PHPackages                             anyx/login-gate-bundle - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Security](/categories/security)
4. /
5. anyx/login-gate-bundle

ActiveSymfony-bundle[Security](/categories/security)

anyx/login-gate-bundle
======================

Checking brute force attacks on site

4.0.2(2y ago)59339.5k↓22.9%23[6 PRs](https://github.com/anyx/LoginGateBundle/pulls)MITPHP

Since Jan 22Pushed 1y ago1 watchersCompare

[ Source](https://github.com/anyx/LoginGateBundle)[ Packagist](https://packagist.org/packages/anyx/login-gate-bundle)[ Docs](https://github.com/anyx/LoginGateBundle)[ RSS](/packages/anyx-login-gate-bundle/feed)WikiDiscussions master Synced 1mo ago

READMEChangelogDependencies (26)Versions (27)Used By (0)

LoginGateBundle
===============

[](#logingatebundle)

⚠️ Bundle is deprecated since similar functionality was introduced in Symfony framework. See
--------------------------------------------------------------------------------------------------------------------------------------------------------------------

[](#warning-bundle-is-deprecated-since-similar-functionality-was-introduced-in-symfony-framework-see-httpssymfonycomdoccurrentsecurityhtmllimiting-login-attempts)

[![Build Status](https://camo.githubusercontent.com/801c6cb2b952695deb639d7ad928d6cf5d7547e7e9ffec5709cdf98a65c66ebc/68747470733a2f2f7472617669732d63692e6f72672f616e79782f4c6f67696e4761746542756e646c652e7376673f6272616e63683d6d6173746572)](https://travis-ci.org/anyx/LoginGateBundle)[![Latest Stable Version](https://camo.githubusercontent.com/a730ae77c81f59245b4fd82798245728aaa652e9fc494b051c50b23852fe9e10/68747470733a2f2f706f7365722e707567782e6f72672f616e79782f6c6f67696e2d676174652d62756e646c652f762f737461626c65)](https://packagist.org/packages/anyx/login-gate-bundle)[![Total Downloads](https://camo.githubusercontent.com/aa5ea5a06bffad96dcafe2ae0a274f8116e31b79a8351204e6faca161b40df31/68747470733a2f2f706f7365722e707567782e6f72672f616e79782f6c6f67696e2d676174652d62756e646c652f646f776e6c6f616473)](https://packagist.org/packages/anyx/login-gate-bundle)[![License](https://camo.githubusercontent.com/f7cb57d9bb0d5467d1c97257fc674a3ed3755584355881ac3fe36aef6c1d5dfb/68747470733a2f2f706f7365722e707567782e6f72672f616e79782f6c6f67696e2d676174652d62756e646c652f6c6963656e7365)](https://packagist.org/packages/anyx/login-gate-bundle)[![Donate](https://camo.githubusercontent.com/604e3db9c8751116b3f765aad0353ec7ded655bbe8aaacbc38d8c4a6b784b3ed/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f446f6e6174652d50617950616c2d677265656e2e737667)](https://www.paypal.me/zryaneskazhev)

This bundle detects brute-force attacks on Symfony applications. It then will disable login for attackers for a certain period of time. This bundle also provides special events to execute custom handlers when a brute-force attack is detected.

Compatibility
-------------

[](#compatibility)

The bundle is since version 1.0 compatible with Symfony 5.

Installation
------------

[](#installation)

Add this bundle via Composer:

```
composer require anyx/login-gate-bundle

```

Configuration:
--------------

[](#configuration)

Add in config/packages/login\_gate.yml:

```
# config/packages/login_gate.yaml

login_gate:
    storages: ['orm'] # Attempts storages. Available storages: ['orm', 'session', 'mongodb']
    options:
        max_count_attempts: 3
        timeout: 600 #Ban period
        watch_period: 3600 #Only for databases storage. Period of actuality attempts
```

### ⚠️ Username resolver (optional).

[](#warning-username-resolver-optional)

Since Symfony does not provide a common way to retrieve passed username from `LoginFailureEvent` for every possible authentication scenario, by default this bundle is trying to retrieve username from `_username` parameter in request's form data.

It means, that if you are using different authentication scenario (`json_login`, for example), users with same ip addresses will be indistinguishable. To prevent this, you probably should create own username resolver and register it in `username_resolver` option:

```