Download the PHP package therealmkadmi/laravel-citadel without Composer
On this page you can find all versions of the php package therealmkadmi/laravel-citadel. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
Download therealmkadmi/laravel-citadel
More information about therealmkadmi/laravel-citadel
Files in therealmkadmi/laravel-citadel
Package laravel-citadel
Short Description A passive survaillance and firewall package for laravel to protect your public facing endpoints.
License MIT
Homepage https://github.com/therealmkadmi/laravel-citadel
FAQ
Example:
In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
- Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
- To use Composer is sometimes complicated. Especially for beginners.
- Composer needs much resources. Sometimes they are not available on a simple webspace.
- If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
- Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Informations about the package laravel-citadel
A Passive Surveillance Package for Laravel to Protect Your Public Facing Endpoints
Laravel Citadel is an advanced, real-time firewall package for Laravel designed to protect your public-facing endpoints—especially those handling critical actions such as order placement. Using Redis and Laravel Octane's in-memory caching, Laravel Citadel performs multi-faceted analysis including rate limiting, payload integrity checks, failure tracking, device fingerprint verification, and referrer validation. Its weighted scoring system dynamically flags suspicious activity, enabling you to stop malicious human or automated abuse before it reaches your business logic.
Installation
You can install the package via Composer:
You can publish and run the migrations with:
You can publish the config file with:
This is the contents of the published config file:
Optionally, you can publish the views using:
Usage
Laravel Citadel works as a middleware. Here’s how you can integrate it into your routes:
1. Register the Middleware
Add the Citadel firewall middleware to your app/Http/Kernel.php:
2. Protect Critical Endpoints
Apply the middleware to your sensitive endpoints. For example, to protect the send-order endpoint:
3. Customize Behavior
Adjust settings in config/citadel.php to tailor the firewall to your needs. The configuration parameters include:
- Rate Limiting: Set the window, maximum requests, and burst thresholds.
- Payload Analysis: Define required fields, entropy limits, and weights for anomalies.
- Failure Tracking: Control failure weights and decay time.
- Device Fingerprint: Set additional weights for desktop or automated User-Agents.
- Referrer Validation: Whitelist your domain and adjust penalties for missing or invalid referers.
- Threshold: Set the overall suspect score above which requests are blocked.
How It Works
Laravel Citadel performs a series of checks on each incoming request:
-
Real-Time Frequency Tracking:
- Uses Redis sorted sets to record and analyze request timestamps.
- Removes entries outside a 60-second window and calculates the current request rate.
- Enforces a minimum interval between requests to prevent burstiness.
-
Payload Anomaly Detection:
- Validates that required fields (e.g., name, table, items) are present.
- Analyzes text fields using regex and entropy calculations to detect gibberish or repetitive content.
- Checks for extreme values and logical inconsistencies in numeric data (e.g., unrealistic quantities or price mismatches).
-
Failure Tracking:
- Tracks failed attempts via a Redis counter with a TTL.
- Increments the suspect score for each failure, decaying over time if the user ceases suspicious activity.
-
Device Fingerprint Analysis:
- Examines the User-Agent header to determine if the request originates from a mobile device.
- Assigns additional points for desktop browsers or known automation tools.
-
Referrer Verification:
- Validates the HTTP referer against an expected domain.
- Penalizes requests with a missing referer or one that originates from an unauthorized domain.
- Weighted Scoring System:
- Aggregates scores from frequency, payload, failure, device, and referrer analyses.
- Compares the cumulative score against a configurable threshold.
- Blocks the request if the threshold is exceeded, logging the event for further analysis.
Testing
You can run the tests via Composer:
Simulate various scenarios:
- Normal Traffic: Ensure legitimate orders (with proper payloads and mobile devices) pass.
- High-Frequency Abuse: Simulate a rapid succession of orders to trigger rate limiting.
- Payload Tampering: Send malformed payloads to test anomaly detection.
- Device & Referrer Variations: Use different User-Agents and referers to verify proper scoring.
Contributing
Contributions are welcome! Please open an issue or submit a pull request. For larger changes, consider discussing your ideas first.
Security Vulnerabilities
For information on reporting security vulnerabilities, contact me privately on wahibmkadmi16 [at] gmail [dot] com.
Credits
- Wahib
- All Contributors
License
Laravel Citadel is open-sourced software licensed under the MIT License.
All versions of laravel-citadel with dependencies
spatie/laravel-package-tools Version ^1.16
illuminate/contracts Version ^10.0||^11.0||^12.0