This bundle detects brute-force attacks on Symfony applications. It then will disable login for attackers for a certain period of time. This bundle also provides special events to execute custom handlers when a brute-force attack is detected.
The bundle is since version 0.6 compatible with Symfony 4.
Add this bundle via Composer:
composer require anyx/login-gate-bundle
Add in app/config/config.yml:
login_gate:
storages: ['orm'] # Attempts storages. Available storages: ['orm', 'session', 'mongodb']
options:
max_count_attempts: 3
timeout: 600 #Ban period
watch_period: 3600 #Only for databases storage. Period of actuality attempts
services:
acme.brute_force_listener:
class: Acme\BestBundle\Listener\BruteForceAttemptListener
tags:
- { name: kernel.event_listener, event: security.brute_force_attempt, method: onBruteForceAttempt }
In the following example we import the checker via dependency injection in SecurityController.php.
namespace App\Controller;
use Anyx\LoginGateBundle\Service\BruteForceChecker;
/**
* @var BruteForceChecker $bruteForceChecker
*/
private $bruteForceChecker;
/**
* SecurityController constructor.
* @param BruteForceChecker $bruteForceChecker
*/
public function __construct(BruteForceChecker $bruteForceChecker)
{
$this->bruteForceChecker = $bruteForceChecker;
}
We can now use the checker to see if a person is allowed to login.
$this->bruteForceChecker->canLogin($request)
We can also clear the loginattempts when a login is succesful.
$this->bruteForceChecker->getStorage()->clearCountAttempts($request);
For more examples take a look at the tests.