karster / firewall
dev-master
2017-09-19 18:11 UTC
Requires
- longman/ip-tools: ~1.1.0
- monolog/monolog: ~1.23.0
Requires (Dev)
- phpunit/phpunit: ^5.7
- symfony/var-dumper: *
This package is auto-updated.
Last update: 2024-10-28 10:24:08 UTC
README
Simple firewall to protect your web application against many attacks
Installation
The preferred way to install this extension is through composer.
Either run
composer require karster/firewall:"dev-master"
or add
"karster/firewall": "dev-master"
to the require section of your composer.json.
Usage
require __DIR__ . '/vendor/autoload.php'; $config = [ 'logDirectory' => __DIR__ . "/firewall_logs", 'logFilesCount' => 10, 'allowAttackCount' => 5, 'active' => true, 'protection' => [ 'allowedRequestMethod' => [ 'active' => true ], 'allowedGlobals' => [ 'active' => false ], 'urlLength' => [ 'active' => true, 'rules' => 200, ], 'getProtection' => [ 'active' => true, 'rules' => ['select', 'from'], ], 'urlProtection' => [ 'active' => true, 'rulesFile' => 'path/to/rulesFile.json' ], 'whitelistIp' => [ 'active' => true, 'rules' => ['127.0.0.1', '::1'] ], 'blacklistIp' => [ 'active' => true, 'rules' => ['23.254.0.1', '22.23.22.8'] ] ] ]; $firewall = new \karster\security\Firewall($config); $firewall->run();
or
require __DIR__ . '/vendor/autoload.php'; $protections = [ 'allowedRequestMethod' => [ 'active' => true ], 'allowedGlobals' => [ 'active' => false ], 'urlLength' => [ 'active' => true, 'rules' => 200, ], 'getProtection' => [ 'active' => true, 'rules' => ['select', 'from'], ], 'urlProtection' => [ 'active' => true, 'rulesFile' => 'path/to/rulesFile.json' ], 'whitelistIp' => [ 'active' => true, 'rules' => ['127.0.0.1', '::1'] ], 'blacklistIp' => [ 'active' => true, 'rules' => ['23.254.0.1', '22.23.22.8'] ] ]; $firewall = new \karster\security\Firewall(); $firewall->setAllowAttackCount(5) ->setActive(true) ->setLogDirectory(__DIR__ . "/firewall_logs") ->setLogFilesCount(10) ->setProtection($protections) ->run();
- logDirectory -
string
- path to directory where firewall can writes - logFilesCount -
integer
- delete older logs than specific count. Set0
to disable - allowAttackCount -
integer
- attack count from same IP address before blacklisting (logDirectory is required). Set0
to disable - active -
boolean
- defaulttrue
- protection -
array
- associative array of protections where key is protection name and value is protection configuration
Protections
We can chose different types of protection:
- allowedRequestMethod
- allowedGlobals
- blacklistIp
- cookieProtection
- getProtection
- postProtection
- sessionProtection
- urlLength
- urlProtection
Every protection contains configuration array with parameters:
- active
boolen
- defaulttrue
- rules
array|integer
- every protection accept array except urlLength protection witch accept integer - rulesFile
string
- path to json file with rules
'cookieProtection' => [ 'active' => true, 'rules' => [ 'select', 'from', 'where' ], // or 'rulesFile' => 'path/to/rulesFile.json' ]
If isn't set rules
or rulesFile
use default rules.
Tests
./vendor/bin/phpunit -c phpunit.xml
Contribution
Have an idea? Found a bug? See how to contribute.
License
MIT see LICENSE for the full license text.