README

Alekseon_SecurityRequestChecker

Advanced security module for Magento 2 that monitors and blocks malicious requests

Protect your Magento 2 store from SQL injection, suspicious requests, and malicious IPs

Features

🛡️ SQL Injection Protection

• Real-time monitoring of incoming requests for SQL injection patterns
• Automatic detection and blocking of malicious SQL queries
• Configurable sensitivity levels for detection

📊 Bad Request Monitoring

• Track and log suspicious requests from IP addresses
• Configurable threshold for marking IPs as malicious
• Time-based request limiting with automatic cleanup

🚫 IP Blocking System

• Automatic IP blocking based on suspicious activity patterns
• Configurable block duration and retry limits
• Permanent blocking for repeat offenders

📧 Admin Notifications

• Email notifications for security events
• Customizable email templates
• Real-time alerts for critical security incidents

⚙️ Comprehensive Configuration

• Admin panel configuration for all security parameters
• Flexible request limits and time windows
• Enable/disable specific protection features

Installation

In your Magento 2 root directory, install this package via composer:

composer require alekseon/module-security-request-checker
bin/magento setup:upgrade
bin/magento setup:static-content:deploy (if needed)
bin/magento cache:flush

Configuration

1. Navigate to Stores > Configuration > Alekseon > Security Request Checker
2. Configure the following settings:
   • Enable Module: Turn the security monitoring on/off
   • Bad Requests Limit: Number of bad requests before IP blocking
   • Bad Requests Time Window: Time period for counting bad requests (seconds)
   • IP Block Duration: How long to block suspicious IPs (seconds)
   • Blocked IP Retry Limit: Maximum times an IP can be blocked before permanent ban

Technical Details

Database Tables

• alekseon_security_bad_requests: Logs all suspicious requests
• alekseon_security_bad_ips: Manages blocked IP addresses

Key Components

• SecurityRequestManager: Core logic for request analysis and IP management
• SqlInjectionChecker: Specialized SQL injection detection engine
• RequestChecker Observer: Real-time request monitoring
• ApiRequestChecker Plugin: REST/SOAP API security layer

Events

• alekseon_security_bad_request_add: Triggered when a bad request is detected
• alekseon_security_bad_ip_update: Fired when an IP status changes

Support

Magento Version Compatibility:

Development / Contribution

If you want to contribute please follow the below instructions:

1. Create an issue and describe your idea
2. Fork this repository
3. Create your feature branch (git checkout -b my-new-feature)
4. Commit your changes
5. Publish the branch (git push origin my-new-feature)
6. Submit a new Pull Request for review

Issue Tracking

For issues, please use the issue tracker.

Issues help keep this project alive and strong, so let us know if you find anything!

Dependencies

This module requires:

• PHP: 7.4 or higher
• Magento Framework: 103.0.0 or higher
• Alekseon Logger (optional): Enhanced logging capabilities

Maintainers

Current maintainers:

• Linek
• marcinfr

See also our contributors

License

The Open Software License 3.0 (OSL-3.0)

About Alekseon

Alekseon is a software development company specializing in Magento 2 extensions and custom e-commerce solutions. We create tools that help merchants build better, more secure online stores.

Visit our website to see our full range of Magento 2 extensions: https://alekseon.com