I look around, but I could not find anything useful. What would be the best practice for protecting a Symfony application from brute force attacks? I looked into the SecurityBundle but found nothing.
Something I'm doing for this is that I keep a log using event subscribers based on IP addresses and / or usernames trying to log in. Then, if after x the amount of time that IP / User tried to log into the system is a failure, then I move this IP address / User to the list of bans .. and after that anytime IP / User tries to log in, I I immediately refuse this list of prohibitions.
You can also play over time between attempts and all these goodies inside the event subscriber
Let me know if that makes sense.
Use cloudflare for DDOS attacks. However, this can be expensive.
, https://github.com/codeconsortium/CCDNUserSecurityBundle
, -, . , , vsthrottle. (, , , ), - symfony , php , , ( mysql - , memcached), ... php, DDOS , symfony, php symfony.
, symfony, , , IP- X_forwarded_for ( , ip ip), (, , memcached , ips), ip 100 1 , ... , (, , ) , , , .
Source: https://habr.com/ru/post/1666407/More articles:Send angular post request - javascriptResponsive lambda in rendering - lambdaIs there any BNF with arguments for nonterminal characters? - nlpHow to create this special counter for a specific value in T-SQL? - sqlЭто ошибка компилятора? - cCreate lists in R with patterns associated with the record number - listIs there a better way to handle click areas of an image? - c #Interactive (interactive) map - c #Web application not registered in Firebase project console - javascriptCalculate days between two dates on AIX using Bash - dateAll Articles