PHPackages one4vision/t3lockdown - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Security](/categories/security) 4. / 5. one4vision/t3lockdown ActiveTypo3-cms-extension[Security](/categories/security) one4vision/t3lockdown ===================== Protects TYPO3 against SQL injection, XSS, malicious headers, abusive requests, and repeated attacks with logging, alerts, rate limiting, temporary IP blocking, and backend analysis tools. 5.0.0(2w ago)01GPL-2.0-or-laterPHPPHP >=8.2 Since May 21Pushed 2w agoCompare [ Source](https://github.com/one4vision/t3lockdown)[ Packagist](https://packagist.org/packages/one4vision/t3lockdown)[ RSS](/packages/one4vision-t3lockdown/feed)WikiDiscussions main Synced 1w ago READMEChangelog (1)Dependencies (1)Versions (2)Used By (0) TYPO3 extension `t3lockdown` ============================ [](#typo3-extension-t3lockdown) [![Total downloads](https://camo.githubusercontent.com/cbc7c2ad76065107975a6229dc92f5c78f5bfe475554454cee964bd476b8539b/68747470733a2f2f7479706f332d6261646765732e6465762f62616467652f74336c6f636b646f776e2f646f776e6c6f6164732f736869656c64732e737667)](https://camo.githubusercontent.com/cbc7c2ad76065107975a6229dc92f5c78f5bfe475554454cee964bd476b8539b/68747470733a2f2f7479706f332d6261646765732e6465762f62616467652f74336c6f636b646f776e2f646f776e6c6f6164732f736869656c64732e737667)[![TYPO3 extension](https://camo.githubusercontent.com/f1cfa148cca4d8c0ca8abccf9ddf3dd052480e0830b1d1010c03560042fa9bd2/68747470733a2f2f7479706f332d6261646765732e6465762f62616467652f74336c6f636b646f776e2f657874656e73696f6e2f736869656c64732e737667)](https://camo.githubusercontent.com/f1cfa148cca4d8c0ca8abccf9ddf3dd052480e0830b1d1010c03560042fa9bd2/68747470733a2f2f7479706f332d6261646765732e6465762f62616467652f74336c6f636b646f776e2f657874656e73696f6e2f736869656c64732e737667)[![Stability](https://camo.githubusercontent.com/2f5f00e2a79a04b42404145f8b65e3636755d2f28c3d11edcf75575445b8e84b/68747470733a2f2f7479706f332d6261646765732e6465762f62616467652f74336c6f636b646f776e2f73746162696c6974792f736869656c64732e737667)](https://camo.githubusercontent.com/2f5f00e2a79a04b42404145f8b65e3636755d2f28c3d11edcf75575445b8e84b/68747470733a2f2f7479706f332d6261646765732e6465762f62616467652f74336c6f636b646f776e2f73746162696c6974792f736869656c64732e737667)[![TYPO3 versions](https://camo.githubusercontent.com/430bbe8bc789828b3bdf3771f2a869c2da127e44eeed65576b6278559c1b6a6b/68747470733a2f2f7479706f332d6261646765732e6465762f62616467652f74336c6f636b646f776e2f7479706f332f736869656c64732e737667)](https://camo.githubusercontent.com/430bbe8bc789828b3bdf3771f2a869c2da127e44eeed65576b6278559c1b6a6b/68747470733a2f2f7479706f332d6261646765732e6465762f62616467652f74336c6f636b646f776e2f7479706f332f736869656c64732e737667)[![Latest version](https://camo.githubusercontent.com/b19a5b5fc9767e840b2a8d0cb7bdf1b2f7050773a27a968316e3aa3cbc5da168/68747470733a2f2f7479706f332d6261646765732e6465762f62616467652f74336c6f636b646f776e2f76657273696f6e2f736869656c64732e737667)](https://camo.githubusercontent.com/b19a5b5fc9767e840b2a8d0cb7bdf1b2f7050773a27a968316e3aa3cbc5da168/68747470733a2f2f7479706f332d6261646765732e6465762f62616467652f74336c6f636b646f776e2f76657273696f6e2f736869656c64732e737667) T3LockDown protects TYPO3 installations against suspicious requests such as SQL injection, cross-site scripting, and malicious header payloads by inspecting incoming requests before they reach application logic. The extension can log attacks to the database, send alert emails, rate-limit abusive traffic, and temporarily block IP addresses after repeated attack attempts. Purpose ------- [](#purpose) The extension is intended for administrators who want an additional request-level protection layer in TYPO3. It focuses on practical mitigation: detect suspicious payloads, record what happened, alert administrators, and optionally enforce temporary IP blocking when a threshold is reached. Installation ------------ [](#installation) Install the extension with Composer in the TYPO3 project and activate it in the TYPO3 backend. TYPO3 extension configuration is managed through `ext_conf_template.txt`, and the saved values are stored in TYPO3 system settings for runtime use. ``` composer require one4vision/t3lockdown ``` After installation, open the TYPO3 backend and configure the extension in **Admin Tools > Settings > Extension Configuration**. Configuration areas ------------------- [](#configuration-areas) The extension configuration is grouped into several administrator-friendly sections in `ext_conf_template.txt`. AreaPurposeDetectionEnables SQL injection, XSS, header, and cookie inspection.BlockingControls whether repeated attacks should lead to temporary IP blocking and defines thresholds.NotificationsDefines whether alert emails are sent and which sender/recipient addresses are used.Rate limitingLimits repeated requests inside a configurable time window.Header inspectionDefines allowed header exceptions and headers that should be skipped during inspection.ListsMaintains blacklists, whitelists, and URL whitelists.Key settings ------------ [](#key-settings) ### Detection [](#detection) - `checkSqlInjAttacks`: Enables SQL injection pattern detection. - `checkXss`: Enables XSS payload detection. - `checkHeaders`: Enables inspection of HTTP headers. - `checkCookieVars`: Includes cookie values in payload inspection. - `logAttacksInDB`: Stores attack attempts in the database for later review. ### Blocking [](#blocking) - `blockRequests`: Enables temporary IP blocking after repeated attack attempts. - `maxCountAttemptsForBlock`: Number of detected attacks before an IP is blocked. - `attemptIntervalInSeconds`: Time window used to count attempts. - `blockDelayInSeconds`: Duration of the temporary block. ### Notifications [](#notifications) - `sendMailEveryRequest`: Sends an alert for every detected attack. - `sendBlockMail`: Sends an additional alert when an IP is blocked. - `mailFrom`: Preferred sender address for alerts. - `mailFromName`: Preferred sender name for alerts. - `blockMailTo`: Comma-separated recipient list. If `mailFrom` is empty, the extension should fall back to TYPO3's global `MAIL.defaultMailFromAddress`. If `mailFromName` is empty, it should fall back to `MAIL.defaultMailFromName`, and finally to `T3LockDown` as a last-resort display name. ### Rate limiting [](#rate-limiting) - `rateLimitingEnabled`: Enables request throttling. - `rateLimitMaxRequests`: Maximum number of requests allowed in the configured window. - `rateLimitSecondsWindow`: Length of the rate-limit window in seconds. ### Header inspection [](#header-inspection) - `allowedHeaderExceptions`: Comma-separated list of allowed substrings that should not trigger header alerts. - `ignoreHeaderStringParsing`: Comma-separated list of header names that should be skipped entirely. ### Lists [](#lists) - `blackList`: Always blocked IPs, supports wildcard matching when implemented by the extension. - `whiteList`: Always allowed IPs. - `urlWhiteList`: Allowed request paths that bypass lockdown checks. Email behavior -------------- [](#email-behavior) The extension uses TYPO3's Mail API for sending alert emails. A practical fallback strategy for sender data is: 1. Use the sender address and name defined in T3LockDown. 2. Fall back to TYPO3 global mail defaults. 3. Use `T3LockDown` as final sender name if no global name is defined. Administrators should ensure that TYPO3 global mail transport is configured correctly; otherwise alert delivery may fail even when the extension configuration is valid. Logging and response behavior ----------------------------- [](#logging-and-response-behavior) When a request is identified as malicious, the extension can log details such as request method, URL, IP address, matched rules, and additional request context into the database. A blocked request should return a visible HTTP 403 response with a human-readable message instead of an empty response body, which improves both user feedback and operational debugging. TYPO3 backend module -------------------- [](#typo3-backend-module) The extension also provides a TYPO3 backend module for administrators to review logged attacks centrally. This module can be used to inspect recorded attack entries, review request details, identify attack types such as SQL injection, XSS, and header attacks, and monitor activity over time through aggregated backend views. The backend module is especially useful for operational monitoring because it complements email alerts with a persistent analysis interface inside TYPO3. It gives administrators direct access to logged request data such as timestamps, methods, IP addresses, request URIs, user agents, and attack classifications without requiring direct database access. Recommended defaults -------------------- [](#recommended-defaults) The following baseline is suitable for most productive installations. SettingRecommended value`checkSqlInjAttacks``1``checkXss``1``checkHeaders``1``logAttacksInDB``1``blockRequests``1``sendMailEveryRequest``1``sendBlockMail``1``rateLimitingEnabled``1``ignoreHeaderStringParsing`empty`allowedHeaderExceptions``force-revalidate` only if this is known to prevent real false positivesConfiguration example --------------------- [](#configuration-example) An example extension configuration could look like this: ``` $GLOBALS['TYPO3_CONF_VARS']['EXTENSIONS']['t3lockdown'] = [ 'checkSqlInjAttacks' => '1', 'checkHeaders' => '1', 'checkXss' => '1', 'logAttacksInDB' => '1', 'blockRequests' => '1', 'maxCountAttemptsForBlock' => '3', 'attemptIntervalInSeconds' => '300', 'blockDelayInSeconds' => '900', 'sendBlockMail' => '1', 'sendMailEveryRequest' => '1', 'mailFrom' => 'security@example.org', 'mailFromName' => 'T3LockDown', 'blockMailTo' => 'admin@example.org', 'rateLimitingEnabled' => '1', 'rateLimitMaxRequests' => '30', 'rateLimitSecondsWindow' => '60', 'allowedHeaderExceptions' => 'force-revalidate', 'ignoreHeaderStringParsing' => '', 'urlWhiteList' => '/tiles', ]; ``` ### Health Score 39 — LowBetter than 84% of packages Maintenance96 Actively maintained with recent releases Popularity2 Limited adoption so far Community2 Small or concentrated contributor base Maturity46 Maturing project, gaining track record How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Unknown Total 1 Last Release 19d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/c9c5969e9ef539cc81e34ffa6955412960b231f4365d41a91189da530b0c3f3b?d=identicon)[one4vision](/maintainers/one4vision) --- Tags securityxsstypo3SQL Injectionfirewallrate limitingtypo3-extension ### Embed Badge ![Health badge](/badges/one4vision-t3lockdown/health.svg) ``` [![Health](https://phpackages.com/badges/one4vision-t3lockdown/health.svg)](https://phpackages.com/packages/one4vision-t3lockdown) ``` ### Alternatives [akaunting/laravel-firewall Web Application Firewall (WAF) package for Laravel 1.0k494.9k2](/packages/akaunting-laravel-firewall)[spooner-web/be_secure_pw You can set password conventions to force secure passwords for BE users. 10464.5k](/packages/spooner-web-be-secure-pw)[causal/fal-protect Protect everything within /fileadmin/ based on associated folder and file restrictions (visibility, user groups and dates of publication). 1274.6k](/packages/causal-fal-protect)[georgringer/noopener Add rel="noopener noreferrer" to all external links 1535.1k](/packages/georgringer-noopener) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)