evozon-php / simple-bruteforce-bundle
Symfony 3+ Simple Brute Force Bundle
Installs: 5 279
Dependents: 0
Suggesters: 0
Security: 0
Stars: 1
Watchers: 4
Forks: 0
Open Issues: 0
Type:symfony-bundle
Requires
- php: >=7.1
- doctrine/orm: ^2.5
- psr/log: ^1.0
- symfony/framework-bundle: ^3.0|^4.0
This package is auto-updated.
Last update: 2024-04-23 17:17:21 UTC
README
Very simple Symfony Bundle to count failed login attempts and block users which try too often.
Installation
composer require evozon-php/simple-bruteforce-bundle
Register bundle
class AppKernel extends Kernel { public function registerBundles() { $bundles = [ ... new EvozonPhp\SimpleBruteForceBundle\SimpleBruteForceBundle(), ... ]; return $bundles; } }
Configuration
simple_brute_force: limits: // Number of attempts before blocking. max_attempts: 5 // How long the user is blocked - DateInterval duration spec format (ISO 8601) block_period: PT10M // How many failed attempts before logging an alert. alert_attempts: 25 response: // HTTP response code once user is blocked. error_code: 403 // HTTP response message once user is blocked. error_message: Forbidden
Customize blocking
Symfony will dispatch a security.authentication.failure event via it's Security component. We listen on that event (AuthenticationFailedSubscriber::onAuthenticationFailure()) and use voters to decide if we increment the number of failed login attempts for the user.
To add your own voter, simply tag it with simple_brute_force.security.voter.
app.security.2fa_voter: class: App\Security\CustomVoter tags: - { name: simple_brute_force.security.voter }
Todo
- Create multiple adapters to store failed logins: Redis, Memcached, file, etc. Main benefits would be to skip DB altogether.
- Send and format response content according to
Acceptrequest header. - Add unit tests