Geek Answers Handbook

Automatic scan locks / locks in Symfony

I am launching a webpage based on Symfony 2.7. The page is used FOSUserBundlefor user management and authentication.

I can see in the log files that the page is “attacked” quite often by brute force scanners.

There are two types of scans:

  • Search for known vulnerabilities, for example. WordPress etc which lead to HTTP 404answers
  • login attempts with default user credentials

I have used WordPress before. There are quite a few plugins and tools for automatically recognizing and processing such attacks: if a 404 request or rejected login attempts reaches a certain threshold, the user / ip will automatically be blocked for some time. Usually, after a few minutes, the user / ip is automatically removed from the list of blocks.

I could not find such a solution for Symfony. Is there any package that combines these features in symfony?

Of course, it would not be easy to implement this functionally independently. But it makes no sense to reinvent what is already there.

+5
source share
1 answer

IP- fail2ban, fail2ban. :

<?php

namespace Your\ExampleBundle\EventHandler;

use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\Security\Core\Exception\AuthenticationException;
use Symfony\Component\Security\Http\Authentication\DefaultAuthenticationFailureHandler;

class AuthenticationFailureHandler extends DefaultAuthenticationFailureHandler
{
    public function onAuthenticationFailure(Request $request, AuthenticationException $exception)
    {
        if (null !== $this->logger && null !== $request->getClientIp()) {
            $this->logger->error(sprintf('Authentication failure for IP: %s', $request->getClientIp()));
        }

        return parent::onAuthenticationFailure($request, $exception);
    }
}

:

services:
    your.examplebundle.authenticationfailurehandler:
        class: Your\ExampleBundle\EventHandler\AuthenticationFailureHandler
        arguments: ["@http_kernel", "@security.http_utils", {}, "@logger"]
        tags:
            - { name: 'monolog.logger', channel: 'security' }

# app/config/security.yml
    firewalls:
        main:
            pattern: ^/
            form_login:
                provider: fos_userbundle
                csrf_provider: form.csrf_provider
                failure_handler: your.examplebundle.authenticationfailurehandler
            logout:       true
            anonymous:    true

fail2ban Symfony2

fail2ban, /etc/fail2ban/filter.d/symfony.conf :

[Definition]
failregex = Authentication\sfailure\sfor\sIP:\s<HOST>\s

, ? /etc/fail2ban/jail.local, . , :

[symfony]
enabled   = true
filter    = symfony
logpath   = /var/www/my-project/app/logs/prod.log
port      = http,https
bantime   = 600
banaction = iptables-multiport
maxretry  = 3
+2

More articles:


All Articles