Difference between #3 and #2 of More security in your applications with Yii and PHPIDS

unchanged
Title
More security in your applications with Yii and PHPIDS
unchanged
Category
How-tos
unchanged
Tags
phpids, security
changed
Content
PHPIDS is a well known project that can be found in
[php-ids.org](http://php-ids.org "php-ids.org"). 

PHPIDS is an intrusion detection system, essentially based on 
IDS rulesrules, it recognizes attacks by filtering
information sent to the 
system and returns a rating and a report of what is 
considered a potential attack. From this information the system 
can react to the attack, send e-mail alerts, generate detailed logs, 
block the user, generate black list, etc.. 

The project PHPIDS was encapsulated in the form of the application component 
Yii and can be downloaded at
[http://www.yiiframework.com/extension/phpids](http://www.yiiframework.com/extension/phpids/
"http://www.yiiframework.com/extension/phpids")/ along with its
instructions, installation and use. 

This how-to shows its installation and in more detail some uses. 

This component was tested on versions 1.1.5 and 1.1.4 with PHP 5.2. The 
current version of the component is 0.2 in the inscription of how-to. 

**1) Installation**
----------------- 

Download the latest version of the component in PHPIDS 
[http://www.yiiframework.com/extension/phpids/](http://www.yiiframework.com/extension/phpids/
"http://www.yiiframework.com/extension/phpids/) 

Unzip the file ... .webapp / protected / components / ids 

Create the directory ... / components / ids / IDS / tmp writable 

Update on ... main.php his / protected / config 
~~~ 
[php] 
... 
/ / 'Preload' => array ('log') 
'Preload' => array ('log', 'ids'), 
... 
components = array ( 
... 
        'ids' => array ( 
            'class' => 'application.components.ids.CPhpIds' 
        ) 
) 
~~~

Add the component 'ids' to the preload index of your application config. 
In components add the component 'ids' and its settings. The file 
above is the minimum for the operation of 'ids'. 

All application forms will be filtered by the PHPIDS, the 
variables $ _REQUEST, $ _GET, $ _POST and $ _COOKIE are verified by reported
attacks types 
in the IDS rules detection. If a potential attack is detected, the application
is stopped 
before processing the request, an exception is thrown with a generic message
error with no details to the attacker and a detailed log is generated. 

This log is generated by the application component Log Yii, so a 
attack can be sent by e-mail (EmailLog), or stored in a database, 
file or simply displayed in the browser with the WebLog. 


We can go further in the configuration. A simple detail is the message that is
sent to the attacker: 
~~~
[php] 
... 
'ids' => array ( 
            'Class' => 'application.components.ids.CPhpIds' 
'genericMessage' => 'Unexpected error!' 
/ / Message sent to the attacker 
        ) 
... 
~~~

The goal is that this message does not give details about the attack, nor 
inform the attacker that his attack was detected. And the treatment is given
internally by the application, sending emails, or by simply blocking the user. 

This message does not enter the log, the details of the attack are generated and
sent to the logging component. 

**2) Reacting to the attack:** 
---------------------- 

~~~
[php] 
... 
'Ids' => array ( 
            'Class' => 'application.components.ids.CPhpIds' 
'GenericMessage' => 'Unexpected error!' 
/ / Message sent to the attacker 
'Callback' => create_function (''," echo 'Error!'; 
Yii:: app () -> end (); return false; ") 
        ) 
... 
~~~

The callback parameter receives a valid callback as parameter, see 
call_user_func function in the PHP Manual. It can be a function, or a 
class and the method that should be called. In the above example we create a 
simple function that prints error and terminates the application. 

Through this configuration, the developer can handle in a better way detected
attacks, sending emails, alerts, creating a black list, removing user access,
ending the session, etc.. 
After the processing of the callback,  default exception component will ** not
** 
trigger, so ending the request is the responsibility of developer using the
function / method passed as callback. 

**3) Enabling / Disabling** 
---------------------------- 
~~~
[php] 
... 
'Ids' => array ( 
            'Class' => 'application.components.ids.CPhpIds' 
'GenericMessage' => 'Unexpected error!' 
/ / Message sent to the attacker 
'Callback' => create_function (''," echo 'Error!'; 
Yii:: app () -> end (); return false; ") 
'Enable' => ('',' create_function return $ _GET ["r"]! = 
Site / contact ";'), 
        ) 
... 
~~~


The enable parameter is used to enable or disable the execution of 
PHPIDS. 
This parameter can directly receive a boolean value, true IDS to run the check
or false not to run. It can also receive a valid callback that should return a
boolean value. With this 
IDS configuration can be activated in the requests you want, based on the rules
of valid callback passed as parameter. See call_user_func function to learn more
about valid callbacks. 


**4) Next version 0.3**
-------------------------- 

- For next release, more configuration possibilities of PHPIDS, 
Log internal as IDS, tmp folder and others. 

- Having your major change in processing the callback, which received 
as a parameter to assess the impact of the attack, so the developer 
can decide how to react based on the knowledge level of the attacker. 

**5) How to upgrade?** 
----------------------- 

Download the updated file default_rules.xml [http://php- 
ids.org /](http://php-ids.org/ "http://php-ids.org/") and replace the
version 
old in the ... / public / components / ids / IDS 


Credits and thanks the team of developers PHPIDS. 
-------------------------------------------------- --------------
Write new article