Download the PHP package asmithsummer/roadblock without Composer

On this page you can find all versions of the php package asmithsummer/roadblock. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.

FAQ

After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.

Example:
If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.

In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
Some PHP packages are not free to download and because of that hosted in private repositories. In this case some credentials are needed to access such packages. Please use the auth.json textarea to insert credentials, if a package is coming from a private repository. You can look here for more information.

  • Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
  • To use Composer is sometimes complicated. Especially for beginners.
  • Composer needs much resources. Sometimes they are not available on a simple webspace.
  • If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
  • Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Please rate this library. Is it a good library?

Informations about the package roadblock

Roadblocks Silverstripe module

This module creates a database log of sessions, requests and login attempts. Where possible these are attached to an authenticated user. The gateway then uses a rules based infrustructure to identify requests that should be flagged, and when sufficent, block the request. There are two new modeladmin tabs, Sessions and Roadblocks. These are reports for both of these, and a queued job to remove stale requests logs.

Sessions

A session is set for all requests now. To avoid this being reset on login the $session_regenerate_id is set to false in the config yml.

Logs

Logging is done for the session, request and login attempts. Each request logs the ip address, url, useragent, request type (configurable in ModelAdmin), Verb (GET, POST etc).

excluded urls

The config/urlignore.yml file contains a list of preg_match values to be excluded from reuest logs. This reduces noise from _resouce requests, and frees up the /dev/build and error pages from being blocked.

Gateway

The module works by inserting a new gateway after the member authentication has finished.

Overriding the Roadblock

If upon examination a roadblock should be removed there is an Admin Override checkbox on the roadblock modelAdmin. This will permit the member, or session to ignore all rules. Only override if you have high trust that the member or session is legitimate.

Expiring the Roadblock

Setting an expiry value in the config yaml will set an expiry date whenever a score exceeds 100.00. When the expiry is over, on the next request by the member / session that is blocked, 100.00 will be subtracted from the score. If the score is still over 100 a new expiry date will be set. To illistrate, suppose I have a rule that is set to 50.00 (cumulative) at the member level, and an expiry is set to 600 seconds.

Rules

Rules are created on a "If false then" basis, this allows for early exit of ligitimate traffic. When the score exceeds 100.00 a 'Roadblock' will be inforced returning 404 error page or an httprequest exception (configurable).

Model Admin

The roadblock model admin allows for administration for every level required, and export / import to aid in setting up rules. The basic hierarchy for the rules is:

Test 'inspectors'

The roadblock rule inspectors model admin tab allows the creation of test outcomes to validate that the rule is working as intended. The 'Result' will debug all the stages of running the rule against the parameters set up in the inspector. If you are happy the debugging info is correct, copy this into the 'Expected result' and the test will pass.

Notifications

In addition to the individual notifications, there are configurable flags to send an email notification to the admin and or member's email. There is also a config value to set how often an email should be sent for a roadblock.

Customisation

The rules can be extended to include new variables. There following extended methods are available in addition to the standard ones:

trim old request logs

The 'TruncateRequestLogJob' will remove old requests from the request log. It takes two parameters, test and repeat. If test is set the job's message tab will show what data would have been removed. If the repeat parameter is present it will schedule another job to run. The length of time to keep records and how often to run the job are in the yml config settings:

License

See License

This module template defaults to using the "BSD-3-Clause" license. The BSD-3 license is one of the most permissive open-source license and is used by most Silverstripe CMS module.

Installation

Example configuration

As we are setting a new session for un-authenticated members, to prevent new sessions being created when they log in you should set login_recording to true. This is not fool proof but a big improvement.

in your app's base _config add the following:

You can override the default config in the roadblock module in the usual way. the default config is:


---
Name: roadblock_member
---
SilverStripe\Security\Member:
    session_regenerate_id: false
---
Name: roadblock
---
aSmithSummer\Roadblock\Gateways\SessionLogMiddleware:
  show_error_on_blocked: true
aSmithSummer\Roadblock\Model\Roadblock:
  expiry_interval: 0
  email_notify_frequency: 60
  email_notify_on_info: false
  email_notify_on_partial: false
  email_notify_on_blocked: false
  email_notify_on_latest: false
  email_notify_frequency_member: 60
  email_notify_on_info_member: false
  email_notify_on_partial_member: false
  email_notify_on_blocked_member: false
  email_notify_on_latest_member: false
aSmithSummer\Roadblock\Services\EmailService:
  email_from: [email protected]
  email_to: [email protected]
---
Name: request_log_job
---
aSmithSummer\Roadblock\Jobs\TruncateRequestLogJob:
  keep_log_period_seconds: 604800
  keep_log_repeat_interval: "+1 day"

All versions of roadblock with dependencies

PHP Build Version
Package Version
Composer command for our command line client (download client) This client runs in each environment. You don't need a specific PHP version etc. The first 20 API calls are free. Standard composer command

The package asmithsummer/roadblock contains the following files

Loading the files please wait ....