m6web / firewall-bundle
Bundle providing IP filtering features for controllers and actions
Installs: 302 100
Dependents: 2
Suggesters: 0
Security: 0
Stars: 23
Watchers: 57
Forks: 11
Open Issues: 2
Type:symfony-bundle
pkg:composer/m6web/firewall-bundle
Requires
- php: >=7.0.0
- ext-bcmath: *
- m6web/firewall: ~1.0
Requires (Dev)
- atoum/atoum: ^2.8|^3.0
- atoum/atoum-bundle: @stable
- symfony/symfony: ^2.2|^3.0|^4.0
This package is auto-updated.
Last update: 2022-03-18 19:02:26 UTC
README
This bundle provides IP filtering features for your Symfony applications.
It uses the Firewall component and offers service and annotations configuration.
For implementation into a Symfony 3 or Symfony 4 application, please use the release v3.0.0 at least.
Installation
Add this line in your composer.json :
{
"require": {
"m6web/firewall-bundle": "dev-master"
}
}
Update your vendors :
composer update m6web/firewall-bundle
Registering
class AppKernel extends \Symfony\Component\HttpKernel\Kernel { public function registerBundles() { $bundles = array( new M6Web\Bundle\FirewallBundle\M6WebFirewallBundle(), ); } }
Usage
Configuration
m6web_firewall: lists: # Define some IP lists into the Firewall Provider self: # Define a list named "self" - '127.0.0.1' # IPV4 - '::1' # IPV6 short notation lan: # Define a list named "lan" - '192.168.0.*' # IPV4 with Wildcard (* = all) - '192.168.0.0/24' # IPV4 with CIDR Mask - '192.168.0.0/255.255.255.0' # IPV4 with Subnet Mask configs: # Define some pre-defined configurations into the Firewall Provider default: # Define a configuration named "default" default_state: true # Default returned value (default: true) throw_error: true # Throw an exception for rejected users (default: true) error_code: 403 # Exception status code (default: 403) error_message: 'Forbidden' # Exception message (default: Forbidden) lists: # Lists access state self: true # "self" list records will be allowed by the firewall lan: false # "lan" list records will be rejected by the firewall entries: # Define custom IP's access state '192.168.0.10': true # "192.168.0.10" will be allowed '192.168.0.20': false # "192.168.0.20" will be rejected
Global annotation
use M6Web\Bundle\FirewallBundle\Annotation\Firewall; /** * @Firewall( * config="default", * actions={ * 'myFirstAction' * }, * default_state=true, * lists={ * 'default': true * }, * entries={ * '192.168.0.50': false * }, * throw_error: false, * callback="myFirewallResponseHandler", * error_message: 'Forbiden', * error_code: 403 * ) */
configparameter sets which pre-defined configuration to use,actionsparameter sets which actions of the controller are protected (in case of Class Annotation).
All default set parameters can be overloaded by annotation.
Class annotation
use M6Web\Bundle\FirewallBundle\Annotation\Firewall; /** * @Firewall( * config="default", * actions={ * 'myFirstAction' * } * ) */ class MyBundleController extends Controller { public function myFirstAction() { } public function mySecondAction() { } }
myFirstActionis protected by the pre-defined configurationdefault.
In this case we can set one (or many) firewall used for many actions.
Method annotation
use M6Web\Bundle\FirewallBundle\Annotation\Firewall; class MyBundleController extends Controller { /** * @Firewall( * config="default" * ) */ public function myFirstAction() { } /** * @Firewall( * default_state=true, * lists={ * 'lan': false * }, * entries={ * '20.30.40.50': false * } * ) */ public function mySecondAction() { } }
myFirstActionuses its own firewall with pre-defined configurationdefault,mySecondActionuses its own firewall with a custom configuration.
Path configuration
m6web_firewall: patterns: # define some routing pattern to filter api: config: default # config associed to the path path: /api # path to filter
configparameter sets which pre-defined configuration to use,pathparameter sets which path are protected.
Running the tests
$ php composer.phar install --dev
$ ./vendor/bin/atoum -d Tests/
Credits
Developped by the Cytron Team of M6 Web.
Tested with atoum.
License
The FirewallBundle is licensed under the MIT license.