<?php
// antibot.php
session_start();

$redirectUrl = "https://en.wikipedia.org/";

// --- Configuration ---
$botUserAgents = [
    'bot', 'crawl', 'spider', 'slurp', 'wget', 'curl', 'python', 'php', 'java', 'libwww', 'scrapy', 'httpclient',
    'headless', 'axios', 'go-http-client', 'okhttp', 'fetch', 'postman', 'powershell', 'node-fetch'
];

$headlessHeaders = [
    'X-Purpose', 'X-Moz', 'X-Fetch-Dest', 'Sec-Fetch-Site', 'Sec-Fetch-Mode', 'Sec-Ch-Ua-Platform'
];

$ipBlacklist = [
    "^64.62.136.*", "^66.221.*.*", "^64.62.175.*", "^158.108.*.*",
];

$rateLimit = [
    'max_requests' => 10,
    'time_window' => 5 // seconds
];

function isSuspiciousUserAgent($ua, $patterns) {
    $ua = strtolower($ua);
    foreach ($patterns as $pattern) {
        if (strpos($ua, $pattern) !== false) {
            return true;
        }
    }
    return false;
}

function isHeadless($headers) {
    foreach ($headers as $key => $value) {
        if (stripos($key, 'sec-fetch') !== false || stripos($key, 'x-') !== false) {
            return true;
        }
    }
    return false;
}

function isRateLimited($ip, $rateLimit) {
    $key = 'ratelimit_' . md5($ip);
    $now = time();
    if (!isset($_SESSION[$key])) {
        $_SESSION[$key] = [];
    }
    $_SESSION[$key] = array_filter($_SESSION[$key], fn($ts) => $ts >= $now - $rateLimit['time_window']);
    $_SESSION[$key][] = $now;

    return count($_SESSION[$key]) > $rateLimit['max_requests'];
}

$userAgent = $_SERVER['HTTP_USER_AGENT'] ?? '';
$ip = $_SERVER['REMOTE_ADDR'] ?? '';
$headers = getallheaders();

if (
    empty($userAgent) ||
    isSuspiciousUserAgent($userAgent, $botUserAgents) ||
    in_array($ip, $ipBlacklist) ||
    isRateLimited($ip, $rateLimit)
) {
    echo "<h1>Access Denied</h1>"; 
    header("Location: $redirectUrl");
    exit;
}