aalfiann/url-param-firewall

A PSR7 middleware for url parameter firewall for Slim Framework 3

1.0.1 2018-09-27 13:08 UTC

This package is auto-updated.

Last update: 2024-11-28 05:31:28 UTC


README

Version Total Downloads License

A PSR7 middleware for url parameter firewall for Slim Framework 3.

Why we should create firewall for url parameter?

  1. To prevent from ddos layer 7 which is targeting to attack using random url parameters.
  2. To prevent useless webpage cache.
  3. To avoid BOT goes to wrong url.
  4. To hardening the CSRF and XSS attack.
  5. Etc.

So you better to whitelisting url parameter for each routes.

Installation

Install this package via Composer.

composer require "aalfiann/url-param-firewall:^1.0"

Usage

use \Psr\Http\Message\ServerRequestInterface as Request;
use \Psr\Http\Message\ResponseInterface as Response;
use \aalfiann\middleware\ParamFirewall;

$app->get('/', function (Request $request, Response $response) {
    $body = $response->getBody();
    $body->write('You will see this message if passed url firewall');
    
    return $response->withBody($body);
})->(new ParamFirewall(['_','page']))->setName("/");

Open browser and now make a test:
http://yourdomain.com/ >> WORK
http://yourdomain.com/?page=1 >> WORK
http://yourdomain.com/?page=1&_=3123123 >> WORK
http://yourdomain.com/?product=test >> 404
http://yourdomain.com/?page=1&_=3123123&product=test >> 404

Note:
We should allow url param name _ because it used in jquery ajax cache.