugin               /virtuemart/shipping-by-rules
+Redirect permanent /virtuemart-2-extensions/vm2-shipping-by-rules-plugin-detail.html   /virtuemart/shipping-by-rules.html
+
+Redirect permanent /virtuemart-2-extensions/vm2-advanced-shipping-by-rules-plugin.html /virtuemart/advanced-shipping-by-rules.html
+Redirect permanent /virtuemart-2-extensions/vm2-advanced-shipping-by-rules-plugin/     /virtuemart/advanced-shipping-by-rules
+Redirect permanent /virtuemart-2-extensions/extensions-for-the-shipping-by-rules-plugins-for-virtuemart-detail.html /virtuemart/advanced-shipping-by-rules/extensions-for-shipping-by-rules.html
+
+Redirect permanent /virtuemart-2-extensions/vm2-add-buyers-to-joomla-groups.html       /virtuemart/add-buyers-to-joomla-groups.html
+Redirect permanent /virtuemart-2-extensions/vm2-add-buyers-to-joomla-groups            /virtuemart/add-buyers-to-joomla-groups
+
+Redirect permanent /virtuemart-2-extensions/vm2-customers-to-joomla-groups-admin-panel.html /virtuemart/customers-to-joomla-groups-admin-panel.html
+Redirect permanent /virtuemart-2-extensions/vm2-customers-to-joomla-groups-admin-panel      /virtuemart/customers-to-joomla-groups-admin-panel
+
+Redirect permanent /virtuemart-2-extensions/vm2-acy-subscribe-buyers-plugin.html       /virtuemart/acy-subscribe-buyers.html
+Redirect permanent /virtuemart-2-extensions/vm2-acy-subscribe-buyers-plugin            /virtuemart/acy-subscribe-buyers
+
+Redirect permanent /virtuemart-2-extensions/vm2-donation-plugin.html                   /virtuemart/name-the-price.html
+Redirect permanent /virtuemart-2-extensions/vm2-donation-plugin                        /virtuemart/name-the-price
+
+Redirect permanent /virtuemart-2-extensions/vm2-auto-categories-plugin.html            /virtuemart/auto-parent-categories.html
+Redirect permanent /virtuemart-2-extensions/vm2-auto-categories-plugin                 /virtuemart/auto-parent-categories
+
+
+Redirect permanent /support-forum/ordernumbers-for-virtuemart.html                /support-forum/vm-advanced-ordernumbers.html
+Redirect permanent /support-forum/vm2-ordernumber-plugin.html                     /support-forum/vm-advanced-ordernumbers.html
+Redirect permanent /support-forum/vm2-ordernumber-plugin                          /support-forum/vm-advanced-ordernumbers
+Redirect permanent /support-forum/vm2-donations-plugin.html                       /support-forum/vm-name-the-price.html
+Redirect permanent /support-forum/vm2-donations-plugin                            /support-forum/vm-name-the-price
+RedirectMatch permanent /support-forum/vm2-(.*)$                                  /support-forum/vm-$1
+
+Redirect permanent /documentation/vm2-add-buyers-to-joomla-groups-plugin.html     /virtuemart/add-buyers-to-joomla-groups.html
+RedirectMatch permanent /documentation/vm2-(.*)$                                  /documentation/vm-$1
+
+
+Redirect permanent /virtuemart-2-extensions             /virtuemart
+Redirect permanent /virtuemart-2-extensions.html        /virtuemart.html
+
+
+
+## Begin - Rewrite rules to block out some common exploits.
+# If you experience problems on your site block out the operations listed below
+# This attempts to block the most common type of exploit `attempts` to Joomla!
+#
+# Block out any script trying to base64_encode data within the URL.
+RewriteCond %{QUERY_STRING} base64_encode[^(]*\([^)]*\) [OR]
+# Block out any script that includes a <script> tag in URL.
+RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR]
+# Block out any script trying to set a PHP GLOBALS variable via URL.
+RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
+# Block out any script trying to modify a _REQUEST variable via URL.
+RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
+# Return 403 Forbidden header and show the content of the root homepage
+RewriteRule .* index.php [F]
+#
+## End - Rewrite rules to block out some common exploits.
+
+## Begin - Custom redirects
+#
+# If you need to redirect some pages, or set a canonical non-www to
+# www redirect (or vice versa), place that code here. Ensure those
+# redirects use the correct RewriteRule syntax and the [R=301,L] flags.
+#
+## End - Custom redirects
+
+##
+# Uncomment following line if your webserver's URL
+# is not directly related to physical file paths.
+# Update Your Joomla! Directory (just / for root).
+##
+
+# RewriteBase /
+
+## Begin - Joomla! core SEF Section.
+#
+RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
+#
+# If the requested path and file is not /index.php and the request
+# has not already been internally rewritten to the index.php script
+RewriteCond %{REQUEST_URI} !^/index\.php
+# and the request is for something within the component folder,
+# or for the site root, or for an extensionless URL, or the
+# requested URL ends with one of the listed extensions
+RewriteCond %{REQUEST_URI} /component/|(/[^.]*|\.(php|html?|feed|pdf|vcf|raw))$ [NC]
+# and the requested path and file doesn't directly match a physical file
+RewriteCond %{REQUEST_FILENAME} !-f
+# and the requested path and file doesn't directly match a physical folder
+RewriteCond %{REQUEST_FILENAME} !-d
+# internally rewrite the request to the index.php script
+RewriteRule .* index.php [L]
+#
+## End - Joomla! core SEF Section.
--- a/logger.php
+++ b/logger.php
+<?php
+
+/**
+ * @package    OpenToolsCSPLogger
+ *
+ * @copyright  Copyright (C) 2016 Open Tools, Reinhold Kainhofer
+ * @license    GNU General Public License version 2 or later
+ *
+ * Partly based on Mathias Bynens' csp reporting scrip:
+ *     https://mathiasbynens.be/notes/csp-reports
+ *
+ */
+
+// Send `204 No Content` status code
+http_response_code(204);
+
+// Specify the email address to send reports to
+define('EMAIL', 'webmaster@open-tools.net');
+// Specify the desired email subject for violation reports
+define('SUBJECT', 'CSP violation');
+
+$json = file_get_contents('php://input');
+
+
+if ($report = json_decode($json)) {
+	$sourceUrl = parse_url($url, PHP_URL_HOST);
+	$host = $sourceUrl['host'];
+
+	$nicedata = json_encode(
+		$data,
+		JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES
+	);
+	
+	// Mail the CSP violation report
+// 	mail(EMAIL, SUBJECT, $data, 'Content-Type: text/plain;charset=utf-8');
+	
+	// Log all violation reports
+	file_put_contents(
+		__DIR__.'/logs/csp-violations_' . $host . '_' . date("Y-m-d").'.log', 
+		date("c") . ", " . $_SERVER['REMOTE_ADDR'] . ", " . $nicedata . "\n",
+		FILE_APPEND
+	);
+} else {
+	file_put_contents(__DIR__.'/logs/errors_'.date("Y-m-d").'.log', date("c") . 
+		", " . $_SERVER['REMOTE_ADDR'] . ", Sumitted data: $json\n",
+		FILE_APPEND
+	);
+	exit 0;
+}
+