This Twill Capsule is intended to enable developers to configure an application internal firewall.
You add as many domains as you need and configure different strategies for each. Once you enable the all domains (*)
entry, the same configuration will be used for all, and all other domains will be hidden.
- "Allow" strategy: only allow access to the listed IP addresses
- "Block" strategy: block all listed IP addresses
- Detects and blocks automatically attacks
- Automatically add block attacker IP addresses to the block list
- Redirection instead of blocking. Allow displaying a "Coming soon" page to external users, while giving access to the team.
A middleware is automatically added to all web
routes, but you can configure this behaviour or even disable it to configure your middleware yourself:
'middleware' => [
'automatic' => true,
'groups' => ['web'],
'class' => \A17\TwillFirewall\Http\Middleware::class,
],
If you have authorization on your app (as you have on Twill), you can exempt logged in users from the rate limit, so they don't risk getting blocked.
If enabled it will rate limit requests (per minute) by the IP address. After a minute is passed the offending client can get back to do more requests. Enabling "Automatically add blocked IP addresses to block list" makes a block permanent, it adds the "attacker" IP address to the block list.
Make sure you set a too low rate, so you don't risk blocking Gooble Bot and other search engine crawlers out there.
On our benchmarks (using ApacheBench to perform 500 requests with 10 concurrent clients) we detected the firewall adds around 4ms extra time on each request, adding the middleware to the end of the list. If you don't need authentication, you can configure the middleware.method
to prepend
, it will execute before all other middleware and block requests as soon as possible. You can also disable automatic middleware injection and configure it yourself.
composer require area17/twill-firewall
php artisan vendor:publish --provider="A17\TwillFirewall\ServiceProvider"
/**
* Register any application services.
*
* @return void
*/
public function register()
{
\A17\TwillFirewall\Services\Helpers::load();
}
Enable it on your .env
file:
TWILL_FIREWALL_ENABLED=true
Please contribute to this project by submitting pull requests.