Securing php based web applications with phpips
Currently I'm working on an Intrusion Prevention System, project name is phpips.
The system itself is based on the Intrusion Detection System PHPIDS
The main goal is to program a framework like ips system, which interacts with the ids.
Currently interacting with the ids is working fine and I'm implementing the framework around the system.
If you wanna check out the current version, its online under: http://ra23.net/phpips/online_version_ra23_alpha01/example.php. Take a look and play a bit around with it.
But don't hurt my machine ;)
At a later stage a programmer would be able to implement modules for the ips, and configure the system with a few configuration files or even from a database.
There is no Documentation for the code yet and how you can implement modules (which is working already, but I'm not fully satisfied yet.)
To give you a short preview how you can install and setup the example in your enviroment, I'll show some Details now.
As I already said, the System is based on phpids. If you already have a running phpids, you can use it, if not there will be an actual version included in the first code release.
So you need to configure the ids first. Currently I'm not using special functions in my setup. I just editied the main configuration (phpids-0.6.4/lib/IDS/Config/Config.ini.php)
Just use the absolute path to the location where your phpids is located.
base_path = /var/www/path/to/webroot/php-ips/phpids-0.6.4/lib/IDS/
You can find the documantation for phpids here. Search for "How to install the PHPIDS"
The project is currently hosted on sourceforge.net
To Download the first alpha release follow this link
Well, if you downloaded my code, you have to configure it too.
There are three things which have to be done, pretending you wanna get the example.php up and running.
1. Configure phpips/etc/System.ini:
You need to setup the Basepath:
BasePath="/var/www/path/to/webroot/php-ips/"
2. Edit example.php
You need to define a path here too, now third time. All good things are three you know ;)
define("PATH_TO_ROOT", "/var/www/path/to/webroot/php-ips/" );
I promise, it was the last time setting a path.
3. Edit System.ini to fit your needs.
You find the Documentation inline. For the first running test, you don't need to modify anything inside.
On my example page, the Debugger is enabled. So if you wanna see what the system actually does in the Background get the following Fiefox addons:
I write another post in a couple of days, explaining how to create you own modules, configuring the system and so on....
This need further testing right now and is not satisfying me right now.
If you found a bug or have trouble with setting the system up, just use the comment system.
I advice you, the system is under heavy development. Things can change rapidly, so try it, have fun with it, but things can change very fast. Never ever use the alpha version in a production enviroment.
Never. Ever. Please!
I did a further post, how to build your own modules. You find it here