Skip to content
PHP rate Limiter and other security functions, libraries. The rate limiter is designed to be simple and fast. It uses temp files so needs nothing else installed and is built to be very fast.
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
LICENSE
README.md
rate_limiter.php

README.md

php_security_libraries

PHP security functions and libraries

What is it?

These is a location for a number of php security libraries you can use to improve security.

Rate Limiter - How does it work?

It is as simple as including the rate_limiter.php and using the function.

As an example if you want to block too many login attempts, you could check the IP ($_SERVER['REMOTE_ADDR']) and if more than 50 attempts in 1hour (3600), block any access to the page. The resource name we picked is 'login_page', but this can be any value just as long as you use the same value for the same rate_limit.:

<?php

require_once('rate_limiter.php');

//Check if they have gone over the rate limit before starting, but don't add the IP to the rate limit
if (!check_within_rate_limit('login_page', $_SERVER['REMOTE_ADDR'], 50, 3600, 0))
{
  die("Your IP has been restricted because of too many attempts. Please try again later.\n");
}

//Login Code

//Add to rate limit after a login attempt (failed or successful) to make it harder to brute force passwords
if (!check_within_rate_limit('login_page', $_SERVER['REMOTE_ADDR'], 50, 3600, 1))
{
  die("Your IP has been restricted because of too many attempts. Please try again later.\n");
}


?>

Another example might be a intensive graphs and processing page, and to reduce chance of being used to overload server. So limit to 2 uses every 5minutes

<?php

include('rate_limiter.php');

if (!check_within_rate_limit('heavy_processing', $_SERVER['REMOTE_ADDR'], 2, 300, 1))
{
  die("Your IP has been restricted because of too many attempts. Please try again later.\n");
}

//Intensive processing code

?>

Last example will be a bit more complicated to provide short burst protection as well as large numbers. Lets say this is a way to post a comment. So we want to limit posting by user for a comment to 5 per minute, but also want to limit to only 30 in an hour.

<?php

include('rate_limiter.php');

if (!check_within_rate_limit('comment', $username, 5, 60, 0))
{
  die("Your IP has been restricted because of too many attempts. Please try again later.\n");
}

if (!check_within_rate_limit('comment', $username, 30, 3600, 1))
{
  die("Your IP has been restricted because of too many attempts. Please try again later.\n");
}

//Code to post comment

?>
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.