PHPackages                             in-session/module-search-blocker - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [API Development](/categories/api)
4. /
5. in-session/module-search-blocker

ActiveMagento2-module[API Development](/categories/api)

in-session/module-search-blocker
================================

Magento 2 module to block or redirect blacklisted search terms (Frontend, REST, GraphQL).

1.0.2(6mo ago)041MITPHPPHP ^8.1 || ^8.2 || ^8.3 || ^8.4

Since Nov 2Pushed 6mo agoCompare

[ Source](https://github.com/in-session/magento2-search-blocker)[ Packagist](https://packagist.org/packages/in-session/module-search-blocker)[ Docs](https://github.com/in-session/module-search-blocker)[ RSS](/packages/in-session-module-search-blocker/feed)WikiDiscussions main Synced 1mo ago

READMEChangelog (3)Dependencies (1)Versions (3)Used By (0)

🛡️ Search blocker for Magento 2
===============================

[](#️-search-blocker-for-magento-2)

**InSession\_SearchBlocker** is a lightweight Magento 2 security and hygiene module that prevents the use of **forbidden, suspicious, or empty search terms** across the Magento storefront, REST API, and GraphQL layer.
It helps protect your store from spammy searches, SQL-like injection attempts, and unnecessary search load.

---

🚀 Features
----------

[](#-features)

- ✅ **Global enable/disable switch**
- 🔒 **Search term filtering** based on:
    - Blacklist of forbidden terms (configurable via Admin)
    - Optional regex-based SQL injection pattern detection
- 🌐 **Multi-channel protection**
    - Frontend (catalogsearch/result)
    - REST API (`/rest/V1/products`)
    - GraphQL API (`products(search: "...")`)
- 🔁 **Safe redirect** for blocked frontend searches
- 🧾 **Custom logging**
    - Logs all blocked attempts to `var/log/search_blocker.log`
    - Selectively enable logging for individual channels (Frontend, REST, GraphQL)
- 🧱 Built with **PSR-3 + Monolog**, fully compatible with Magento 2.4.8+

---

⚙️ Configuration (Admin)
------------------------

[](#️-configuration-admin)

**Path:**
`Stores → Configuration → Catalog → Search Blocker`

SettingDescription**Enable Global Search Blocker**Master switch for the entire module**Enable for Frontend Search**Blocks suspicious/blacklisted terms in the storefront search**Enable for REST API**Filters search terms in REST API requests**Enable for GraphQL**Filters search terms in GraphQL queries**Blacklisted Search Terms**Comma-separated list of forbidden keywords**Redirect Path**URL to redirect blocked users to (e.g. `/`, `/no-search`)**Enable Regex Security Filter**Activates pattern-based protection (detects SQL-like keywords)**Enable Logging**Enables file-based logging for blocked attempts**Log Channels**Choose which channels to log (Frontend, REST, GraphQL)---

🧩 Technical Overview
--------------------

[](#-technical-overview)

ComponentDescription`Plugin/PreventSearchOnController.php`Intercepts Magento’s frontend search controller`Plugin/PreventSearchOnRestApi.php`Validates REST API search criteria`Plugin/PreventSearchInGraphQl.php`Validates GraphQL `search` argument`Logger/Handler.php`Defines log file and level (`var/log/search_blocker.log`)`Logger/Logger.php`Custom Monolog logger`Model/Config.php`Central configuration logic and XML path constants`Model/Config/Source/LogChannels.php`Admin multiselect source for log channels`etc/adminhtml/system.xml`Admin configuration UI`etc/config.xml`Default configuration values---

🧠 Example Log Entry
-------------------

[](#-example-log-entry)

```
[2025-11-02 10:14:25] search_blocker.INFO: Blocked term detected in Frontend Search: "union select" {"channel":"controller"}
```

---

🧰 Installation
--------------

[](#-installation)

### Option 1: Composer (recommended)

[](#option-1-composer-recommended)

```
composer require insession/magento2-search-blocker
bin/magento module:enable InSession_SearchBlocker
bin/magento setup:upgrade
bin/magento cache:flush
```

### Option 2: Manual Installation

[](#option-2-manual-installation)

1. Copy the module to:
    `app/code/InSession/SearchBlocker`
2. Run setup commands: ```
    bin/magento module:enable InSession_SearchBlocker
    bin/magento setup:upgrade
    bin/magento cache:flush
    ```

---

🧩 Compatibility
---------------

[](#-compatibility)

- Magento **&gt;2.4.5**
- PHP **&gt;8.1**
- Fully compatible with **Hyvä Themes**

---

🧑‍💻 Developer Notes
-------------------

[](#‍-developer-notes)

- Uses **around plugins** to validate search parameters *before* Magento’s core logic executes.
- Throws localized exceptions for frontend or API-safe errors.
- Logging handled via Magento’s **Monolog/PSR-3 system** for consistent, configurable output.
- Designed for **CSP-safe environments** — no inline scripts, no JS dependencies.

---

🛡️ *"Better searches, fewer threats."*

###  Health Score

35

—

LowBetter than 79% of packages

Maintenance67

Regular maintenance activity

Popularity4

Limited adoption so far

Community7

Small or concentrated contributor base

Maturity54

Maturing project, gaining track record

 Bus Factor1

Top contributor holds 100% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~0 days

Total

2

Last Release

192d ago

PHP version history (2 changes)1.0.0PHP &gt;=7.4

1.0.2PHP ^8.1 || ^8.2 || ^8.3 || ^8.4

### Community

Maintainers

![](https://www.gravatar.com/avatar/04a78fbd6306c19c9830740239765d3befa84583935c08a71ce242cc0267fb7c?d=identicon)[in-session](/maintainers/in-session)

---

Top Contributors

[![in-session](https://avatars.githubusercontent.com/u/16542619?v=4)](https://github.com/in-session "in-session (10 commits)")

### Embed Badge

![Health badge](/badges/in-session-module-search-blocker/health.svg)

```
[![Health](https://phpackages.com/badges/in-session-module-search-blocker/health.svg)](https://phpackages.com/packages/in-session-module-search-blocker)
```

###  Alternatives

[smile/elasticsuite

Magento 2 merchandising and search engine built on ElasticSearch

8044.5M33](/packages/smile-elasticsuite)[mollie/magento2

Mollie Payment Module for Magento 2

1121.6M10](/packages/mollie-magento2)[graycore/magento2-cors

A Magento 2 module that enables CORS on the GraphQL and REST Apis

99516.1k](/packages/graycore-magento2-cors)[elgentos/module-prismicio

Magento 2 - Prismic.io integration

39112.0k3](/packages/elgentos-module-prismicio)[zepgram/module-rest

Technical module to industrialize API REST call with dependency injection pattern using Guzzle library

1326.2k](/packages/zepgram-module-rest)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)