ninjaphp/ninja

A simple but very effective PHP firewall. It enables you to easily block most SQL and XSS injections. It also includes a white-/blacklisting of IP's and throttling request using Leaky Bucket.

0.1.1 2014-07-03 05:55 UTC

This package is not auto-updated.

Last update: 2024-12-17 04:23:43 UTC


README

Ninja is a very simple firewall which you can configure to do awesome things. It's still in development, but it may already be used.

How to configure

Ninja uses Leaky Bucket for throttling requests. You can teach your Ninja about hazards, and block them where needed.

<?php
use \Ninja\Ninja;

Ninja::addHazard(
    'throttle',
    Ninja::HAZARD_TYPE_THROTTLE,
    function (\Symfony\Component\HttpFoundation\Request $request) {
        return true;
    },
    array(
        'bucket_size' => 10,
        'bucket_leak' => 1
    )
);

When the hazard returns true, it means the hazard has been detected. To detect a hazard, you retrieve a Request object. You can check that for all sorts of things. Apart from the bucket_size and bucket_leak you can also specify a timeout for when attacks happen.

You should also give your Ninja something to protect.

<?php
use Ninja\Ninja;

// ...
Request::enableHttpMethodParameterOverride();
$request = Request::createFromGlobals();

// Send the Ninjas
Ninja::prepare(__DIR__ . '/../app/config/ninja.php', $request);
Ninja::protect();

$response = $kernel->handle($request);

// Inject the Ninja in the response
Ninja::inject($response);

$response->send();
$kernel->terminate($request, $response);

Legals

You can find the LICENSE file in this project.