PHPackages                             loamok/sf2security-bundle - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Security](/categories/security)
4. /
5. loamok/sf2security-bundle

AbandonedArchivedSymfony-bundle[Security](/categories/security)

loamok/sf2security-bundle
=========================

A bundle for plug symfony with fail2ban security application

3.2(8y ago)59.8k↓100%1LGPL-3.0PHP

Since May 14Pushed 8y ago4 watchersCompare

[ Source](https://github.com/loamok/Sf2securityBundle)[ Packagist](https://packagist.org/packages/loamok/sf2security-bundle)[ RSS](/packages/loamok-sf2security-bundle/feed)WikiDiscussions master Synced 1mo ago

READMEChangelogDependenciesVersions (10)Used By (0)

Loamok Symfony 2 Security Bundle
================================

[](#loamok-symfony-2-security-bundle)

Inspired from

Thank you Kalman Olah for the great article.

A bundle for plug symfony to linux fail2ban security application

Important note about revisions :
--------------------------------

[](#important-note-about-revisions-)

Revision 2 is for Symfony 2.x Revision 3 is for Symfony 3.x Revision 3 is merged in dev-master and in develop

So if you are using Symfony 2.8 you must use revision 2 of this bundle.

Important note about revisions :
--------------------------------

[](#important-note-about-revisions--1)

Migration from sf 2.8 to sf 3.3 :

In all cases :
--------------

[](#in-all-cases-)

- remove the line "csrf\_provider: form.csrf\_provider" from security.yml

If you have moved your log files to var/logs instead of app/logs you must :
---------------------------------------------------------------------------

[](#if-you-have-moved-your-log-files-to-varlogs-instead-of-applogs-you-must-)

1. upgrade to revision 3 or dev-master
2. adapt your logrotate scripts according to this documentation
3. adapt your fail2ban documentation

If you haven't moved your log files and still let them in app/logs yopu have nothing to do. Eventually upgrade this bundle to revision 2 to ensure you dont go to 3 by error.

First step rotate the logs
--------------------------

[](#first-step-rotate-the-logs)

Start by configuring log rotate on your web server.

What you need :
---------------

[](#what-you-need-)

1. Full path of your application logs
2. System webserver username
3. Root or sudo access
4. name of your application

Create an empty file in the logrotate config directory with a pattern like this :

```
$ sudo vim /etc/logrotate.d/sf2-appName

```

Write this in your new file (substitute with good values) :

```
/var/www/appName/var/logs/prod.log {
        su www-data www-data
        daily
        missingok
        rotate 14
        compress
}

```

Then (if your application has already started working and do logs) force first rotating :

```
$ sudo logrotate --force /etc/logrotate.d/sf2_appName

```

Install this bundle in your application
---------------------------------------

[](#install-this-bundle-in-your-application)

Composer.json :

```
    "require": {
        [...],
        "loamok/sf2security-bundle": "^3"

```

And run composer update.

Add it to your kernel AppKernel.php :

```
        $bundles = array(
            [...],
            \Loamok\Sf2securityBundle\Sf2securityBundle(),

```

Mod your security config file

```
# app/config/security.yml
    firewalls:
        main:
            pattern: ^/
            form_login:
                provider: fos_userbundle
                failure_handler: sf2security.authenticationfailurehandler
            logout:       true
            anonymous:    true

```

plug-in to fail2 ban :
----------------------

[](#plug-in-to-fail2-ban-)

Create a symbolic link from filter conf file to /etc/fail2ban/filter :

```
$ sudo ln -s /var/www/appName/vendor/loamok/sf2security-bundle/Loamok/Sf2securityBundle/Resources/filter/sf2security.conf /etc/fail2ban/filter/sf2security.conf

```

Add the jail definition for fail2ban (/etc/fail2ban/jail.conf) (sample is in the filter file) :

```
[sf2security]
enabled   = true
filter    = sf2security
logpath   = /var/www/appName/var/logs/prod.log
port      = http,https
bantime   = 600
banaction = iptables-multiport
maxretry  = 3

```

Restart fail2 ban service and that's it you just secure your symfony2 application against brutforce.

```
$ sudo service fail2ban restart

```

###  Health Score

35

—

LowBetter than 79% of packages

Maintenance20

Infrequent updates — may be unmaintained

Popularity27

Limited adoption so far

Community10

Small or concentrated contributor base

Maturity69

Established project with proven stability

 Bus Factor1

Top contributor holds 100% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~91 days

Recently: every ~159 days

Total

8

Last Release

3011d ago

Major Versions

1.1.3 → 3.22018-02-09

### Community

Maintainers

![](https://www.gravatar.com/avatar/f3e8ad5bed8c1a616df82edb80a8c71e4db168f9d07a8d1e8f445a40252a320e?d=identicon)[symio](/maintainers/symio)

---

Top Contributors

[![symio](https://avatars.githubusercontent.com/u/52332?v=4)](https://github.com/symio "symio (15 commits)")

---

Tags

securitySymfony2fail2ban

### Embed Badge

![Health badge](/badges/loamok-sf2security-bundle/health.svg)

```
[![Health](https://phpackages.com/badges/loamok-sf2security-bundle/health.svg)](https://phpackages.com/packages/loamok-sf2security-bundle)
```

###  Alternatives

[phpseclib/phpseclib

PHP Secure Communications Library - Pure-PHP implementations of RSA, AES, SSH2, SFTP, X.509 etc.

5.6k434.8M1.3k](/packages/phpseclib-phpseclib)[defuse/php-encryption

Secure PHP Encryption Library

3.9k162.4M212](/packages/defuse-php-encryption)[mews/purifier

Laravel 5/6/7/8/9/10 HtmlPurifier Package

2.0k16.7M112](/packages/mews-purifier)[gregwar/captcha-bundle

Captcha bundle

3524.7M31](/packages/gregwar-captcha-bundle)[robrichards/xmlseclibs

A PHP library for XML Security

41278.1M117](/packages/robrichards-xmlseclibs)[spatie/laravel-csp

Add CSP headers to the responses of a Laravel app

8519.6M19](/packages/spatie-laravel-csp)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)