This extension uses the project PHPIDS like a application component for apply rules for attack detection and prevention. Perform a predefined reaction.
Credits and Thanks... ¶
Requirements ¶
Tested in Yii 1.1.5 and 1.1.4
Usage ¶
Download and unzip the file in components directory.
Make .../components/ids/IDS/tmp writable.
In config file change version 0.2...
...
//'preload'=>array('log'),
'preload'=>array('log','ids'),
...
components = array(
...
'ids'=>array(
'class'=>'application.components.ids.CPhpIds',
'genericMessage'=>'Error!!!',
'callback'=>create_function('',"echo 'Error!'; Yii::app()->end(); return false;"),
'enable'=>create_function('','return $_GET["r"] != "site/contact";'),
),
)
in version 0.2 and enable the callback parameters were added.
callback - is passed as parameter to call_user_func, see php manual
enable - performs the functions of the IDS is true. If false ignores the IDS. Receives a BOOL value or a function that returns a bool value, if passed a parameter is_callable, this parameter is passed to call_user_func (see PHP manual).
Other reactions for attacks?
Thank you for your extension, which is important add to security manners in Yii applications!
On "Project Page" it is written: "(...) This could range from simple logging to sending out an emergency mail to the development team, displaying a warning message for the attacker or even ending the user’s session (...)".
Does your extensions supports other reactions (like mentioned ones)? If so, can you provide more examples how to react with sending e-mails or ending user session? If I'm not mistaken, you only provided example for showing error message. Thank you.
log and throw exception.
This extension yet is a basic implementation for PHPIDS. With it is possible log the attack's details, while component throw a exception with a generic message for the attacker.
Too is possible send a email using CEmailLogRouter. For debug the messages CWebLogRouter. The extension uses the Yii's log component and PHPIDS's internal log. The level is 'warning' and category is 'application.components.ids'. The download file is updated for implements this level and category.
In the next release, we can implement a callback method to more possibilities of reaction. How to generate a blacklist, closing the session of the attacker...
Thanks!
htmlpurifier
HTML Purifier is part of Yii framework, is it possible to use it instead of one contained in this extension? It seems to work without included purifier.
There is not enough configuration options, like tmp folder. How to disable ids for certain controllers/actions?
HTMLPurifier and PHPIDS
HTMLPurifier and PHPIDS, perform different functions in the application. Both contribute to security. Both can be used together or separately.
In the next version of PHPIDS introduce more settings for now in version 0.2 we have two new options: callback and enable both explained in the current description of the component.
Update IDS
I would ask to make an how-to update the IDS package, as it is outdated. I've tried myself (looking at includes) without success. I'm looking for performance upgrades.
But must say one should always update the default_filter.xml set as available to download on the official website.
Great addon!! Cheers
How to use this with remember login mode by cookie?
I tried this extension in the blog demo with allowAutoLogin enabled and cookie stored and always get an error for the created cookie used for the automated login.
If you have any questions, please ask in the forum instead.
Signup or Login in order to comment.