codific/zf2-brute-force-protection 问题修复 & 功能扩展

解决BUG、新增功能、兼容多环境部署,快速响应你的开发需求

邮箱:yvsm@zunyunkeji.com | QQ:316430983 | 微信:yvsm316

codific/zf2-brute-force-protection

Composer 安装命令:

composer require codific/zf2-brute-force-protection

包简介

Brute Force authentication protection.

README 文档

README

Automatic brute force attack prevention module for use within Zend Framework 2. Stores all failed login attempts site-wide in a database and compares the number of recent failed attempts against a set threshold. Responds with time delay between login requests.

Implementation by Team CODIFIC • We code terrific.

Inspired by the work of Evan Francis, https://github.com/ejfrancis/brute-force-block. Inspired by the Angular JS implementation, https://www.npmjs.com/package/express-brute

MIT License http://opensource.org/licenses/MIT.

Specification

All failed attempts are stored in a database table. The brute force protection works based on an IP. A predefined threshold configuration dictates the delay after a certain number of failed attempts. After a certain period (e.g., 10min) the failed attempts expire. Targetted denial of service attacks are still possible to a certain extent if the attacker has the same IP address as a legitimate user.

Installation

Add the plugin to your composer.json by using the following line:

"codific/zf2-brute-force-protection": "dev-master"

and run

php composer.phar update

Setup

  1. Import the user_failed_login.sql file to your database
  • If you are using a local.php configuration file stored in data/local.php then the plugin works as it is.
  • Otherwise please set the $databaseConfig array.
$databaseConfig = array(
     'host' => 'localhost',
     'port' = > 3306,
     'dbname' => 'database_name',
     'username' => 'username',
     'password' => 'password');

Usage

In the LoginController (or whatever controller is responsible for the login business logic):

Before running the authentication

Before actually running the provided authentication credentials use the following code (or alike) to check whether there are too many requests:

  $delay = \Codific\BruteForce::getLoginDelay();
  if($delay > 0)
  {
      $this->cache->error = "Too Many Requests. Please wait $delay seconds before next try.";
      return $this->redirect()->toUrl("/admin/login/index");
  }

You can also return HTTP code 429 that is probably a more systematic solution:

  if(\Codific\BruteForce::getLoginDelay() > 0)
  {
      return $this->getResponse()->setStatusCode(429);
  }

If the login fails

If the login with the provided authentication credentials fails, then add the failed attempt via the following code:

  \Codific\BruteForce::addFailedLogin($username);

That's it.

codific/zf2-brute-force-protection 适用场景与选型建议

codific/zf2-brute-force-protection 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 1.32k 次下载、GitHub Stars 达 1, 最近一次更新时间为 2015 年 11 月 05 日, 在 PHP 生态内属于活跃度较高的组件。

我们在过去多个企业项目中使用过 codific/zf2-brute-force-protection 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。

围绕 codific/zf2-brute-force-protection 我们能提供哪些服务?
定制开发 / 二次开发

基于 codific/zf2-brute-force-protection 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。

BUG 修复 & 性能优化

线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。

项目外包 & 长期维护

承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。

yvsm@zunyunkeji.com QQ:316430983 微信:yvsm316 西安尊云信息科技 · 专注 PHP / Go / 分布式系统研发

统计信息

  • 总下载量: 1.32k
  • 月度下载量: 0
  • 日度下载量: 0
  • 收藏数: 1
  • 点击次数: 18
  • 依赖项目数: 0
  • 推荐数: 0

GitHub 信息

  • Stars: 1
  • Watchers: 2
  • Forks: 1
  • 开发语言: PHP

其他信息

  • 授权协议: MIT
  • 更新时间: 2015-11-05