madmatt/silverstripe-iplists
Composer 安装命令:
composer require madmatt/silverstripe-iplists
包简介
Create allow and deny lists based on IP addresses
README 文档
README
This module provides the capability for administrators to define IP allow and deny lists, colloquially known as IP whitelist and blacklists.
Installation
composer require madmatt/silverstripe-iplists
vendor/bin/sake dev/build flush=1
Visit /admin/iplists to define the allow and deny lists that you want.
When not to use this module
It's important to spell out when it's not a good idea to use this module. Specifically, it is not recommended to use this module to block IP addresses that are performing denial of service attacks on your website. This module hooks into Silverstripe CMS, meaning that the whole CMS and framework must boot before checking whether the IP address is allowed to access the website or not (so the website does 70% of the work it would do anyway). A much better way to block these attackers is to use a web application firewall such as Cloudflare, and block the offending IPs from accessing the entire website there.
Configuration
By default, this module does not do anything beyond adding a new middleware into every request. This middleware does nothing on CLI. To have this module be useful, you need to configure one or more IP lists. Each IP list can contain multiple URI location rules, as well as both allow and deny rules to determine who can access the URI location rules you specify.
You can configure lists in two different ways: in the CMS, and with developer-controlled YML files.
CMS configuration
IP lists can be managed in the CMS. As long as you're logged in as an ADMIN, you'll see an 'IP Lists' menu item, where you can create IP lists, add IPs to it, and configure them as needed.
We recommend setting up an IP allowlist for /admin and /Security (if you don't need to allow the general public to login for anything) to ensure your CMS access is protected.
YML configuration
Note: YML configuration is not implemented yet. Use CMS configuration for now. This configuration API is likely to change, please don't trust the below.
The intention with YML configuration is that these IP addresses are never (or 'very rarely') expected to change. For example, add the IP address of your office VPN here, but don't add your home IP - use the CMS interface for this so you can change it easily later.
The below YML config fragment will (eventually) allow 127.0.0.1 and 10.0.0.2 access to login and view the SilverStripe CMS, and will deny 10.0.0.1 from viewing the website at all (despite the IP being in the allow list for the CMS,
Madmatt\IPLists\Model\IPList: admin_allowlist: routes: - /admin - /Security allow: - 127.0.0.1 - 10.0.0.1 - 10.0.0.2 wholesite_deny: routes: - / deny: - 10.0.0.1
Why 'allow' and 'deny' instead of 'whitelist' and 'blacklist'?
- Allow and Deny are more accurate terms than white and black.
- Allow and Deny aren't racist terms.
See also:
madmatt/silverstripe-iplists 适用场景与选型建议
madmatt/silverstripe-iplists 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 1.01k 次下载、GitHub Stars 达 3, 最近一次更新时间为 2020 年 07 月 22 日, 在 PHP 生态内属于活跃度较高的组件。
它主要适用于以下技术方向: 「security」 「cms」 「silverstripe」 「IP」 「iplists」 「allowlist」 等业务场景。在实际项目中,围绕这些方向常见需要落地的问题包括:接口对接、性能调优、并发安全、与既有框架(Laravel / ThinkPHP / Yii / Webman 等)的兼容适配,以及生产环境的日志埋点与稳定性保障。
我们在过去多个企业项目中使用过 madmatt/silverstripe-iplists 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。
基于 madmatt/silverstripe-iplists 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。
线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。
承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。
与 madmatt/silverstripe-iplists 相关的其它包
同方向 / 同关键字的高下载量 PHP Composer 包推荐,方便对比选型:
GraphQL authentication for your headless Craft CMS applications.
Set Links with a specific language parameter
Supercharged text field validation.
Provide a way to secure accesses to all routes of an symfony application.
Analytics chooser extensions for site settings.
统计信息
- 总下载量: 1.01k
- 月度下载量: 0
- 日度下载量: 0
- 收藏数: 3
- 点击次数: 11
- 依赖项目数: 0
- 推荐数: 0
其他信息
- 授权协议: MIT
- 更新时间: 2020-07-22