flowd / typo3-firewall
Firewall for TYPO3 - Firewall implements a PSR-15 middleware that helps to protect your website against malicious requests
Installs: 3
Dependents: 0
Suggesters: 0
Security: 0
Stars: 6
Watchers: 0
Forks: 0
Open Issues: 1
Language:Shell
Type:typo3-cms-extension
pkg:composer/flowd/typo3-firewall
Requires
- php: >=8.2
- flowd/phirewall: ^0.1.0
- typo3/cms-backend: ^12.4 || ^13.4 || ^14.0
- typo3/cms-core: ^12.4 || ^13.4 || ^14.0
Requires (Dev)
- ergebnis/composer-normalize: 2.48.2
- friendsofphp/php-cs-fixer: 3.92.0
- helmich/typo3-typoscript-lint: ^3.3.0
- icanhazstring/composer-unused: 0.8.11 || 0.9.3
- php-parallel-lint/php-parallel-lint: 1.4.0
- phpmd/phpmd: 2.15.0
- phpstan/extension-installer: 1.4.3
- phpstan/phpstan: 1.12.28 || 2.1.22
- phpstan/phpstan-phpunit: 1.4.2 || 2.0.7
- phpstan/phpstan-strict-rules: 1.6.2 || 2.0.6
- phpunit/phpunit: 10.5.60
- rector/type-perfect: 1.0.0 || 2.1.1
- saschaegerer/phpstan-typo3: 1.10.2 || 2.1.1
- seld/jsonlint: 1.11.0
- spaze/phpstan-disallowed-calls: 4.7.0
- ssch/typo3-rector: 2.15.2 || 3.6.2
- ssch/typo3-rector-testing-framework: 2.0.1 || 3.0.0
- symfony/console: 6.4.25 || 7.3.3
- symfony/translation: 6.4.24 || 7.3.3
- symfony/yaml: 6.4.25 || 7.3.3
- tomasvotruba/cognitive-complexity: 0.2.3 || 1.0.0
- tomasvotruba/type-coverage: 1.0.0 || 2.0.2
- typo3/cms-fluid-styled-content: ^12.4 || ^13.4
- typo3/coding-standards: 0.8.0
- typo3/testing-framework: 8.2.7
Replaces
- typo3-ter/firewall: 0.1.9
- dev-main / 0.1.x-dev
- 0.1.9
- 0.1.8
- 0.1.7
- 0.1.6
- 0.1.5
- 0.1.4
- 0.1.3
- 0.1.2
- 0.1.1
- 0.1.0
- dev-adjust-autoloading-for-non-composer-setup
- dev-adjust-documentation
- dev-fix-autoloading-for-non-composer-setup
- dev-fix-default-config
- dev-remove-autoload-from-extemconf
- dev-load-typo3-managed-pattern-by-default
- dev-feature/add-release-process
- dev-feature/add-build-processes
This package is auto-updated.
Last update: 2025-12-16 15:58:07 UTC
README
This package provides an application firewall implementation based on the flowd/phirewall library.
It includes support for defining custom rules or loading and enforcing rules from the OWASP ModSecurity
Core Rule Set (CRS) version 4.20.0.
Features
- Define custom firewall rules using a flexible rule syntax.
- Load and enforce OWASP CRS v4.20.0 rules for web application security.
- Support for common variables, operators, and actions defined in the CRS.
- Integration with PSR-7 HTTP message interfaces for request inspection.
- Configurable diagnostics and observability options.
- Extensible architecture for adding new rules, variables, and operators.
Installation
You can install this package via Composer:
composer require flowd/typo3-firewall
Usage
Here is a basic example of how to use the firewall.
Create a Phirewall configuration in your application configuration folder (/config/system/phirewall.php).
Please check the "flowd/phirewall" documentation for more details on configuration options.
<?php // /config/system/phirewall.php use Flowd\Phirewall\Config; use Flowd\Phirewall\KeyExtractors; use Flowd\Phirewall\Store\ApcuCache; use Psr\EventDispatcher\EventDispatcherInterface; use Psr\Http\Message\ServerRequestInterface; // Phirewall configuration with ApcuCache for single-server setup. return fn(EventDispatcherInterface $eventDispatcher) => (new Config(new ApcuCache(), $eventDispatcher)) ->blocklist( name: 'evil-bot-ips', callback: function (ServerRequestInterface $request) { // block some known evil bot IPs - this is just an example return in_array(KeyExtractors::ip()($request), ['176.65.149.61', '45.13.214.201']); }, )->blocklist( name: 'blocked-uri-patterns', callback: function (ServerRequestInterface $request) { $uri = strtolower($request->getUri()); return str_contains($uri, 'xdebug') || str_contains($uri, 'option=com_') || str_contains($uri, '/admin/'); }, )->fail2ban( // Fail2Ban-like rule: block IPs for 1 minute that access /search more than 5 times in 10 seconds name: 'search-page-scrapers', threshold: 5, period: 10, ban: 60, filter: function (ServerRequestInterface $request) { return$request->getUri()->getPath() === '/search'; }, key: KeyExtractors::ip() )->throttle( name: 'slow-down-to-10-requests-in-10-seconds', limit: 10, period: 10, key: KeyExtractors::ip() )->enableRateLimitHeaders();