codific/zf2-brute-force-protection
Composer 安装命令:
composer require codific/zf2-brute-force-protection
包简介
Brute Force authentication protection.
README 文档
README
Automatic brute force attack prevention module for use within Zend Framework 2. Stores all failed login attempts site-wide in a database and compares the number of recent failed attempts against a set threshold. Responds with time delay between login requests.
Implementation by Team CODIFIC • We code terrific.
Inspired by the work of Evan Francis, https://github.com/ejfrancis/brute-force-block. Inspired by the Angular JS implementation, https://www.npmjs.com/package/express-brute
MIT License http://opensource.org/licenses/MIT.
Specification
All failed attempts are stored in a database table. The brute force protection works based on an IP. A predefined threshold configuration dictates the delay after a certain number of failed attempts. After a certain period (e.g., 10min) the failed attempts expire. Targetted denial of service attacks are still possible to a certain extent if the attacker has the same IP address as a legitimate user.
Installation
Add the plugin to your composer.json by using the following line:
"codific/zf2-brute-force-protection": "dev-master"
and run
php composer.phar update
Setup
- Import the user_failed_login.sql file to your database
- If you are using a local.php configuration file stored in data/local.php then the plugin works as it is.
- Otherwise please set the $databaseConfig array.
$databaseConfig = array( 'host' => 'localhost', 'port' = > 3306, 'dbname' => 'database_name', 'username' => 'username', 'password' => 'password');
Usage
In the LoginController (or whatever controller is responsible for the login business logic):
Before running the authentication
Before actually running the provided authentication credentials use the following code (or alike) to check whether there are too many requests:
$delay = \Codific\BruteForce::getLoginDelay(); if($delay > 0) { $this->cache->error = "Too Many Requests. Please wait $delay seconds before next try."; return $this->redirect()->toUrl("/admin/login/index"); }
You can also return HTTP code 429 that is probably a more systematic solution:
if(\Codific\BruteForce::getLoginDelay() > 0) { return $this->getResponse()->setStatusCode(429); }
If the login fails
If the login with the provided authentication credentials fails, then add the failed attempt via the following code:
\Codific\BruteForce::addFailedLogin($username);
That's it.
codific/zf2-brute-force-protection 适用场景与选型建议
codific/zf2-brute-force-protection 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 1.32k 次下载、GitHub Stars 达 1, 最近一次更新时间为 2015 年 11 月 05 日, 在 PHP 生态内属于活跃度较高的组件。
我们在过去多个企业项目中使用过 codific/zf2-brute-force-protection 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。
基于 codific/zf2-brute-force-protection 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。
线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。
承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。
统计信息
- 总下载量: 1.32k
- 月度下载量: 0
- 日度下载量: 0
- 收藏数: 1
- 点击次数: 18
- 依赖项目数: 0
- 推荐数: 0
其他信息
- 授权协议: MIT
- 更新时间: 2015-11-05