ninjaphp/ninja

A simple but very effective PHP firewall. It enables you to easily block most SQL and XSS injections. It also includes a white-/blacklisting of IP's and throttling request using Leaky Bucket.

Maintainers

Details

github.com/ninjaphp/ninja

Source

Issues

Installs: 610

Dependents: 0

Suggesters: 0

Security: 0

Stars: 9

Watchers: 4

Forks: 0

Open Issues: 0

0.1.1 2014-07-03 05:55 UTC

Requires

MIT a37e1f7251cf03e506b56777f5b5ea0c75db4657

  • Jeroen Visser <jeroenvisser101.woop@gmail.com>

firewallxssprotectionsqliiptables

This package is not auto-updated.

Last update: 2024-11-19 04:01:52 UTC

README

Ninja is a very simple firewall which you can configure to do awesome things. It's still in development, but it may already be used.

How to configure

Ninja uses Leaky Bucket for throttling requests. You can teach your Ninja about hazards, and block them where needed.

<?php
use \Ninja\Ninja;

Ninja::addHazard(
    'throttle',
    Ninja::HAZARD_TYPE_THROTTLE,
    function (\Symfony\Component\HttpFoundation\Request $request) {
        return true;
    },
    array(
        'bucket_size' => 10,
        'bucket_leak' => 1
    )
);

When the hazard returns true, it means the hazard has been detected. To detect a hazard, you retrieve a Request object. You can check that for all sorts of things. Apart from the bucket_size and bucket_leak you can also specify a timeout for when attacks happen.

You should also give your Ninja something to protect.

<?php
use Ninja\Ninja;

// ...
Request::enableHttpMethodParameterOverride();
$request = Request::createFromGlobals();

// Send the Ninjas
Ninja::prepare(__DIR__ . '/../app/config/ninja.php', $request);
Ninja::protect();

$response = $kernel->handle($request);

// Inject the Ninja in the response
Ninja::inject($response);

$response->send();
$kernel->terminate($request, $response);

Legals

You can find the LICENSE file in this project.