aalfiann/url-param-firewall

A PSR7 middleware for url parameter firewall for Slim Framework 3

Maintainers

Details

github.com/aalfiann/url-param-firewall

Source

Issues

Installs: 14

Dependents: 0

Suggesters: 0

Security: 0

Stars: 0

Watchers: 2

Forks: 0

Open Issues: 0

1.0.1 2018-09-27 13:08 UTC

Requires

  • php: >=5.5

MIT 1d5b12d3e4fc45f20cf97526f6f9945c37fe6647

firewallmiddlewareslimphppsr7

This package is auto-updated.

Last update: 2024-03-28 03:46:43 UTC

README

Version Total Downloads License

A PSR7 middleware for url parameter firewall for Slim Framework 3.

Why we should create firewall for url parameter?

  1. To prevent from ddos layer 7 which is targeting to attack using random url parameters.
  2. To prevent useless webpage cache.
  3. To avoid BOT goes to wrong url.
  4. To hardening the CSRF and XSS attack.
  5. Etc.

So you better to whitelisting url parameter for each routes.

Installation

Install this package via Composer.

composer require "aalfiann/url-param-firewall:^1.0"

Usage

use \Psr\Http\Message\ServerRequestInterface as Request;
use \Psr\Http\Message\ResponseInterface as Response;
use \aalfiann\middleware\ParamFirewall;

$app->get('/', function (Request $request, Response $response) {
    $body = $response->getBody();
    $body->write('You will see this message if passed url firewall');
    
    return $response->withBody($body);
})->(new ParamFirewall(['_','page']))->setName("/");

Open browser and now make a test:
http://yourdomain.com/ >> WORK
http://yourdomain.com/?page=1 >> WORK
http://yourdomain.com/?page=1&_=3123123 >> WORK
http://yourdomain.com/?product=test >> 404
http://yourdomain.com/?page=1&_=3123123&product=test >> 404

Note:
We should allow url param name _ because it used in jquery ajax cache.