README

Ban identifier after certain amount of requests in a given timeframe.

Installation

The suggested installation method is via composer:

php composer.phar require "sideshow_bob/throttle"

Usage

Basic usage of the Throttle class to ban an identifier.

// ip
$identifier = $_SERVER["REMOTE_ADDR"];
// instantiate class
$throttle = new \sideshow_bob\Throttle(new \sideshow_bob\Storage\Memcached());

if($throttle->validate($identifier)) {
    // success proceed
} else {
    // banned
}

Storage

Included are Array, Memcached, Redis, Predis and doctrine/cache storage implementations, however it is very easy to use some other storage system just implement the StorageInterface and inject that object into the Throttle constructor.

####Caution#### Whatever storage system you decide to use, do not store the failed request data into your database, this could lead to a DDOS attack and take your database down.

Options

You can override the default options by instantiating a Throttle class and pass in an array as the third argument.

$options = [
    "ban" => 10,      // ban identifier after 10 attempts. (default 5)
    "log" => 20,      // log identifier after 20 attempts. (default 10)
    "timespan" => 60, // the timespan for the duration of the ban. (default 86400)
];

// Instantiate class
$throttle = new \sideshow_bob\Throttle(new \sideshow_bob\Storage\Memcached(), $options);

Logger

Any logger library that implements the PSR-3 LoggerInterface should work, just create your Logger object and inject it into the Throttle constructor. For example the excellent logging library Monolog.

Other Methods

reset()

This will remove the identifier from the storage.

$throttle->reset($identifier);

remaining()

This will return an integer that is the remaining attempt(s) available before identifier gets banned.

$throttle->remaining($identifier);

Testing

The test folder contains all tests.

Acknowledgement

Forked from websoftwares/throttle.