Today, we are proud to introduce Vapor's managed firewalls for basic protection against denial-of-service attacks targeting your environment, as well as protection against pervasive bot traffic that can consume your environment's resources.
You may start using Vapor's managed firewall by defining the firewall
configuration option within your application's vapor.yml
file:
rate-limit
When using the rate-limit
option, Vapor's managed firewall tracks the rate of requests for each originating IP address and blocks IPs with request rates over the given rate-limit
value. In the example above, if the request count for an IP address exceeds 1,000 requests in any 5-minute time span then the firewall will temporarily block requests from that IP address with the 403 Forbidden
HTTP status code.
bot-control
When using the bot-control option, Vapor's managed firewall blocks requests from pervasive bots, such as scrapers or search engines. Over a dozen categories are available for use, and their usage will depend on the type of application you have.
Be sure to check out Vapor's managed firewall documentation before you begin using this feature. Behind the scenes, Vapor's managed firewall uses Amazon WAF - feel free to check out the WAF documentation for more information about the WAF service and its pricing.
We hope you enjoy this new addition to Laravel Vapor. At Laravel, we're committed to providing you with the most robust and developer-friendly PHP experience in the world. If you haven't checked out Vapor, now is a great time to start! You can create your account today at: vapor.laravel.com.