chameleon-system/login-security-bundle
This package is abandoned and no longer maintained.
The author suggests using the chameleon-system-private/login-security-bundle package instead.
There is no license information available for the latest version (dev-main) of this package.
Provides login security features (e.g. blocking of IPs) for chameleon
dev-main
2022-02-14 11:31 UTC
Requires
- symfony/lock: ^4.4
- psr/cache: ^1.0
- symfony/options-resolver: ^4.4
- chameleon-system/chameleon-base: ~7.1.0
- php: ^7.4
Requires (Dev)
- vimeo/psalm: ^4.18
- phpat/phpat: ^0.8.3
README
Provide common security features for extranet users.
Rate Limiting authentication failures
In order to enable rate limiting for authentication failures, add the following configuration:
chameleon_system_login_security:
rate_limiting:
log_only: false
user:
policy: sliding_window
limit: 10
interval: '10 minutes'
ip:
policy: fixed_window
limit: 60
interval: '10 minutes'
There is rate-limiting done on 2 different levels:
- Per user: If there have been too many failed authentication attempts for the same user, logging in as that user is blocked for a certain time. The user will be informed about this.
- Per IP: If an IP address has been used too often, logging in from that IP address is blocked for a certain time. The user will not be informed about this. Note, that some ISPs will pool IP adresses for multiple clients - so the same IP address may be used by multiple users. Adjust your rate-limiting policy accordingly.
The following rate limiting policies exist:
sliding_windowfixed_windowno_limit