-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy path19-header-analysis.php
More file actions
81 lines (57 loc) · 2.84 KB
/
Copy path19-header-analysis.php
File metadata and controls
81 lines (57 loc) · 2.84 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
<?php
/**
* Example 19: Suspicious Headers Detection
*
* Demonstrates blocking requests that are missing standard HTTP headers
* which real browsers always send (Accept, Accept-Language, Accept-Encoding).
* Attack tools and scrapers often omit these.
*
* Run: php examples/19-header-analysis.php
*/
declare(strict_types=1);
require __DIR__ . '/../vendor/autoload.php';
use Flowd\Phirewall\Config;
use Flowd\Phirewall\Http\Firewall;
use Flowd\Phirewall\Store\InMemoryCache;
use Nyholm\Psr7\ServerRequest;
echo "=== Suspicious Headers Detection Example ===\n\n";
$config = new Config(new InMemoryCache());
// Block requests missing standard browser headers
$config->blocklists->suspiciousHeaders();
$firewall = new Firewall($config);
echo "Rules configured:\n";
echo " - Block requests missing: Accept, Accept-Language, Accept-Encoding\n\n";
// Simulate requests
echo "=== Request Simulation ===\n\n";
// 1. Normal browser request (all headers present)
$normalRequest = (new ServerRequest('GET', '/'))
->withHeader('Accept', 'text/html,application/xhtml+xml')
->withHeader('Accept-Language', 'en-US,en;q=0.9')
->withHeader('Accept-Encoding', 'gzip, deflate, br');
$result = $firewall->decide($normalRequest);
echo sprintf(" %-45s => %s\n", 'Normal browser (all headers)', $result->isPass() ? 'ALLOWED' : 'BLOCKED');
// 2. Scraper (missing Accept-Language)
$scraperRequest = (new ServerRequest('GET', '/'))
->withHeader('Accept', '*/*')
->withHeader('Accept-Encoding', 'gzip');
$result = $firewall->decide($scraperRequest);
echo sprintf(" %-45s => %s\n", 'Scraper (missing Accept-Language)', $result->isPass() ? 'ALLOWED' : 'BLOCKED');
// 3. Bot with no headers at all
$bareRequest = new ServerRequest('GET', '/');
$result = $firewall->decide($bareRequest);
echo sprintf(" %-45s => %s\n", 'Bot (no browser headers)', $result->isPass() ? 'ALLOWED' : 'BLOCKED');
// ── Custom required headers ──────────────────────────────────────────
echo "\n--- Custom Required Headers ---\n\n";
$config2 = new Config(new InMemoryCache());
$config2->blocklists->suspiciousHeaders('api-headers', ['Authorization', 'X-API-Key']);
$firewall2 = new Firewall($config2);
$apiRequest = (new ServerRequest('GET', '/api/data'))
->withHeader('Authorization', 'Bearer token123')
->withHeader('X-API-Key', 'key-abc');
$result = $firewall2->decide($apiRequest);
echo sprintf(" %-45s => %s\n", 'API request (all custom headers)', $result->isPass() ? 'ALLOWED' : 'BLOCKED');
$missingKeyRequest = (new ServerRequest('GET', '/api/data'))
->withHeader('Authorization', 'Bearer token123');
$result = $firewall2->decide($missingKeyRequest);
echo sprintf(" %-45s => %s\n", 'API request (missing X-API-Key)', $result->isPass() ? 'ALLOWED' : 'BLOCKED');
echo "\n=== Example Complete ===\n";