Download the PHP package loamok/sf2security-bundle without Composer
On this page you can find all versions of the php package loamok/sf2security-bundle. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
Informations about the package sf2security-bundle
Loamok Symfony 2 Security Bundle
Inspired from https://inuits.eu/blog/getting-fail2ban-work-symfony2-proper-way
Thank you Kalman Olah for the great article.
A bundle for plug symfony to linux fail2ban security application
Important note about revisions :
Revision 2 is for Symfony 2.x Revision 3 is for Symfony 3.x Revision 3 is merged in dev-master and in develop
So if you are using Symfony 2.8 you must use revision 2 of this bundle.
Important note about revisions :
Migration from sf 2.8 to sf 3.3 :
In all cases :
- remove the line "csrf_provider: form.csrf_provider" from security.yml
If you have moved your log files to var/logs instead of app/logs you must :
- upgrade to revision 3 or dev-master
- adapt your logrotate scripts according to this documentation
- adapt your fail2ban documentation
If you haven't moved your log files and still let them in app/logs yopu have nothing to do. Eventually upgrade this bundle to revision 2 to ensure you dont go to 3 by error.
First step rotate the logs
Start by configuring log rotate on your web server.
What you need :
- Full path of your application logs
- System webserver username
- Root or sudo access
- name of your application
Create an empty file in the logrotate config directory with a pattern like this :
Write this in your new file (substitute with good values) :
Then (if your application has already started working and do logs) force first rotating :
Install this bundle in your application
Composer.json :
And run composer update.
Add it to your kernel AppKernel.php :
Mod your security config file
plug-in to fail2 ban :
Create a symbolic link from filter conf file to /etc/fail2ban/filter :
Add the jail definition for fail2ban (/etc/fail2ban/jail.conf) (sample is in the filter file) :
Restart fail2 ban service and that's it you just secure your symfony2 application against brutforce.