Ban identifier after certain amount of requests in a given timeframe.
The suggested installation method is via composer:
php composer.phar require "sideshow_bob/throttle"Basic usage of the Throttle class to ban an identifier.
// ip
$identifier = $_SERVER["REMOTE_ADDR"];
// instantiate class
$throttle = new \sideshow_bob\Throttle(new \sideshow_bob\Storage\Memcached());
if($throttle->validate($identifier)) {
// success proceed
} else {
// banned
}Included are Array, Memcached, Redis, Predis and doctrine/cache storage implementations, however it is very easy to use some other storage system just implement the StorageInterface and inject that object into the Throttle constructor.
####Caution#### Whatever storage system you decide to use, do not store the failed request data into your database, this could lead to a DDOS attack and take your database down.
You can override the default options by instantiating a Throttle class and pass in an array as the third argument.
$options = [
"ban" => 10, // ban identifier after 10 attempts. (default 5)
"log" => 20, // log identifier after 20 attempts. (default 10)
"timespan" => 60, // the timespan for the duration of the ban. (default 86400)
];
// Instantiate class
$throttle = new \sideshow_bob\Throttle(new \sideshow_bob\Storage\Memcached(), $options);Any logger library that implements the PSR-3 LoggerInterface should work, just create your Logger object and inject it into the Throttle constructor.
For example the excellent logging library Monolog.
This will remove the identifier from the storage.
$throttle->reset($identifier);This will return an integer that is the remaining attempt(s) available before identifier gets banned.
$throttle->remaining($identifier);The test folder contains all tests.
Forked from websoftwares/throttle.