karster/firewall

Maintainers

Details

github.com/karster/firewall

Source

Issues

Installs: 1

Dependents: 0

Suggesters: 0

Security: 0

Stars: 0

Watchers: 2

Forks: 2

Open Issues: 0

dev-master 2017-09-19 18:11 UTC

Requires

Requires (Dev)

MIT c69ab8191c73d0e6bb6d52f3033bd7ddf064866d

  • Lukáš Hrdlička <luk.hrdlicka.woop@gmail.com>

This package is auto-updated.

Last update: 2024-10-28 10:24:08 UTC

README

Build Status Latest Stable Version GitHub license

Simple firewall to protect your web application against many attacks

Installation

The preferred way to install this extension is through composer.

Either run

composer require karster/firewall:"dev-master"

or add

"karster/firewall": "dev-master"

to the require section of your composer.json.

Usage

require __DIR__ . '/vendor/autoload.php';

$config = [
    'logDirectory' => __DIR__ . "/firewall_logs",
    'logFilesCount' => 10,
    'allowAttackCount' => 5,
    'active' => true,
    'protection' => [
        'allowedRequestMethod' => [
            'active' => true
        ],
        'allowedGlobals' => [
            'active' => false
        ],
        'urlLength' => [
            'active' => true,
            'rules' => 200,
        ],
        'getProtection' => [
            'active' => true,
            'rules' => ['select', 'from'],
        ],
        'urlProtection' => [
            'active' => true,
            'rulesFile' => 'path/to/rulesFile.json'
        ],
        'whitelistIp' => [
            'active' => true,
            'rules' => ['127.0.0.1', '::1']
        ],
        'blacklistIp' => [
            'active' => true,
            'rules' => ['23.254.0.1', '22.23.22.8']
        ]
    ]
];

$firewall = new \karster\security\Firewall($config);
$firewall->run();

or

require __DIR__ . '/vendor/autoload.php';

$protections = [
    'allowedRequestMethod' => [
        'active' => true
    ],
    'allowedGlobals' => [
        'active' => false
    ],
    'urlLength' => [
        'active' => true,
        'rules' => 200,
    ],
    'getProtection' => [
        'active' => true,
        'rules' => ['select', 'from'],
    ],
    'urlProtection' => [
        'active' => true,
        'rulesFile' => 'path/to/rulesFile.json'
    ],
    'whitelistIp' => [
        'active' => true,
        'rules' => ['127.0.0.1', '::1']
    ],
    'blacklistIp' => [
        'active' => true,
        'rules' => ['23.254.0.1', '22.23.22.8']
    ]
];

$firewall = new \karster\security\Firewall();
$firewall->setAllowAttackCount(5)
         ->setActive(true)
         ->setLogDirectory(__DIR__ . "/firewall_logs")
         ->setLogFilesCount(10)
         ->setProtection($protections)
         ->run();
  • logDirectory - string - path to directory where firewall can writes
  • logFilesCount - integer - delete older logs than specific count. Set 0 to disable
  • allowAttackCount - integer - attack count from same IP address before blacklisting (logDirectory is required). Set 0 to disable
  • active - boolean - default true
  • protection - array - associative array of protections where key is protection name and value is protection configuration

Protections

We can chose different types of protection:

  • allowedRequestMethod
  • allowedGlobals
  • blacklistIp
  • cookieProtection
  • getProtection
  • postProtection
  • sessionProtection
  • urlLength
  • urlProtection

Every protection contains configuration array with parameters:

  • active boolen - default true
  • rules array|integer - every protection accept array except urlLength protection witch accept integer
  • rulesFile string - path to json file with rules
'cookieProtection' => [
    'active' => true,
    'rules' => [
        'select', 'from', 'where'
    ],
    // or
    'rulesFile' => 'path/to/rulesFile.json'
]

If isn't set rules or rulesFile use default rules.

Tests

./vendor/bin/phpunit -c phpunit.xml

Contribution

Have an idea? Found a bug? See how to contribute.

License

MIT see LICENSE for the full license text.