Bouncer is a real time statistics and security engine for PHP applications.
Bouncer is designed to run when your PHP request starts. Everything that can be cached is cached, so there should not be any performance issue. Actually, your application is supposed to run faster with it, because it doesn't needs to serve junk traffic anymore.
How does it operate?
- It first analyse what the agent claim to be, if it's a browser, a bot, which browser, which version. At the same time, it also compute an unique fingerprint based on the User-Agent and several common HTTP headers.
- After that, it scores the agent, comparing what it claim to be, with how it's supposed to act. For example, Firefox is supposed to send several HTTP headers, Googlebot is supposed to operate from given IP adresses. It also compare the agent fingerprint with a local database, filled with thousand fingerprints of known, good, bad and suspicious agents.
- Depending the score, nothing happen (it's a good guy), the agent is throttled (we're not sure) or the agent is blocked (definitely a bad ass).
Practically, 99% of known web junk is blocked efficiently, without giving your data to anyone. Technically, ou'll barely need other anti-spam measures, but that's not a reason to stop using them.
An advanced dashboard with more data is also available.
- Download the Bouncer library. Download also the Rediska library if you want to use the redis backend (recommended).
Add the Bouncer code early in your PHP code:
<?php require_once('Bouncer/Bouncer.php'); Bouncer::run(array('backend' => 'redis', 'namespaces' => array('default'))); ?>
- In a protected area, you can display the dashboard to visualize what is happening:
<?php require_once('Bouncer/Bouncer.php'); Bouncer::stats(array('backend' => 'redis', 'namespace' => 'default')); ?>
Fork me on Github baby!