通过 
搜索
搜索evozon-php / simple-bruteforce-bundle
Symfony 3+ 简单暴力破解Bundle
v1.0.0
2018-11-21 09:50 UTC
Requires
- php: >=7.1
- doctrine/orm: ^2.5
- psr/log: ^1.0
- symfony/framework-bundle: ^3.0|^4.0
This package is auto-updated.
Last update: 2024-09-23 18:11:01 UTC
README
一个非常简单的Symfony Bundle,用于统计失败的登录尝试并阻止尝试次数过多的用户。
安装
composer require evozon-php/simple-bruteforce-bundle
注册Bundle
class AppKernel extends Kernel { public function registerBundles() { $bundles = [ ... new EvozonPhp\SimpleBruteForceBundle\SimpleBruteForceBundle(), ... ]; return $bundles; } }
配置
simple_brute_force: limits: // Number of attempts before blocking. max_attempts: 5 // How long the user is blocked - DateInterval duration spec format (ISO 8601) block_period: PT10M // How many failed attempts before logging an alert. alert_attempts: 25 response: // HTTP response code once user is blocked. error_code: 403 // HTTP response message once user is blocked. error_message: Forbidden
自定义阻止
Symfony将通过其安全组件触发一个security.authentication.failure事件。我们监听该事件(AuthenticationFailedSubscriber::onAuthenticationFailure()),并使用投票者来决定是否增加用户的失败登录尝试次数。要添加自己的投票者,只需将其标记为simple_brute_force.security.voter。
app.security.2fa_voter: class: App\Security\CustomVoter tags: - { name: simple_brute_force.security.voter }
待办事项
- 创建多个适配器以存储失败的登录:Redis、Memcached、文件等。主要优点是完全跳过数据库。
- 根据
Accept请求头发送和格式化响应内容。 - 添加单元测试