Download the PHP package accentinteractive/laravel-blocker without Composer
On this page you can find all versions of the php package accentinteractive/laravel-blocker. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
Download accentinteractive/laravel-blocker
More information about accentinteractive/laravel-blocker
Files in accentinteractive/laravel-blocker
Package laravel-blocker
Short Description Block bad bots and users that visit certain (exploit) urls for a set amount of time.
License MIT
Homepage https://github.com/accentinteractive/laravel-blocker
Informations about the package laravel-blocker
Block bad bots and IPs that visit exploit URLs
Your application is hammered by malicious bots and visitors that try out exploit URLs. This package detects those and blocks their IP addresses. Blocked users are denied access to your application until their block expires.
- Block exploit URLs like
/wp-admin
and?invokefunction&function=call_user_func_array&vars[0]=phpinfo
. - Block user Agents like
Seznam
,Flexbot
andMail.ru
. - Set the expiration time for IP blocks.
Installation
Step 1: Install the package via composer:
Step 2: Make sure to register the Middleware.
To use it on all requests, add it as the first option to the web
section under $middlewareGroups
in file app/Http/Kernel.php.
To use it on specific requests, add it to any group or to the protected $middleware
property in file app/Http/Kernel.php.
Step 3: Optionally publish the config file with:
Step 4: there is no step 4 :)
Usage
The package uses auto discover. The package uses a middleware class that does the checking and blocking.
Config settings
Enabling checking
You can enable or disable URL checking and User Agent checking in the published config file, or by setting these values in .env (enabled by default).
Expiration time
Set the block expiration time (in seconds) in the published config file, or by setting this value in .env (3600 seconds by default).
Define malicious URLs
Define malicious URLs in the published config file, or by setting this value in .env, separated by a pipe. You need only use part of the malicious string. Matching is case insensitive.
Example: setting wp-admin
will block both '/wp-admin', '/index.php/wp-admin/foo' and '/?p=wp-admin'.
Defaults: call_user_func_array|invokefunction|wp-admin|wp-login|.git|.env|install.php|/vendor
Define malicious User Agents
Define malicious User Agents in the published config file, or by setting this value in .env, separated by a pipe. You need only use part of the malicious string. Matching is case insensitive.
Example: setting seznam
will block User Agent 'Mozilla/5.0 (compatible; SeznamBot/3.2-test4; +http://napoveda.seznam.cz/en/seznambot-intro/)'.
Define storage class implementation
By default, blocked IPs are stored in cache, using storage implementation \Accentinteractive\LaravelBlocker\Services\BlockedIpStoreCache::class
.
You can set the storage class you wish to use in the published config file, or by setting this value in .env. You can choose from:
- \Accentinteractive\LaravelBlocker\Services\BlockedIpStoreCache
- \Accentinteractive\LaravelBlocker\Services\BlockedIpStoreDatabase
Testing
Changelog
Please see CHANGELOG for more information what has changed recently.
Contributing
Please see CONTRIBUTING for details.
Security
If you discover any security related issues, please email [email protected] instead of using the issue tracker.
Credits
- Joost van Veen
- All Contributors
License
The MIT License (MIT). Please see License File for more information.
Laravel Package Boilerplate
This package was generated using the Laravel Package Boilerplate.
All versions of laravel-blocker with dependencies
guzzlehttp/guzzle Version ^7.5
illuminate/console Version ^6.0|^7.0|^8.0|^9.0|^10.0
illuminate/filesystem Version ^6.0|^7.0|^8.0|^9.0|^10.0
illuminate/support Version ^6.0|^7.0|^8.0|^9.0|^10.0