搜索azine / geoblocking-bundle
用于过滤/地理封锁访客对您页面访问的包
Requires
- php: >=5.3.2
Requires (Dev)
- symfony/framework-bundle: >=2.6 || >=3.0
- symfony/symfony: >=2.6 || >=3.0
- twig/extensions: ~1.0
This package is auto-updated.
Last update: 2024-09-20 00:58:45 UTC
README
Symfony2 Bundle 允许您配置应用程序中某些页面的地理封锁访问。
它添加了一个内核事件监听器,该监听器监听 "kernel.request" 事件,并使用 php geoip 模块来识别当前请求的来源国家,并根据配置显示错误页面。
要求
没有明确的要求。但是默认设置有两个假设
1. 在您的服务器上启用了 php geoip 模块,或者您已安装并配置了 Maxmind/GeoIP Bundle
"DefaultLookupAdapter" 使用 php 函数 geoip_country_code_by_name($address) 来查找给定地址的国家。
要使用默认实现,此函数(由 php geoip 模块提供 => https://php.ac.cn/manual/en/book.geoip.php)必须可用。
或者,您可以使用 MaxmindLookupAdapter(来自 Maxmind/GeoIP-Bundle => "maxmind/geoip": "dev-master"),它要求安装并配置 MaxmindGeoIPBundle。
或者,您可以实现并使用自己的 GeoLookupAdapter,它使用其他方式来查找给定 ip 的国家(见下文)。
2. 您使用 fosuserbundle 进行身份验证/用户管理
通常您会希望注册用户可以随时随地访问您的网站。因此,应该有一个登录选项,并且对于已登录的用户,不应封锁任何页面。由于很多人(包括我)使用 fosuserbundle 进行用户管理,默认配置已设置为与 fosuserbundle 的默认配置良好协同工作。
当然,您可以在 config.yml 中更改此设置。
安装
要使用 Composer 安装 AzineGeoBlockingBundle,请将以下内容添加到您的 composer.json 文件中
// composer.json
{
// ...
require: {
// ...
"azine/geoblocking-bundle": "dev-master"
}
}
然后,您可以通过从包含 composer.json 文件的目录运行 Composer 的 update 命令来安装新的依赖项
php composer.phar update
现在,Composer 将自动下载所有必需的文件,并为您安装它们。剩下要做的就是更新您的 AppKernel.php 文件,并注册新包
<?php
// in AppKernel::registerBundles()
$bundles = array(
// ...
new Azine\GeoBlockingBundle\AzineGeoBlockingBundle(),
// ...
);
配置选项
对于使用默认设置的包,不需要配置选项。默认情况下,封锁所有匿名用户,除非他们位于相同的私有子网(=> 服务器和客户端都在同一家庭/公司网络中)或本地主机(=> Web 服务器和客户端是同一台计算机,例如在本地调试时)。
这是配置选项的完整列表,包括它们的默认值。
// app/config/config.yml
azine_geo_blocking:
enabled: true # true|false : turn the whole bundle on/off
access_denied_view: AzineGeoBlockingBundle::accessDenied.html.twig # the view to be rendered as "blocked" page
block_anonymouse_users_only: true # block all users or only users that are not logged in yet
login_route: fos_user_security_login # route name to the login-form (only relevant if block_anonymouse_users_only is set to true)
lookup_adapter: azine_geo_blocking.default.lookup.adapter # id of the lookup-adapter you would like to use (e.g. azine_geo_blocking.maxmind.lookup.adapter)
allow_private_ips: true # true | false : also applie the rules to private IPs e.g. 127.0.0.1 or 192.168.xxx.yyy etc.
# you can white-list ips certain networks can access you site
# default is empty, but you can specify an arry of ip addresses or regex-pattern
ip_whitelist: [] # List of IPs you would like to allow. E.g. Search engine crawlers
logBlockedRequests: false # true | false : Log a message for blocked request.
# you can also allow search-bots by looking up their domain
# also see https://support.google.com/webmasters/answer/80553 on how to check googleBots
allow_search_bots: false # true | false : allow the domains listed in "search_bot_domains"
# array of domains of allowed search-engine-bots e.g. .googlebot.com or .search.msn.com (make sure you add the dot at the start of the domain, so "evilcopyofgooglebot.com" will not be allowed but "some.host.name.googlebot.com" will be.
search_bot_domains:
# Defaults:
- .google.com
- .googlebot.com
- .search.msn.com
# routes to applie the blocking rules to
# only either whitelist or blacklist can contain values, if you configure both, the blacklist will be ignored.
routes:
whitelist:
- route_to_allways_allow
# the following three routes work nice with the default routes of the fosuserbundle
- fos_user_security_login
- fos_user_security_login_check
- fos_user_security_logout
blacklist:
- route_to_allways_block
- other_route_to_allways_block
# countries to applie the blocking rules for
# only either whitelist or blacklist can contain values, if you configure both, the blacklist will be ignored.
countries:
whitelist: # e.g. "CH","FR","DE" etc. => access is allowed to visitors from these countries
- CH
- FR
- DE
blacklist: # e.g. "US","CN" etc. => access is denied to visitors from these countries
- US
- CN
# You can enable/disable the feature to check for the "geoblocking_allow_cookie" to either allow or block the user.
allow_by_cookie: false
# You can change the name of the cookie that should be checked.
# If the value of the cookie evaluates to true in php, the user is allowed to see the pages. see https://php.ac.cn/manual/en/language.types.boolean.php
# Cookie-Value => User allowed
# true|1|2|-1 : yes
# false|0|null : no
# 12.3.2014 : yes
# 'no-way' : yes
allow_by_cookie_name: "geoblocking_allow_cookie"
通过 cookie 允许用户
在某些特殊情况下,您可能希望允许访客即使尚未注册也能完全访问您的网站。例如,允许受邀用户在注册前查看所有页面。
要允许此操作,您可以设置一个 coockie(名称:geoblocking_allow_cookie,值:true),暂时禁用地理封锁。
要允许“受邀”用户在注册前检查网站,请将以下代码添加到处理受邀用户第一次页面查看的动作中,以设置 cookie
// src/Acme/YourBundle/Controller/InvitationController.php
...
public function handleClickOnInvitationLinkAction(Request $request){
...
// do your magic here
...
// render the view welcoming the invited user
$response = $this->container->get('templating')->renderResponse('AcmeYourBundle:Invitation:welcomeInvitedUser.html.twig.');
// set the geoblocking_allow_cookie, so the invited user can take a look arround before registering.
$response->headers->setCookie(new Cookie("geoblocking_allow_cookie", true, new \DateTime("2 days")));
return $response;
}
更新您的 config.yml 以启用“allow_by_cookie”功能并允许设置 cookie 的路由
// app/config/config.yml
azine_geo_blocking:
...
routes:
whitelist:
...
- public_handle_click_on_invitation_link
allow_by_cookie: true
替代 GeoIpLookupAdapter
您可以为 Adapter\GeoIpLookupAdapterInterface.php 创建自己的实现,将其定义为服务在您的 service.yml 或 service.xml 中,并在 config.yml 中设置服务-id 为 lookup_adapter。
// app/config/config.yml
azine_geo_blocking:
enabled: true # true|false : turn the whole bundle on/off
lookup_adapter: your.own.implementation.of.lookup.adapter # id of the lookup-adapter you would like to use
构建状态:ec。