PHP download

Download the PHP package bitslip6/bitfire without Composer

On this page you can find all versions of the php package bitslip6/bitfire. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.

Table of contents
Download bitslip6/bitfire
More information about bitslip6/bitfire
Files in bitslip6/bitfire

Vendor bitslip6
Package bitfire
Short Description Enterprise firewall, stop all bot/spam and manual attacks. OWASP top 10, with bot whitelist in <2ms
License AGPL-3.0
Homepage https://github.com/bitslip6/bitfire

Keywords security firewall headers spam bot csrf xss sqli waf

FAQ

After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.

Example:

If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.

In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.

Some PHP packages are not free to download and because of that hosted in private repositories. In this case some credentials are needed to access such packages. Please use the auth.json textarea to insert credentials, if a package is coming from a private repository. You can look here for more information.

Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
To use Composer is sometimes complicated. Especially for beginners.
Composer needs much resources. Sometimes they are not available on a simple webspace.
If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.

Please rate this library. Is it a good library?

Example code of bitslip6/bitfire

Informations about the package bitfire

BitFire RASP Firewall for PHP

enterprise class security for everyone
BitFire Install Guide »

Report Bug · Request Feature

Table of Contents

About BitFire

Video Demonstration

File-System Protection RASP
Database Protection RASP
Automated Bot Protection RASP
Getting Started
- Prerequisites
- Installation
Additional Information
- Built With
- Usage
- Roadmap
- Contributing
- License
- Contact
- Acknowledgements

Runtime Application Self Protection firewall for PHP

BitFire is a Runtime Application Self Protection (RASP) based firewall for PHP servers. BitFire's RASP for PHP works differently than a traditional Web Application Firewall (WAF), by providing a security sandbox for all database and filesystem access, BitFire can prevent malware infections and account takeover for vulnerable plugins, themes and custom PHP code, regardless of of the stack.

Video Demonstration:

FileSystem RASP

Consider the following PHP vulnerability: This vulnerability allows uploading or overwriting any PHP file.

BitFire's RASP filesystem sandbox runs for all non-administrator users and will intercept this file write, and check both $_GET['filename'] and $_GET['content'] for any attempt to access a php file. When detected the malware infection fails and a blocking page is immediately displayed.

BitFire natively understands WordPress administrators, and you can add support for any CMS by implementing this simple function:

Database RASP

Hacker's exploit security vulnerabilities to create backdoor administrator accounts. These accounts are then used later to install malware or other spam content. BitFire secures this vulnerability by inspecting all database updates and checking for privilege escalation.

Consider the following wordpress vulnerability: This vulnerability can allow an attacker to set privilege level to any value including "administrator" without any verification.

When the BitFire Database sandbox inspects the underlying database update, it will compare the user privilege being set against the the user privilege making the change. If the user does not have the permission to grant administrator access, the database write is denied and a block page is served to the user.

BitFire comes pre-configured for popular CMS's including WordPress, Joomla and Drupal.

You can implement your own database checks as well:

This would trigger on any update of the table_name table with matching criteria to authenticate the SQL query using the PHP function privilege_check_function().

Example query blocked:

Bot Protect RASP

99% of web attacks come from automated scripts. BitFire RASP protects your site from automated attacks in 2 ways. First, it allows good bots like google and bing by authenticating their network origin. Google bot only connects from google owned IP addresses, and bing from Microsoft. BitFire has a list of over 150 known and approved bots, SEO tools and their origin networks.

Second, for web browsers like Chrome, Safari, etc, BitFire sends a transparent JavaScript challenge. This JavaScript challenge takes only milliseconds to complete and verifies that the client is a real browser and not a hacking tool. This way your website only sees the verified browser traffic. This is similar to Cloudflare's Super Bot Fight Mode.

BitFire Screen Shot

Here's How BitFire is different:

Speed. <2 ms block times - BitFire is up to 100x faster than the most popular PHP Firewalls
Bot authentication. Authenticates good bots like google, facebook, bing, ahrefs, by source network
Browser verification. Transparent JavaScript browser verification ensures user's are real
Client Integrity. Automatically generate browser policy preventing browser takeover
Server Integrity. Authenticated file access prevents server code modification
Grammar based firewall. Parses SQL, HTTP, HTML for the most accurate blocking

Built With

BitFire is built from pure PHP and has no external dependencies. BitFire can take advantage of several PHP shared memory caches including APCu, SHM, shmop and OpCache

PHP
TinyTest

Prerequisites

You will need: a web-server (apache, nginx), PHP >= 7.1, a login, and a text editor.

Installation

Install via GitHub
or Install via Composer
Bitfire is now installed! Open the configuration wizard to enable the firewall by visiting /bitfire/startup.php in your web browser. If you installed BitFire outside your web_root, you can access the dashboard by visiting the url /bitfire-admin which is defined in /bitfire/config.ini.
Congratulations! Time for a beer

Detailed configuration and installation is available on our Support Center

Setup / Configuration Quick-start

The default configuration is very conservative and will only block bots identifying themselves as malicious scripts. The configuration is stored in config.ini in the BitFire home directory (for composer: vendor/bitslip6/bitfire/config.ini)

Now visit your website at path "your_domain.com/bitfire_dashboard" enter the password when prompted, then click on "Settings" and configure the settings you want to use.

On first page view BitFire will auto configure itself for your server and rarely needs to be adjusted.

Feature flags support 3 values:

false: disable the feature
report: don't block the traffic but add an entry to the report_file (config.ini setting)
block: block the request, server response_code (config.ini) from views/block.php we recommend beginning with report and then moving to block only after verifying that you would not be blocking good traffic. https://github.com/bitslip6/bitfire/wiki/block_reporting for details.

1. Require full browser. If your website uses JavaScript and cookies (99% of all websites) you can require all web browers to prove they support both by enabling require_full_browser. Since >95% of all exploit scripts and worms do not support JavaScript or cookies this is the single best protection you can install to prevent breakins. This cookie is non user-identifying and so is fully GDPR compliant and does not require a GDPR notification.

2. Enable bot whitelist. Futher limit bots by allowing only verified whitelisted robots. A preconfigured list of common bots included with BitFire. Refer to our wiki for how to add additional bots.

3. Enable core web filters. The web filter blocks malicious requets like XSS, LFI, RCE and SQLi as well as many others. The entire web filter can be enabled or disabled with the web_filter_enabled parameter. We recommend the following configuration:

4. Enable IP blocking. By default BitFire will not black list IP addresses. We recommend you enable this feature which allows for the fastest possbile drop of HTTP floods.

For detailed documentation, please refer to the Documentation

Roadmap

See the open issues for a list of proposed features (and known issues).

Contributing

Additions to the bot whitelist and additional attack signatures or bypasses are greatly appreciated. If your contributions are included you will recieve discounts on comercial licencing for BitFire Pro.

Fork the Project
Create your Feature Branch (git checkout -b feature/AmazingFeature)
Commit your Changes (git commit -m 'Add some AmazingFeature')
Push to the Branch (git push origin feature/AmazingFeature)
Open a Pull Request

License

Distributed under the Apache 2.0 License. See LICENSE for more information.

Contact

Cory - @bitslip6 - [email protected]

Project Link: https://github.com/bitslip6/bitfire

Acknowledgements

All versions of bitfire with dependencies

PHP Build Version

Package Version

Version 2.2.2 Release 16. Nov 2022
create-project require 0 people choosed require and
0 people choosed create-project.

Download

Download latest version of bitfire from vendor bitslip6

Requires php Version ^7.0.33

Composer command for our command line client (download client) This client runs in each environment. You don't need a specific PHP version etc. The first 20 API calls are free. Standard composer command

The package bitslip6/bitfire contains the following files

Loading the files please wait ....