feat(analytics): ✨ add filters/detectors for assumed-bogus requests

feat(analytics): ✨ add request status field
2025-04-08 10:05:13 +02:00 · 2025-04-08 10:04:39 +02:00
5 changed files with 54 additions and 4 deletions
--- a/dragon_fire.code-workspace
+++ b/dragon_fire.code-workspace
@ -12,7 +12,8 @@
 			"search",
 			"templates",
 			"css",
-			"database"
+			"database",
+			"analytics"
 		]
 	}
 }
--- a/www/src/db_handler/analytics_interface.php
+++ b/www/src/db_handler/analytics_interface.php
@ -8,7 +8,7 @@ interface AnalyticsInterface {
    public function log_path_access(
        $path, 
        $agent,
-        $referrer, $runtime);
+        $referrer, $runtime, $status = 200);

    public function log_path_errcode(
        $path,
--- a/www/src/db_handler/mysql_analytics_handler.php
+++ b/www/src/db_handler/mysql_analytics_handler.php
@ -72,7 +72,7 @@ class MySQLAnalyticsHandler
        $path,
        $agent,
        $referrer,
-        $time) {
+        $time, $status = 200) {
        
        if(strlen($path) == 0) {
            $path = '/';
@ -83,6 +83,7 @@ class MySQLAnalyticsHandler
            'path' => $path,
            'agent' => $agent,
            'referrer' => $referrer,
+            'status' => $status
        ], 'access_sum');

        $this->increment_counter([
--- a/www/src/serve/post.php
+++ b/www/src/serve/post.php
@ -107,6 +107,8 @@ if($REQUEST_PATH == '/search/') {
 $post = $adapter->get_post($REQUEST_PATH);

 if(!isset($post)) {
+    $analytics_return_status = 404;
+
    $error_page = $SITE_CONFIG['site_defaults'];
    $error_page['path'] = '/404';
    $error_page['title'] = '404 oh no';
--- a/www/src/setup/analytics.php
+++ b/www/src/setup/analytics.php
@ -5,6 +5,25 @@ $data_time_start = microtime(true);
 $analytics_enable_tail = false;
 $analytics_post = null;

+$analytics_return_status = 200;
+
+$analytics_known_bogus_requests = [
+    '/\.(git|env|aws|xmlrpc|well-known|svn)/',
+    '/^\/wp-/',
+    '/^\/ID3/',
+    '/^\/config/',
+    '/^\/web\.config/',
+    '/^\/storage/',
+    '/^\/web\/config\.php/',
+    '/^\/phpinfo\.php/',
+    '/^\/swagger\.json/',
+    '/^\/package\.json/',
+    '/^\/info\.php/',
+    '/^\/db\.ini/',
+    '/^\/administrator/'
+];
+$analytics_request_is_bogus = null;
+
 function deduce_user_agent() {
    $real_agent=$_SERVER['HTTP_USER_AGENT'];

@ -19,6 +38,27 @@ function deduce_user_agent() {
    }
 }

+function analytics_is_bogus_request() {
+    global $analytics_request_is_bogus;
+    global $analytics_known_bogus_requests;
+
+    global $REQUEST_PATH;
+
+    if(isset($analytics_request_is_bogus)) {
+        return $analytics_request_is_bogus;
+    }
+
+    foreach($analytics_known_bogus_requests AS $bogus_check) {
+        if(preg_match($bogus_check, $REQUEST_PATH)) {
+            $analytics_request_is_bogus = true;
+            return true;
+        }
+    }
+
+    $analytics_request_is_bogus = false;
+    return false;
+}
+
 function analytics_is_user() {
    return preg_match('/^user/', deduce_user_agent());
 }
@ -34,6 +74,8 @@ register_shutdown_function(function() {

    global $analytics_enable_tail;

+    global $analytics_return_status;
+
    $data_time_end = microtime(true);

    $http_referer = 'magic';
@ -45,10 +87,14 @@ register_shutdown_function(function() {

    $compute_time = $data_time_end - $data_time_start;

+    if(analytics_is_bogus_request()) {
+        $analytics_return_status = 'bogus';
+    }
+
    $analytics_adapter->log_path_access($REQUEST_PATH,
        deduce_user_agent(),
        $referrer,
-        $compute_time);
+        $compute_time, $analytics_return_status);

    if($analytics_enable_tail) {
        echo "<!-- Total page time was: " . $compute_time . " -->";
Author	SHA1	Message	Date
David Bailey	bbc093b497	feat(analytics): ✨ add filters/detectors for assumed-bogus requests Some checks reported warnings / phplint (push) Has been cancelled Details	2025-04-08 10:05:13 +02:00
David Bailey	73414fa639	feat(analytics): ✨ add request status field	2025-04-08 10:04:39 +02:00