Skip to content

Xss

Goal

Prevent xss injection

Enabled

Enable or disable this wire

Methods

The methods specifies which methods should be inspected

Options:

  • 'post'
  • 'put'
  • 'patch'
  • 'get'
  • 'all' or '*'

The 'all' or '*' is a alias to inspect all methods

php
    ->methods(['post', 'put']) // only post and put method
php
    ->methods(['*']) // all methods

Attack score

This is this wire severity, the higher the number the more severe. All attackScores will be summarized and if it exceeds the PunishScore the block will be activated. Set this to a number that reflects the severity.

  • A very high number will immediately block the user/ip
  • A low number will only block if there are many requests

TIP

sqli and xss are very common attack vectors with high confidence detection. You should set those to a very high number

Tripwires

Specify the list of regex that should be forbidden There are a few helper functions for you to build the regex, how to build these regex

TIP

The regex'es can become pretty complex here to catch many of the payloads. Use the regex helpers to keep your config clean and readable

Example

php
WireDetailsConfig::make()
    ->enabled(true)
    ->methods(['*'])
    ->attackScore(500)
    ->tripwires(
        Regex::injectFillers([
            "!((java|live|vb)script|mocha|feed|data)(:|:)(\w)*!iUu",
        ])
    );
    
    //... optional overrides

optional global overriders

Released under the MIT License.