alahaxe / honeypot-bundle

针对SF的蜜罐包

维护者

详细信息

github.com/lahaxearnaud/honeypot-bundle

源代码

问题

安装次数: 1,864

依赖项: 0

建议者: 0

安全: 0

星标: 1

关注者: 2

分支: 0

开放问题: 2

v2.0.1 2023-11-30 05:26 UTC

Requires

Requires (Dev)

MIT 924ecc49a905f1b269ff76cbf798b5a72df2fd2a

  • LAHAXE Arnaud <lahaxe.arnaud.woop@gmail.com>

This package is auto-updated.

Last update: 2024-09-06 07:16:17 UTC

README

此包的用途

检测并响应您网站目录扫描。

功能

  • 检测扫描
  • 记录关于攻击者的信息
  • 本地阻止攻击者IP
  • 在Cloudflare防火墙中阻止/强制挑战

安装

composer require alahaxe/honeypot-bundle

配置

honeypot:
    # ------------------
    # | Required part, Policies are just some preset of counterMeasures
    # | You can activate several policies
    # ------------------
    policies: # values: debug, log, local_lock, cloudflare_lock
        - 'local_lock' # local lock, based on filesystem cache
        - 'cloudflare_lock' # lock on cloudflare's firewall using API
        - 'debug' # only used in unit tests
        - 'log' # enabled by default, just add a log when an honeypot is called

    # ------------------
    # | Optional part, if you create you own counter measure
    # ------------------
    counterMeasures: # All class listed here must also be symfony service with tag: alahaxe.honeypot.countermeasure
        - Alahaxe\HoneypotBundle\Services\CounterMeasures\DebugCounterMeasure

    # ------------------
    # | Optional part, but you should add your IP here
    # ------------------
    ipWhitelist:
        - 127.0.0.1

    # ------------------
    # | Optional part, used only for local lock
    # ------------------
    localLock:
        # (default: 60) duration in s of the local lock, this config is not used for cloudflare lock
        lockTtl: 60
        # Service that implements LockedResponseGeneratorInterface
        # default is Alahaxe\HoneypotBundle\Services\LockedResponseGenerator\SimpleResponseGenerator
        # but if you want a foncy page you can use TwigResponseGenerator
        renderService: 'Alahaxe\HoneypotBundle\Services\LockedResponseGenerator\TwigResponseGenerator'
        # If you use TwigResponseGenerator you may change the default template
        twigTemplate: 'YouTwigTemplateFile.html.twig'

    # ------------------
    # | Optional part, used only if you enable cloudflare policy
    # ------------------
    cloudflare:
        email: 'your cloudflare email' # you should use env var for this one
        token: 'your cloudflare api token' # you should use env var for this one
        mode: 'challenge' # One of : block, challenge, js_challenge, managed_challenge see

    # ------------------
    # | Optional part, default file contains commons scanned url
    # ------------------
    patternsFile: 'src/Resources/patterns.txt'

如果您使用twig渲染,您需要在twig配置中注册命名空间

twig:
    paths:
        '%kernel.project_dir%/templates': ''
        '%kernel.project_dir%/vendor/alahaxe/honeypot-bundle/Resources/views': 'HoneypotBundle'

添加您自己的对策

实现您自己的服务

对策是一个简单的symfony服务,它实现了Alahaxe\HoneypotBundle\Services\CounterMeasureInterface

例如

<?php
declare(strict_types=1);

namespace Alahaxe\HoneypotBundle\Services\CounterMeasures;

use Alahaxe\HoneypotBundle\Services\CounterMeasureInterface;
use Symfony\Component\HttpFoundation\Request;

class LoggerCounterMeasure implements CounterMeasureInterface
{
    public function react(Request $request, string $honeypotPattern): void
    {
        // do something
    }
}

注册您的服务

所有对策都必须具有标签:alahaxe.honeypot.countermeasure

在您的service.yaml

services:
    App\Services\Honeypot\CounterMeasures\DummyCounterMeasure:
        # ... your service config
        tags: ['alahaxe.honeypot.countermeasure']

然后您可以在包配置中激活您的对策

honeypot:
    counterMeasures:
        - App\Services\Honeypo\CounterMeasures\DummyCounterMeasure

许可证

此包受MIT许可证的约束。请参阅包中的完整许可证