therealmkadmi/laravel-citadel
Composer 安装命令:
composer require therealmkadmi/laravel-citadel
包简介
A passive survaillance and firewall package for laravel to protect your public facing endpoints.
关键字:
README 文档
README
Introduction
Laravel Citadel is a passive surveillance package designed to protect your public-facing endpoints. It provides a robust firewall system that analyzes incoming requests, detects anomalies, and blocks malicious traffic. The package is highly configurable and integrates seamlessly with Laravel applications.
Installation
- Install the package via Composer:
composer require therealmkadmi/laravel-citadel
- Publish the configuration file:
php artisan vendor:publish --provider="TheRealMkadmi\\Citadel\\CitadelServiceProvider"
- Add the middleware to your routes or global middleware stack as needed.
Configuration
The configuration file is located at config/citadel.php. Below are the available settings:
General Settings
- version: Current version of Laravel Citadel.
Geofencing Settings
- enabled: Enable or disable geofencing.
- mode:
allow(whitelist) orblock(blacklist). - countries: Comma-separated ISO-3166-1 alpha-2 country codes.
Device Analyzer Settings
- smartphone_score: Score for smartphone devices.
- tablet_score: Score for tablet devices.
- desktop_score: Score for desktop devices.
- bot_score: Score for bots or automated tools.
IP Analyzer Settings
- weights: Weights for different IP characteristics (e.g.,
bogon,datacenter,tor, etc.).
Burstiness Analyzer Settings
- min_interval: Minimum interval between requests (in milliseconds).
- window_size: Sliding window size (in milliseconds).
- max_requests_per_window: Maximum requests allowed in the window.
Payload Analyzer Settings
- required_fields: Fields required in the payload.
- max_size: Maximum payload size (in bytes).
- max_params: Maximum number of parameters allowed.
- suspicious_patterns: Patterns to detect malicious payloads.
Spamminess Analyzer Settings
- weights: Weights for spam-related anomalies (e.g., gibberish text, repetitive content).
Ban Settings
- ban_ttl: Default time-to-live for bans (in seconds).
- cache_key: Key prefix for storing banned IPs or fingerprints.
- message: Message displayed to banned users.
API Settings
- enabled: Enable or disable API endpoints.
- token: Secret token for API authentication.
- prefix: Prefix for API routes.
Middleware Groups
Laravel Citadel provides three middleware groups that you can use in your application:
1. Passive Monitoring Only (citadel-passive)
The passive middleware group only runs analyzers that don't make external requests. It provides monitoring and logging without blocking any requests, ideal for gathering intelligence about traffic patterns.
Route::middleware(['citadel-passive'])->group(function () { // These routes will be monitored but never blocked Route::get('/public-content', 'ContentController@index'); });
2. Active Protection (citadel-active)
The active middleware group runs analyzers that may make external requests (such as IP intelligence lookups) and will block malicious traffic. This includes geofencing and ban checking.
Route::middleware(['citadel-active'])->group(function () { // These routes get full protection with external API calls Route::post('/login', 'AuthController@login'); Route::post('/register', 'AuthController@register'); });
3. Complete Protection (citadel-protect)
For maximum security, the complete protection middleware group combines both active and passive analyzers. This is the original middleware group and provides backward compatibility.
Route::middleware(['citadel-protect'])->group(function () { // These routes get complete protection with all analyzers Route::post('/checkout', 'PaymentController@processPayment'); });
Configuration
You can enable or disable each middleware group independently in your configuration:
// In config/citadel.php 'middleware' => [ 'enabled' => env('CITADEL_ENABLED', true), // Global on/off switch 'passive_enabled' => env('CITADEL_PASSIVE_ENABLED', true), // Enable passive monitoring 'active_enabled' => env('CITADEL_ACTIVE_ENABLED', true), // Enable active protection ],
This configuration also applies to your .env file:
CITADEL_ENABLED=true
CITADEL_PASSIVE_ENABLED=true
CITADEL_ACTIVE_ENABLED=true
Middleware
ProtectRouteMiddleware
Analyzes incoming requests using registered analyzers and blocks requests exceeding the configured threshold.
ApiAuthMiddleware
Authenticates API requests using a token.
GeofenceMiddleware
Blocks requests based on geographical location.
BanMiddleware
Checks if a request originates from a banned IP or fingerprint.
Analyzers
BurstinessAnalyzer
Detects rapid consecutive requests and suspicious patterns in request timing.
DeviceAnalyzer
Analyzes the User-Agent header to determine the type of device making the request.
IpAnalyzer
Analyzes the IP address for characteristics like being a datacenter, Tor exit node, or VPN.
PayloadAnalyzer
Analyzes the request payload for anomalies, missing fields, and malicious patterns.
SpamminessAnalyzer
Detects spam-like behavior in request payloads.
API Endpoints
Ban Endpoint
POST /api/citadel/ban
Parameters:
identifier(string, required): The IP or fingerprint to ban.type(string, required):iporfingerprint.duration(integer, optional): Duration of the ban in minutes.
Response:
success(boolean): Whether the operation was successful.message(string): Description of the result.
Unban Endpoint
POST /api/citadel/unban
Parameters:
identifier(string, required): The IP or fingerprint to unban.type(string, required):iporfingerprint.
Response:
success(boolean): Whether the operation was successful.message(string): Description of the result.
Status Endpoint
GET /api/citadel/status
Response:
status(string):okif the API is accessible.version(string): Current version of the package.timestamp(string): Current server timestamp.
Commands
CitadelBanCommand
Bans a user by IP or fingerprint from the command line.
Usage:
php artisan citadel:ban {identifier} --type={ip|fingerprint|auto} --duration={minutes}
CitadelUnbanCommand
Unbans a user by IP or fingerprint from the command line.
Usage:
php artisan citadel:unban {identifier} --type={ip|fingerprint|auto}
CitadelCommand
Displays general information about the Citadel package.
Usage:
php artisan laravel-citadel
Usage Examples
Protecting Routes
Add the citadel-protect middleware group to your routes:
Route::middleware(['citadel-protect'])->group(function () { Route::get('/protected', function () { return 'This route is protected by Citadel.'; }); });
Using the API
Enable the API in the configuration file and set a token:
'api' => [ 'enabled' => true, 'token' => env('CITADEL_API_TOKEN', 'your-secret-token'), 'prefix' => 'api/citadel', ],
Make a request to ban an IP:
curl -X POST \
-H "Authorization: Bearer your-secret-token" \
-d "identifier=192.168.1.1&type=ip&duration=60" \
http://your-app.test/api/citadel/ban
Customizing Analyzers
You can create custom analyzers by implementing the IRequestAnalyzer interface and registering them in the service provider.
Logging
Citadel logs various events, such as bans, unbans, and detected threats. You can configure the log channel in the citadel.php configuration file.
Testing
Run the test suite using PHPUnit:
vendor/bin/phpunit
Contributing
Contributions are welcome! Please follow the Laravel coding standards and submit a pull request.
License
Laravel Citadel is open-sourced software licensed under the MIT license.
therealmkadmi/laravel-citadel 适用场景与选型建议
therealmkadmi/laravel-citadel 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 288 次下载、GitHub Stars 达 1, 最近一次更新时间为 2025 年 03 月 13 日, 在 PHP 生态内属于活跃度较高的组件。
它主要适用于以下技术方向: 「security」 「firewall」 「monitoring」 「spam」 「laravel」 「malicious」 等业务场景。在实际项目中,围绕这些方向常见需要落地的问题包括:接口对接、性能调优、并发安全、与既有框架(Laravel / ThinkPHP / Yii / Webman 等)的兼容适配,以及生产环境的日志埋点与稳定性保障。
我们在过去多个企业项目中使用过 therealmkadmi/laravel-citadel 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。
基于 therealmkadmi/laravel-citadel 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。
线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。
承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。
与 therealmkadmi/laravel-citadel 相关的其它包
同方向 / 同关键字的高下载量 PHP Composer 包推荐,方便对比选型:
A Symfony bundle for chameleon-system/sanitycheck
PHP Basic Firewall
Provide a way to secure accesses to all routes of an symfony application.
SoftWax Health Check Bundle for Symfony framework
1Pilot client for Symfony
Statsd (Object Oriented) client library for PHP
统计信息
- 总下载量: 288
- 月度下载量: 0
- 日度下载量: 0
- 收藏数: 1
- 点击次数: 26
- 依赖项目数: 0
- 推荐数: 0
其他信息
- 授权协议: MIT
- 更新时间: 2025-03-13