5.0 Filters
A filter is the main component of PHPFirewall. PHPFirewall makes the decision to reply back with allowed or blocked as per the filter. When you want to perform a check for a host IP address that should be allowed or not, we check the whole filters database and match it with its respective filter. Depending on the outcome the PHPFirewall replies back with either allowed or blocked.
There are 2 databases that filters use to store information and when we query for the IP address, both the databases are checked for a match.
- Main Database - This is the database which is created when an administrator adds a filter using the filter add method. An administrator has a full control of this database.
- Default Database - This database collects host ip addresses that fail checks on the main database. Like a collect all database. As per the configuration set see 4.4 Confiruation - Default Filter the default permission of the filter is assigned at the time of filter creation.
You can add filter in any sequence, but PHPFirewall will check as per the predefined logic that is set in the checkIp() method. Please look at the diagram below.
-
Check IP - When you make a call to the firewall class to check the IP address, you will do it via method checkIp(); Providing ip address is optional in case PHPFirewall and the resource is on the same server and on the same autoloader, means both the calling class and PHPFirewall class are on the same application. This step also validates the IP address.
-
Check firewall status - If firewall is disabled, we allow the IP. Logic here dictates that checking of firewall status should be the first step. But, as the primary function of firewall is to check the IP and on the basis of that allow/disallow connection, we are querying the method with the intent of checking IP against filters.
-
Check IP address in indexes - We check if the ip address has a matching filter in the index. If index is found, index has an entry of the corresponding filter in the database. We then make 1 DB call to grab the filter and act on it.
-
Check filter address type : Host - If client ip address is not indexed, we look for its entry in the main filter database for any host entries. If found and matched, we act on it. If auto indexing is enabled, we index it.
-
Check filter address type : Network - If client ip address is not found in the filters, we look for any filters that have address type network and see if the client ip address is part of those network filters. If a match is found, we act on it, else we move to the next step.
-
Check filter address type : Ip2location - If you have configured ip2location API or BIN file lookup and have added a filter, the ip address will be checked against those filters, if the address is part of that filter, we will act on it, else we move to the next step.
- Check default filter - If all of the above filters fail from the main database, we check for the client IP in the default filters database. If the filter is not found, we create a new entry and depending on the configuration we assign filter type to the entry (allow/block) and index the entry if auto indexing is enabled.