aalfiann / url-param-firewall
A PSR7 middleware for url parameter firewall for Slim Framework 3
1.0.1
2018-09-27 13:08 UTC
Requires
- php: >=5.5
This package is auto-updated.
Last update: 2024-11-28 05:31:28 UTC
README
A PSR7 middleware for url parameter firewall for Slim Framework 3.
Why we should create firewall for url parameter?
- To prevent from ddos layer 7 which is targeting to attack using random url parameters.
- To prevent useless webpage cache.
- To avoid BOT goes to wrong url.
- To hardening the CSRF and XSS attack.
- Etc.
So you better to whitelisting url parameter for each routes.
Installation
Install this package via Composer.
composer require "aalfiann/url-param-firewall:^1.0"
Usage
use \Psr\Http\Message\ServerRequestInterface as Request; use \Psr\Http\Message\ResponseInterface as Response; use \aalfiann\middleware\ParamFirewall; $app->get('/', function (Request $request, Response $response) { $body = $response->getBody(); $body->write('You will see this message if passed url firewall'); return $response->withBody($body); })->(new ParamFirewall(['_','page']))->setName("/");
Open browser and now make a test:
http://yourdomain.com/ >> WORK
http://yourdomain.com/?page=1 >> WORK
http://yourdomain.com/?page=1&_=3123123 >> WORK
http://yourdomain.com/?product=test >> 404
http://yourdomain.com/?page=1&_=3123123&product=test >> 404
Note:
We should allow url param name _
because it used in jquery ajax cache.