ninjaphp/ninja

A simple but very effective PHP firewall. It enables you to easily block most SQL and XSS injections. It also includes a white-/blacklisting of IP's and throttling request using Leaky Bucket.

What is Ninja

Ninja is a very simple firewall which you can configure to do awesome things. It's still in development, but it may already be used., _(*1)

How to configure

Ninja uses Leaky Bucket for throttling requests. You can teach your Ninja about hazards, and block them where needed., _(*2)

``` php <?php use \Ninja\Ninja;, <sub>(*3)</sub>

Ninja::addHazard( 'throttle', Ninja::HAZARD_TYPE_THROTTLE, function (\Symfony\Component\HttpFoundation\Request $request) { return true; }, array( 'bucket_size' => 10, 'bucket_leak' => 1 ) );, <sub>(*4)</sub>

When the hazard returns true, it means the hazard has been detected. To detect a hazard, you retrieve a Request object. You can check that for all sorts of things. Apart from the `bucket_size` and `bucket_leak` you can also specify a `timeout` for when attacks happen.

You should also give your Ninja something to protect.

``` php
<?php
use Ninja\Ninja;

// ...
Request::enableHttpMethodParameterOverride();
$request = Request::createFromGlobals();

// Send the Ninjas
Ninja::prepare(__DIR__ . '/../app/config/ninja.php', $request);
Ninja::protect();

$response = $kernel->handle($request);

// Inject the Ninja in the response
Ninja::inject($response);

$response->send();
$kernel->terminate($request, $response);

Legals

You can find the LICENSE file in this project., <sub>(*5)</sub>