AccessControl

Introduction

The AccessControl class in JiFramework provides a robust mechanism for controlling access to your application based on IP addresses, countries, and VPN/proxy usage. By default, these features are disabled, but once enabled through configuration, the class will automatically enforce access restrictions throughout your application without additional code changes.

This class is essential for enhancing the security of your application by:

  • Blocking specific IP addresses known for malicious activities.
  • Restricting access from certain countries due to legal, regulatory, or security concerns.
  • Detecting and blocking VPNs or proxies to prevent users from hiding their true location or identity.

Note: If you enable country blocking, it is mandatory to provide an API key for ProxyCheck.io, as the class relies on this service to retrieve IP geolocation and proxy information.

Why Use AccessControl:

Implementing the AccessControl class in your application provides several benefits:

  • Enhanced Security: Protects your application from malicious IPs and unwanted access.
  • Compliance: Helps comply with legal or regulatory requirements by restricting access from certain regions.
  • Automated Enforcement: Once configured, the class automatically enforces access restrictions without additional code.
  • Flexibility: Easily enable or disable features and update block lists as needed.

Configuration

Before using the AccessControl class, you need to configure various settings in your Config class to enable and customize the access control features.

Configuration Options:

namespace JIFramework\Config;

class Config {
    // Enable or disable IP blocking
    const IP_BLOCKING_ENABLED = true;

    // Path to the IP block list file (JSON format)
    const IP_BLOCK_LIST_PATH = __DIR__ . '/../Security/ip_block_list.json';

    // Enable or disable country blocking
    const COUNTRY_BLOCKING_ENABLED = true;

    // Path to the country block list file (JSON format)
    const COUNTRY_BLOCK_LIST_PATH = __DIR__ . '/../Security/country_block_list.json';

    // Allow or disallow access via VPN or proxy
    const ALLOW_VPN_PROXY = false;

    // ProxyCheck API key for IP information lookup
    const PROXYCHECK_API_KEY = 'your_proxycheck_api_key';

    // ProxyCheck API URL template
    const PROXYCHECK_API_URL = 'https://proxycheck.io/v2/{ip}';
}

Explanation:

  • IP_BLOCKING_ENABLED (bool): Enables or disables IP address blocking.
    • Default: false (blocking is disabled by default).
    • When enabled, the AccessControl class will automatically check if the user's IP is in the block list.
  • IP_BLOCK_LIST_PATH (string): The file path to the JSON file containing blocked IP addresses.
  • COUNTRY_BLOCKING_ENABLED (bool): Enables or disables country-based blocking.
    • Default: false (blocking is disabled by default).
    • When enabled, the AccessControl class will automatically check if the user's country is in the block list.
  • COUNTRY_BLOCK_LIST_PATH (string): The file path to the JSON file containing blocked country codes.
  • ALLOW_VPN_PROXY (bool): Determines whether to allow access from VPNs or proxies.
    • Default: true (VPN/proxy access is allowed by default).
    • When set to false, users accessing via VPN or proxy will be blocked.
  • PROXYCHECK_API_KEY (string): Your API key for the ProxyCheck service.
    • Mandatory if COUNTRY_BLOCKING_ENABLED is true.
    • Obtain an API key from ProxyCheck.io.
  • PROXYCHECK_API_URL (string): The URL template for the ProxyCheck API (includes {ip} placeholder).

Usage Examples

Enabling IP Blocking

Configuration:

const IP_BLOCKING_ENABLED = true;
const IP_BLOCK_LIST_PATH = __DIR__ . '/../Security/ip_block_list.json';

IP Block List (ip_block_list.json):

["192.168.1.100", "203.0.113.42"]

Explanation:

  • IP blocking is enabled via configuration.
  • The AccessControl class automatically checks if the user's IP is in the block list.
  • If blocked, access is denied without additional code.
Enabling Country Blocking with VPN/Proxy Detection

Configuration:

const COUNTRY_BLOCKING_ENABLED = true;
const COUNTRY_BLOCK_LIST_PATH = __DIR__ . '/../Security/country_block_list.json';
const ALLOW_VPN_PROXY = false;
const PROXYCHECK_API_KEY = 'your_proxycheck_api_key';

Country Block List (country_block_list.json):

["US", "CN", "RU"]

Explanation:

  • Country blocking is enabled, and access via VPN/proxy is disallowed.
  • The AccessControl class automatically checks the user's country and VPN/proxy status using the ProxyCheck API.
  • Mandatory to provide a valid PROXYCHECK_API_KEY when country blocking is enabled.
  • Users from blocked countries or accessing via VPN/proxy will be denied access.
     
Additional Information

Caching IP Information

  • IP information is cached using the CacheManager to reduce API calls and improve performance.
  • The cache duration is set to 12 hours (12 * 60 * 60 seconds).
  • Cache key is generated using the MD5 hash of the IP address to ensure uniqueness.

Topics