SimpleBruteForceBundle

Very simple Symfony Bundle to count failed login attempts and block users which try too often., _(*1)

Installation

``` bash composer require evozon-php/simple-bruteforce-bundle, _(*2)


### Register bundle

``` php
class AppKernel extends Kernel
{
    public function registerBundles()
    {
        $bundles = [
            ...
            new EvozonPhp\SimpleBruteForceBundle\SimpleBruteForceBundle(),
            ...
        ];
        return $bundles;
    }
}

Configuration

``` yaml simple_brute_force: limits: // Number of attempts before blocking. max_attempts: 5 // How long the user is blocked - DateInterval duration spec format (ISO 8601) block_period: PT10M // How many failed attempts before logging an alert. alert_attempts: 25 response: // HTTP response code once user is blocked. error_code: 403 // HTTP response message once user is blocked. error_message: Forbidden, _(*3)


### Customize blocking

Symfony will dispatch a `security.authentication.failure` event via it's Security component. We listen on that event (`AuthenticationFailedSubscriber::onAuthenticationFailure()`) and use [voters](https://symfony.com/doc/current/security/voters.html) to decide if we increment the number of failed login attempts for the user.
To add your own voter, simply tag it with `simple_brute_force.security.voter`.

``` yaml
app.security.2fa_voter:
    class: App\Security\CustomVoter
    tags:
        - { name: simple_brute_force.security.voter }

Todo

Create multiple adapters to store failed logins: Redis, Memcached, file, etc. Main benefits would be to skip DB altogether.
Send and format response content according to Accept request header.
Add unit tests

28/06 2018

dev-master

9999999-dev https://github.com/Evozon-PHP/SimpleBruteForceBundle

Symfony 3+ Simple Brute Force Bundle

Sources Download

MIT

The Requires

by Constantin Bejenaru

security login brute force

symfony-bundle simple-bruteforce-bundle