API Reference Phx2Ban v0.2.2

This module defines the supervision tree that contains all of the Phx2Ban components. By adding this to your application's own supervision tree prior to your Phoenix endpoint module, you will be able to start analyzing inbound traffic for malicious requests. You can either configure Phx2Ban by passing your configuration options to the supervisor, or you can define the configuration options in your config.exs file. If you have options defined in both places, the options passed to the supervisor take precedence. You can see all of the supported options by looking at the Phx2Ban.FirewallConfig moduledocs.

This module is responsible for analyzing inbound traffic to your application. It is meant to run under a PartitionSupervisor so that the workload is spread out across many processes so that traffic analysis does not fall behind incoming traffic. If malicious requests are detected, then those requests are passed on to the Phx2Ban.Blocklist GenServer so that the malicious request can be default with accordingly.

This GenServer is responsible for adding a removing IP address to the block list. The block list is stored within an ETS table which this process also owns.

This module exposes a struct that contains a subset of the data contained within the Plug.Conn struct. This struct is passed to the Phx2Ban.Rule.valid_request?/1 callback so that you can analyze the incoming traffic.

This module controls all of the settings that are applicable to Phx2Ban. The configuration settings can either be set in your application config like so

This Plug module is used to block requests from IP addresses that have been marked as malicious as well as pass off inbound requests for out of band (asynchronous) analysis. You can add this to your endpoint.ex module to ensure malicious actors are blocked

This module defines the behaviour for a filter rule. Once a module implements the behaviour it can safetly be plugged into the Phx2Ban firewall engine. All the prebuilt firewall rules implement this behaviour but of course you can write your own using the same behaviour.

This module provides rules to check for common Drupal files that attacked may be fuzzing for.

This module provides a rule to check the IP against a list of known malicious IPs that we fetch from EzSuite periodically.

This module provides rules to check for common Linux files that attacked may be fuzzing for.

This module provides rules to check for common PHP files that attacked may be fuzzing for.

This module provides rules to check for common Python files that attacked may be fuzzing for.

This module provides rules to check for common Windows files that attacked may be fuzzing for.

This module provides rules to check for common Wordpress files that attacked may be fuzzing for.

This module contains helper functions so that you can interact with the telemetry events that this library emits. All of the *_event() functions define the signatures for the telemetry events and hooking into the telemetry events should be done via these functions as opposed to using the underlying event signature in case the signature changes in the future. For example, if you want to hook into the event the is emitted when a malicious IP address is unblocked, you could do the following