feat: add WAF + Attack Intelligence system

- class-itk-waf.php: WordPress WAF scanning GET/POST/COOKIE/UA - class-itk-attacks-api.php: queue/flush/history client for Attack API - config/waf-rules.conf: 9 attack categories, 60+ WP-specific rules - class-itk-database.php: itk_attack_log table, DB version 2 - class-itk-admin.php: WAF tab (toggles, response settings, API card), Attack Logs tab (filterable table), attacks dispatch in AJAX handlers - informatiq-toolkit.php: wire WAF + Attacks API into plugin bootstrap - .gitignore: exclude attack-api/ (separate repo) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-10 09:37:31 +02:00
parent a8d7972ad7
commit 742047915f
7 changed files with 1093 additions and 4 deletions
--- a/informatiq-toolkit.php
+++ b/informatiq-toolkit.php
@@ -23,10 +23,12 @@ define('ITK_BASENAME', plugin_basename(__FILE__));
 require_once ITK_PATH . 'includes/class-itk-database.php';
 require_once ITK_PATH . 'includes/class-itk-hp-api.php';
 require_once ITK_PATH . 'includes/class-itk-bot-api.php';
+require_once ITK_PATH . 'includes/class-itk-attacks-api.php';
 require_once ITK_PATH . 'includes/class-itk-bot-blocker.php';
 require_once ITK_PATH . 'includes/class-itk-protection.php';
 require_once ITK_PATH . 'includes/class-itk-optimization.php';
 require_once ITK_PATH . 'includes/class-itk-honeypot.php';
+require_once ITK_PATH . 'includes/class-itk-waf.php';
 require_once ITK_PATH . 'includes/class-itk-admin.php';

 class InformatiQ_Toolkit {
@@ -52,11 +54,13 @@ class InformatiQ_Toolkit {
        // Boot API cron flushers
        ITK_HP_API::register_cron();
        ITK_Bot_API::register_cron();
+        ITK_Attacks_API::register_cron();

        new ITK_Bot_Blocker();
        new ITK_Protection();
        new ITK_Optimization();
        new ITK_Honeypot();
+        new ITK_WAF();

        if (is_admin()) {
            new ITK_Admin();
@@ -147,12 +151,37 @@ class InformatiQ_Toolkit {
            ]);
        }

+        // Default WAF settings
+        if (!get_option('itk_waf')) {
+            add_option('itk_waf', [
+                'enabled'        => 1,
+                'action'         => 'block',
+                'response_code'  => '403',
+                'redirect_url'   => '',
+                'custom_message' => 'Access denied.',
+                'log_attacks'    => 1,
+                'scan_post'      => 1,
+                'scan_cookies'   => 0,
+                'scan_ua'        => 1,
+                'block_sqli'        => 1,
+                'block_xss'         => 1,
+                'block_lfi'         => 1,
+                'block_rfi'         => 1,
+                'block_cmdi'        => 1,
+                'block_xxe'         => 1,
+                'block_php_inject'  => 1,
+                'block_ssrf'        => 1,
+                'block_wp_specific' => 1,
+            ]);
+        }
+
        flush_rewrite_rules();
    }

    public static function deactivate() {
        ITK_HP_API::clear_cron();
        ITK_Bot_API::clear_cron();
+        ITK_Attacks_API::clear_cron();
        flush_rewrite_rules();
    }
 }