m6web / firewall-bundle
Bundle providing IP filtering features for controllers and actions
Installs: 299 780
Dependents: 2
Suggesters: 0
Security: 0
Stars: 23
Watchers: 57
Forks: 11
Open Issues: 2
Type:symfony-bundle
Requires
- php: >=7.0.0
- ext-bcmath: *
- m6web/firewall: ~1.0
Requires (Dev)
- atoum/atoum: ^2.8|^3.0
- atoum/atoum-bundle: @stable
- symfony/symfony: ^2.2|^3.0|^4.0
This package is auto-updated.
Last update: 2022-03-18 19:02:26 UTC
README
This bundle provides IP filtering features for your Symfony applications.
It uses the Firewall component and offers service and annotations configuration.
For implementation into a Symfony 3 or Symfony 4 application, please use the release v3.0.0
at least.
Installation
Add this line in your composer.json
:
{ "require": { "m6web/firewall-bundle": "dev-master" } }
Update your vendors :
composer update m6web/firewall-bundle
Registering
class AppKernel extends \Symfony\Component\HttpKernel\Kernel { public function registerBundles() { $bundles = array( new M6Web\Bundle\FirewallBundle\M6WebFirewallBundle(), ); } }
Usage
Configuration
m6web_firewall: lists: # Define some IP lists into the Firewall Provider self: # Define a list named "self" - '127.0.0.1' # IPV4 - '::1' # IPV6 short notation lan: # Define a list named "lan" - '192.168.0.*' # IPV4 with Wildcard (* = all) - '192.168.0.0/24' # IPV4 with CIDR Mask - '192.168.0.0/255.255.255.0' # IPV4 with Subnet Mask configs: # Define some pre-defined configurations into the Firewall Provider default: # Define a configuration named "default" default_state: true # Default returned value (default: true) throw_error: true # Throw an exception for rejected users (default: true) error_code: 403 # Exception status code (default: 403) error_message: 'Forbidden' # Exception message (default: Forbidden) lists: # Lists access state self: true # "self" list records will be allowed by the firewall lan: false # "lan" list records will be rejected by the firewall entries: # Define custom IP's access state '192.168.0.10': true # "192.168.0.10" will be allowed '192.168.0.20': false # "192.168.0.20" will be rejected
Global annotation
use M6Web\Bundle\FirewallBundle\Annotation\Firewall; /** * @Firewall( * config="default", * actions={ * 'myFirstAction' * }, * default_state=true, * lists={ * 'default': true * }, * entries={ * '192.168.0.50': false * }, * throw_error: false, * callback="myFirewallResponseHandler", * error_message: 'Forbiden', * error_code: 403 * ) */
config
parameter sets which pre-defined configuration to use,actions
parameter sets which actions of the controller are protected (in case of Class Annotation).
All default set parameters can be overloaded by annotation.
Class annotation
use M6Web\Bundle\FirewallBundle\Annotation\Firewall; /** * @Firewall( * config="default", * actions={ * 'myFirstAction' * } * ) */ class MyBundleController extends Controller { public function myFirstAction() { } public function mySecondAction() { } }
myFirstAction
is protected by the pre-defined configurationdefault
.
In this case we can set one (or many) firewall used for many actions.
Method annotation
use M6Web\Bundle\FirewallBundle\Annotation\Firewall; class MyBundleController extends Controller { /** * @Firewall( * config="default" * ) */ public function myFirstAction() { } /** * @Firewall( * default_state=true, * lists={ * 'lan': false * }, * entries={ * '20.30.40.50': false * } * ) */ public function mySecondAction() { } }
myFirstAction
uses its own firewall with pre-defined configurationdefault
,mySecondAction
uses its own firewall with a custom configuration.
Path configuration
m6web_firewall: patterns: # define some routing pattern to filter api: config: default # config associed to the path path: /api # path to filter
config
parameter sets which pre-defined configuration to use,path
parameter sets which path are protected.
Running the tests
$ php composer.phar install --dev
$ ./vendor/bin/atoum -d Tests/
Credits
Developped by the Cytron Team of M6 Web.
Tested with atoum.
License
The FirewallBundle is licensed under the MIT license.