FuseGuard Logo

fuseguard.components
Component firewall

firewall

The FuseGuard Web Application Firewall for ColdFusion

Method Summary
public firewall init([any configurator="DefaultConfigurator"], [any configName="Default"])
          Initializes the Firewall, and returns a reference to itself
public void addFilter(any filterInstance)
          Adds a filter object to the firewall.
public void addLogger(any logger)
          Adds a logger to the firewall.
public boolean allowRequest([string ip_address="#cgi.remote_addr#"])
          Invokes each filter, and returns false if the request should be blocked.
public void deRegisterEventListener(any listener)
          Registers a listners.EventListener instance
public void dumpConfiguration()
          Dumps the configuration of the firewall instance.
public string encodeHTML([any str])
          Runs encodeForHTML if supported otherwise xmlFormat
public string encodeHTMLAttribute([any str])
          Runs encodeForHTMLAttribute if supported otherwise xmlForamt
public any getAuthenticator()
          Returns the authenticator object used for user authentication and management.
public string getConfigName()
          Returns the name of the configuration for this firewall instance
public array getConfigurables()
          Returns an array of configurable properties
public any getConfiguratorInstance()
          Returns the configurator object instance
public string getConfiguratorName()
          Returns the name of the configurator used to configure this firewall instance
public variablename getDatasource()
          Returns the datasource name specified with setDatasource
public variablename getDatasourceType()
          Returns the type of database derby, mysql, sqlserver, postgresql or unknown
public date getDateConfigured()
          Returns the date at which the firewall was started, or reconfigured last.
public any getDefaultBlockHTML()
          Returns the Default Block HTML
public numeric getDefaultBlockLevel()
          Returns the Default Block Level
public numeric getDefaultFilterLevel()
          Returns the Default Filter Level
public numeric getDefaultLogLevel()
          Returns the Default Log Level
public boolean getFailOpen()
          If true an internal exception will not cause the request to be blocked
public any getFilterAt(numeric index)
          Returns the filter object at the specified index
public numeric getFilterCount()
          Returns the number of filters in the array
public array getFilters()
          Returns an array of filters in use by the firewall
public string getInstanceID()
          Returns the FuseGuard Instance ID
public any getIPListManager()
          Returns the IP list manager object
public any getLastException()
          Returns last exception thrown
public string getLicenseKey()
          Returns the FuseGuard License Key
public any getLogReader()
          I return the log reader component if avaliable
public any getManagerController()
          Returns the controller for FuseGuard manager requests
public string getMaskLogValues()
          Returns the values that are to be masked in log detail.
public string getReInitializeKey()
          hisValue. Note that the url variable name fuseguard_reinit can be changed by calling setReInitializeVariable
public string getReInitializeVariable()
          the url variable name that FuseGuard looks for to compare with the value of getReInitializeKey() in order to reinitialize FuseGuard.
public string getRequestID()
          Returns a request id in the form of a UUID, generates one if necessary.
public string getRequestIPAddress()
          Returns the IP address of the requestor
public any getURLBuilder()
          Returns the instance of BaseURLBuilder that is used to create urls within FuseGuard manager.
public boolean getUseXForwardedFor()
          Returns true if FuseGuard will attempt to use X-Forwarded-For header for the end user IP address
public string getVersion()
          Returns the major.minor version number of the firewall: 3.0.4
public boolean getWebManagerEnabled()
          Returns true if the log viewer is enabled
public string getWebManagerIPWhiteList()
          Returns an IP List ID
public boolean hasAuthenticator()
          Returns true if setAuthenticator has been called.
public boolean hasFilterInstanceNamed([string name])
          Returns true if there is a filter with the specified instance name
public boolean isConfigured()
          Returns true if the firewall has been configured.
public boolean isFuseGuardEnabled()
          Returns true if FuseGuard is enabled
public boolean isLogOnlyMode()
          Returns true if log only mode is enabled.
public any newAuthenticatorInstance(variablename authenticatorName)
          returns a new instance of an authenticator object
public any newFilterInstance(variableName filterName)
          returns a new instance of a filter
public any newIPListProviderInstance(variableName providerName)
          returns a new instance of an ip list provider
public any newListenerInstance(variableName listenerName)
          returns a new instance of an event listener
public any newLoggerInstance(variableName loggerName)
          returns a new instance of a logger object
public boolean processRequest([string ip_address="#cgi.remote_addr#"], [boolean abort="true"], [boolean outputBlockHTML="true"])
          Called in the Application.cfc or Application.cfm to invoke the firewall
public void reconfigure([any configurator="DefaultConfigurator"], [any configName="#variables.configName#"])
          Call This method any time you make a configuration change, to reload the configuration
public void registerEventListener(any listener)
          Registers a listners.EventListener instance
public void setAuthenticator(any authenticator)
          Specify the authenticator object
public void setConfigured(boolean configured)
          Set by framework when firewall has been configured.
public void setDatasource(variablename datasource)
          Sets a datasource for the firewall that filters loggers, or listeners may optionally use. We recommend that you create a seperate database, and use a restricted login for the FuseGuard database.
public void setDatasourceType(variablename datasourceType)
          Sets a datasource for the firewall that filters loggers, or listeners may optionally use. We recommend that you create a seperate database, and use a restricted login for the FuseGuard database.
public void setDefaultBlockLevel(numeric level)
          Sets the Default Block Level
public void setDefaultFilterLevel(numeric level)
          Sets the Default Filter Level
public void setDefaultLogLevel(numeric level)
          Sets the Default Log Level
public void setFailOpen([boolean failOpen="false"])
          Set to false if you the request blocked when an internal exception occurrs.
public void setFuseGuardEnabled([boolean enabled="true"])
          Enable or Disable FuseGuard from processing / logging / blocking requests
public void setInstanceID([string key])
          Sets the FuseGuard Instance ID
public void setLicenseKey([string key])
          Sets the FuseGuard License Key
public void setLogOnlyMode([boolean enabled="true"])
          When set to true, prevents FuseGuard from blocking requests. Filters can still log information about the request.
public void setMaskLogValues([string names])
          Sets the values that are to be masked in log detail.
public void setReInitializeKey([string key])
          hisValue. Note that the url variable name fuseguard_reinit can be changed by calling setReInitializeVariable
public void setReInitializeVariable([variablename varName="fuseguard_reinit"])
          Set the url variable name that FuseGuard looks for to compare with the value of getReInitializeKey() in order to reinitialize FuseGuard.
public void setURLBuilder(any builder)
          Sets an instance of fuseguard.components.configurators.BaseURLBuilder to construct URL's used within FuseGuard manager UI.
public void setUseXForwardedFor([boolean enable="false"])
          If set true FuseGuard will attempt to use X-Forwarded-For HTTP header to determine the end users IP address. If set true and the header is not present the cgi.remote_addr default will be used.
public void setVerboseLogging(boolean verbose)
          Turns on or off verbose logging for all loggers. Note that you can also set this individually for each logger by calling their setVerbose function.
public void setWebManagerEnabled(boolean enabled)
          Turns support for a web interface to view logs on or off.
public void setWebManagerIPWhiteList(string listID)
          Allows you to specify a IP List to act as a Whitelist for accessing FuseGuard Manager
public boolean shouldReInitialize()
          Returns true if the reinit key is passed in the url properly
public string stringCleaner(string text, [string mode="escape"], [numeric maxLength="0"])
          Attempts to remove or escape bad characters from a string.
 

Method Detail

addFilter

public void addFilter(any filterInstance)
Adds a filter object to the firewall.

Parameters:
any filterInstance - should be an instance of firewall.components.filters.BaseFilter

addLogger

public void addLogger(any logger)
Adds a logger to the firewall.

Parameters:
any logger - an instance of a a BaseLogger

allowRequest

public boolean allowRequest([string ip_address="#cgi.remote_addr#"])
Invokes each filter, and returns false if the request should be blocked.

Parameters:
[string ip_address="#cgi.remote_addr#"] - Pass in an IP address, if cgi.remote_addr is not valid. This may be the case if your web server is behind a proxy or load balancer. Pass in the value x-forwarded-for to use the X-Forwarded-For header value.

deRegisterEventListener

public void deRegisterEventListener(any listener)
Registers a listners.EventListener instance

Parameters:
any listener - listeners.EventListener object

dumpConfiguration

public void dumpConfiguration()
Dumps the configuration of the firewall instance.


encodeHTML

public string encodeHTML([any str])
Runs encodeForHTML if supported otherwise xmlFormat

Parameters:
[any str]

encodeHTMLAttribute

public string encodeHTMLAttribute([any str])
Runs encodeForHTMLAttribute if supported otherwise xmlForamt

Parameters:
[any str]

getAuthenticator

public any getAuthenticator()
Returns the authenticator object used for user authentication and management.


getConfigName

public string getConfigName()
Returns the name of the configuration for this firewall instance


getConfigurables

public array getConfigurables()
Returns an array of configurable properties


getConfiguratorInstance

public any getConfiguratorInstance()
Returns the configurator object instance


getConfiguratorName

public string getConfiguratorName()
Returns the name of the configurator used to configure this firewall instance


getDatasource

public variablename getDatasource()
Returns the datasource name specified with setDatasource


getDatasourceType

public variablename getDatasourceType()
Returns the type of database derby, mysql, sqlserver, postgresql or unknown


getDateConfigured

public date getDateConfigured()
Returns the date at which the firewall was started, or reconfigured last.


getDefaultBlockHTML

public any getDefaultBlockHTML()
Returns the Default Block HTML


getDefaultBlockLevel

public numeric getDefaultBlockLevel()
Returns the Default Block Level


getDefaultFilterLevel

public numeric getDefaultFilterLevel()
Returns the Default Filter Level


getDefaultLogLevel

public numeric getDefaultLogLevel()
Returns the Default Log Level


getFailOpen

public boolean getFailOpen()
If true an internal exception will not cause the request to be blocked


getFilterAt

public any getFilterAt(numeric index)
Returns the filter object at the specified index

Parameters:
numeric index

getFilterCount

public numeric getFilterCount()
Returns the number of filters in the array


getFilters

public array getFilters()
Returns an array of filters in use by the firewall


getInstanceID

public string getInstanceID()
Returns the FuseGuard Instance ID


getIPListManager

public any getIPListManager()
Returns the IP list manager object


getLastException

public any getLastException()
Returns last exception thrown


getLicenseKey

public string getLicenseKey()
Returns the FuseGuard License Key


getLogReader

public any getLogReader()
I return the log reader component if avaliable


getManagerController

public any getManagerController()
Returns the controller for FuseGuard manager requests


getMaskLogValues

public string getMaskLogValues()
Returns the values that are to be masked in log detail.


getReInitializeKey

public string getReInitializeKey()
hisValue. Note that the url variable name fuseguard_reinit can be changed by calling setReInitializeVariable


getReInitializeVariable

public string getReInitializeVariable()
the url variable name that FuseGuard looks for to compare with the value of getReInitializeKey() in order to reinitialize FuseGuard.


getRequestID

public string getRequestID()
Returns a request id in the form of a UUID, generates one if necessary.


getRequestIPAddress

public string getRequestIPAddress()
Returns the IP address of the requestor


getURLBuilder

public any getURLBuilder()
Returns the instance of BaseURLBuilder that is used to create urls within FuseGuard manager.


getUseXForwardedFor

public boolean getUseXForwardedFor()
Returns true if FuseGuard will attempt to use X-Forwarded-For header for the end user IP address


getVersion

public string getVersion()
Returns the major.minor version number of the firewall: 3.0.4


getWebManagerEnabled

public boolean getWebManagerEnabled()
Returns true if the log viewer is enabled


getWebManagerIPWhiteList

public string getWebManagerIPWhiteList()
Returns an IP List ID


hasAuthenticator

public boolean hasAuthenticator()
Returns true if setAuthenticator has been called.


hasFilterInstanceNamed

public boolean hasFilterInstanceNamed([string name])
Returns true if there is a filter with the specified instance name

Parameters:
[string name]

init

public firewall init([any configurator="DefaultConfigurator"], [any configName="Default"])
Initializes the Firewall, and returns a reference to itself

Parameters:
[any configurator="DefaultConfigurator"] - The name of the configurator component, eg: StrictConfigurator
[any configName="Default"] - The name of the configuration set to use.

isConfigured

public boolean isConfigured()
Returns true if the firewall has been configured.


isFuseGuardEnabled

public boolean isFuseGuardEnabled()
Returns true if FuseGuard is enabled


isLogOnlyMode

public boolean isLogOnlyMode()
Returns true if log only mode is enabled.


newAuthenticatorInstance

public any newAuthenticatorInstance(variablename authenticatorName)
returns a new instance of an authenticator object

Parameters:
variablename authenticatorName

newFilterInstance

public any newFilterInstance(variableName filterName)
returns a new instance of a filter

Parameters:
variableName filterName

newIPListProviderInstance

public any newIPListProviderInstance(variableName providerName)
returns a new instance of an ip list provider

Parameters:
variableName providerName

newListenerInstance

public any newListenerInstance(variableName listenerName)
returns a new instance of an event listener

Parameters:
variableName listenerName

newLoggerInstance

public any newLoggerInstance(variableName loggerName)
returns a new instance of a logger object

Parameters:
variableName loggerName

processRequest

public boolean processRequest([string ip_address="#cgi.remote_addr#"], [boolean abort="true"], [boolean outputBlockHTML="true"])
Called in the Application.cfc or Application.cfm to invoke the firewall

Parameters:
[string ip_address="#cgi.remote_addr#"] - Pass in an IP address, if cgi.remote_addr is not valid. This may be the case if your web server is behind a proxy.
[boolean abort="true"] - If true the request will be aborted with cfabort.
[boolean outputBlockHTML="true"] - If true, it outputs the default block HTML

reconfigure

public void reconfigure([any configurator="DefaultConfigurator"], [any configName="#variables.configName#"])
Call This method any time you make a configuration change, to reload the configuration

Parameters:
[any configurator="DefaultConfigurator"] - The name of the configurator component, eg: StrictConfigurator. Or an instance of a Configurator Component.
[any configName="#variables.configName#"] - The name of the configuration set to use.

registerEventListener

public void registerEventListener(any listener)
Registers a listners.EventListener instance

Parameters:
any listener - listeners.EventListener object

setAuthenticator

public void setAuthenticator(any authenticator)
Specify the authenticator object

Parameters:
any authenticator

setConfigured

public void setConfigured(boolean configured)
Set by framework when firewall has been configured.

Parameters:
boolean configured

setDatasource

public void setDatasource(variablename datasource)
Sets a datasource for the firewall that filters loggers, or listeners may optionally use. We recommend that you create a seperate database, and use a restricted login for the FuseGuard database.

Parameters:
variablename datasource - The datasource name

setDatasourceType

public void setDatasourceType(variablename datasourceType)
Sets a datasource for the firewall that filters loggers, or listeners may optionally use. We recommend that you create a seperate database, and use a restricted login for the FuseGuard database.

Parameters:
variablename datasourceType - The datasource name

setDefaultBlockLevel

public void setDefaultBlockLevel(numeric level)
Sets the Default Block Level

Parameters:
numeric level

setDefaultFilterLevel

public void setDefaultFilterLevel(numeric level)
Sets the Default Filter Level

Parameters:
numeric level

setDefaultLogLevel

public void setDefaultLogLevel(numeric level)
Sets the Default Log Level

Parameters:
numeric level

setFailOpen

public void setFailOpen([boolean failOpen="false"])
Set to false if you the request blocked when an internal exception occurrs.

Parameters:
[boolean failOpen="false"]

setFuseGuardEnabled

public void setFuseGuardEnabled([boolean enabled="true"])
Enable or Disable FuseGuard from processing / logging / blocking requests

Parameters:
[boolean enabled="true"] - Enable or disable

setInstanceID

public void setInstanceID([string key])
Sets the FuseGuard Instance ID

Parameters:
[string key]

setLicenseKey

public void setLicenseKey([string key])
Sets the FuseGuard License Key

Parameters:
[string key]

setLogOnlyMode

public void setLogOnlyMode([boolean enabled="true"])
When set to true, prevents FuseGuard from blocking requests. Filters can still log information about the request.

Parameters:
[boolean enabled="true"] - Enable or disable

setMaskLogValues

public void setMaskLogValues([string names])
Sets the values that are to be masked in log detail.

Parameters:
[string names]

setReInitializeKey

public void setReInitializeKey([string key])
hisValue. Note that the url variable name fuseguard_reinit can be changed by calling setReInitializeVariable

Parameters:
[string key]

setReInitializeVariable

public void setReInitializeVariable([variablename varName="fuseguard_reinit"])
Set the url variable name that FuseGuard looks for to compare with the value of getReInitializeKey() in order to reinitialize FuseGuard.

Parameters:
[variablename varName="fuseguard_reinit"]

setURLBuilder

public void setURLBuilder(any builder)
Sets an instance of fuseguard.components.configurators.BaseURLBuilder to construct URL's used within FuseGuard manager UI.

Parameters:
any builder - An instance of configurators.BaseURLBuilder

setUseXForwardedFor

public void setUseXForwardedFor([boolean enable="false"])
If set true FuseGuard will attempt to use X-Forwarded-For HTTP header to determine the end users IP address. If set true and the header is not present the cgi.remote_addr default will be used.

Parameters:
[boolean enable="false"]

setVerboseLogging

public void setVerboseLogging(boolean verbose)
Turns on or off verbose logging for all loggers. Note that you can also set this individually for each logger by calling their setVerbose function.

Parameters:
boolean verbose

setWebManagerEnabled

public void setWebManagerEnabled(boolean enabled)
Turns support for a web interface to view logs on or off.

Parameters:
boolean enabled - Set to true to enable.

setWebManagerIPWhiteList

public void setWebManagerIPWhiteList(string listID)
Allows you to specify a IP List to act as a Whitelist for accessing FuseGuard Manager

Parameters:
string listID - Set to a list ID.

shouldReInitialize

public boolean shouldReInitialize()
Returns true if the reinit key is passed in the url properly


stringCleaner

public string stringCleaner(string text, [string mode="escape"], [numeric maxLength="0"])
Attempts to remove or escape bad characters from a string.

Parameters:
string text - The text to clean
[string mode="escape"] - emove will remove characters such as ; () and more.
[numeric maxLength="0"] - Maximum number of characters to output. If Zero length is not limited.