Download the PHP package maba/gentle-force without Composer
On this page you can find all versions of the php package maba/gentle-force. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
Download maba/gentle-force
More information about maba/gentle-force
Files in maba/gentle-force
Package gentle-force
Short Description Library for limiting both brute-force attempts and ordinary requests, using leaky/token bucket algorithm, based on Redis
License MIT
FAQ
Example:
In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
- Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
- To use Composer is sometimes complicated. Especially for beginners.
- Composer needs much resources. Sometimes they are not available on a simple webspace.
- If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
- Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Informations about the package gentle-force
Gentle-force: brute-force, error and request rate limiting
This is a library for rate-limiting both brute-force attempts (like invalid credentials) and ordinary requests.
Features
- can be used to limit brute-force attempts;
- can be used for request rate limiting;
- uses leaky / token bucket algorithm. This means that user does not have to wait for next hour or day - additional attempts are possible as time goes by. This also means that requests does not come in big batches when every hour starts;
- handles race-conditions. This is important for brute-force limiting. For example, if 1000 requests are issued at the same time to check same user's password, only configured number of attempts will be possible;
- can have several limits configured for single use-case (for example maximum of 100 requests per minute and 200 per hour);
- does not make assumptions about where and what it's used for - it can be used with user identifiers, API tokens, IP addresses or any other data to group usages.
Installation
Usage
Alternatives
Actually, there are quite many of them.
Unfortunately, as some provide additional features (like different storage methods: file, memcached etc.), none were found with these criteria:
- usable for brute-forcing (only on errors), not for all requests;
- abstract, so that limiting by user, IP and other identifiers would be possible;
- rate limiting algorithm that would not block for too long for a legitimate user;
- free of race-conditions where actual limit would not work correctly on high load.
Some of reviewed alternatives: RateLimitInterface, rate-limiter, LosRateLimit, Rate-limit, rate-limit, php-ratelimiter, tokenbucket, brute-force, LoginGateBundle, tresholds-governor, throttle, PeerjUserSecurityBundle, php-ratelimiter, RateLimitBundle, CybBotDetectBunble, CCDNUserSecurityBundle, limit-number-calls-bundle, rate-limiter-php, flaps, token-bucket
Semantic versioning
This library follows semantic versioning.
See Symfony BC rules for basic information about what can be changed and what not in the API.
Running tests
Functional tests require Redis and several PHP extensions for forking, so that behaviour on high traffic could be tested. So, generally, it's easier to run them in docker.
Contributing
Feel free to create issues and give pull requests.
You can fix any code style issues using this command:
