Harden request headers, login interface and passwords to increase backend security.

Related tags

Miscellaneous JvMTECH.NeosHardening
Overview

JvMTECH.NeosHardening Package for Neos CMS

Latest Stable Version License

Harden request headers, login interface and passwords to increase backend security.

Installation

composer require jvmtech/neos-hardening

Active by default

  • Remove Neos version info from request headers *
  • Set min password strength requirements

Optional features

  • Change the default login url "/neos" to something like "/neos-random-suffix" *: 
    JvMTECH:
  NeosHardening:
    loginUri: 'neos-random-suffix'
  • Limit login interface access to specified ip addresses: 
    JvMTECH:
  NeosHardening:
  allowedIPs:
    IPv4:
      - '172.20.30.40'
      - '172.20.0.0/24'
    IPv6:
      - '2001:0db8:85a3:0000:0000:8a2e:0370:7334'
  • Define password strength requirements, defaults: 
    JvMTECH:
  NeosHardening:
    checkPasswordStrengthOnAddUser: true
    checkPasswordStrengthOnSetUserPassword: true
    passwordRequirements:
      minLength: 8
      upperAndLowerCase: true
      numbers: true
      specialChars: false

*) Why hiding stuff?

Hiding the Neos version in the request headers and moving the login to an new url is nothing else than "security by obsurity".

Yes. But it's another layer to make it a little bit harder to get into your system. Therefore, it's a low-hanging fruit we should take.

by jvmtech.ch

You might also like...
SEOstats is a powerful open source PHP library to request a bunch of SEO relevant metrics.

SEOstats: SEO metrics library for PHP SEOstats is the open source PHP library to get SEO-relevant website metrics. SEOstats is used to gather metrics

Stephan Schmitz 1.4k Dec 28, 2022
Laravel style FormRequests for Symfony; inspired by adamsafr/form-request-bundle

Somnambulist Form Request Bundle An implementation of form requests from Laravel for Symfony based on the original work by Adam Sapraliev. Requirement

Somnambulist Tech 1 Dec 14, 2021
This document provides the details related to Remittance API. This APIs is used to initiate payment request from Mobile client/others exchange house.

City Bank Remittance API This is where your description should go. Limit it to a paragraph or two. Consider adding a small example. Installation You c

MD ARIFUL HAQUE 2 Oct 2, 2022
[READ-ONLY] CakePHP Utility classes such as Inflector, Text, Hash, Security and Xml. This repo is a split of the main code that can be found in https://github.com/cakephp/cakephp

CakePHP Utility Classes This library provides a range of utility classes that are used throughout the CakePHP framework What's in the toolbox? Hash A

CakePHP 112 Feb 15, 2022
A htaccess boilerplate for all Magento Community installations. Features focus on speed, SEO and security.

magento-htaccess A htaccess boilerplate for all Magento Community installations. Features focus on speed, SEO and security. The file should be placed

Creare 114 Sep 18, 2022
This package is considered feature-complete, and is now in security-only maintenance mode

laminas-soap This package is considered feature-complete, and is now in security-only maintenance mode, following a decision by the Technical Steering

Laminas Project 46 Dec 18, 2022
Here are few exercises to practice how to implement API Security with NGINX App-Protect WAF.

api-security-lab This repo contains files for customers and partners to practice an API Security with NGINX App-Protect WAF. To demonstrate the capabi

null 4 Mar 30, 2022
A PHP dependency vulnerabilities scanner based on the Security Advisories Database.

Enlightn Security Checker The Enlightn Security Checker is a command line tool that checks if your application uses dependencies with known security v

Enlightn 242 Dec 26, 2022
Your performance & security consultant, an artisan command away.
Your performance & security consultant, an artisan command away.

Enlightn A Laravel Tool To Boost Your App's Performance & Security Introduction Think of Enlightn as your performance and security consultant. Enlight

Enlightn 726 Jan 1, 2023
Comments
  • FEATURE: Add option to check for consecutive numbers and letters in password

    FEATURE: Add option to check for consecutive numbers and letters in password

    This feature will add further password checks and will allow developers to require passwords to have no more than x consecutive numbers or letters in the new password.

    opened by Benjamin-K 1
  • Required password length is not taken from settings

    Required password length is not taken from settings

    Hey, nice package. I've already searched for a package to set the password strength for a while (see also neos/flow-development-collection#2662).

    One little thing i found when checking the code: The required password length is currently hardcoded (See /Classes/Service/UserServiceAspect.php#L57). This should be changed to reflect the option defined in Settings.yaml.

    opened by Benjamin-K 1
  • Throw error in Backend

    Throw error in Backend

    When creating a User in Neos Backend it throws an Error 500 if the Password-Criteria is unmet. It would be way nicer to show this as an error in Neos-Backend instead 🤔 The password is too easy. Required is: MinLength >= 8, Numbers

    Neos 7.3

    opened by paavo 2
Releases(1.0.3)
Owner
Jung von Matt TECH
Create Tech-Driven Momentum. We stand for technology-driven brand experiences and business solutions.
Jung von Matt TECH
GitHub
Increase "Death by 1000 needles" attack up to 100x times

Підсили свою атаку у 100 разів разом із db1000nX100 db1000nX100 це Linux контейнер для популярної програми db1000n, щo дозволяє значно підняти ефектив

null 62 Dec 31, 2022
Exploiting and fixing security vulnerabilities of an old version of E-Class. Project implemented as part of the class YS13 Cyber-Security.

Open eClass 2.3 Development of XSS, CSRF, SQLi, RFI attacks/defences of an older,vulnerable version of eclass. Project implemented as part of the clas

Aristi_Papastavrou 11 Apr 23, 2022
A Magento 2 module that enables configurable CORS Headers on the GraphQL and REST APIs

Magento 2 CORS Magento Version Support Ever try to work with the Magento GraphQL API or REST API from your browser and see the following? Access to XM

Graycore, LLC 62 Dec 8, 2022
SAPI request and response objects for PHP 8.1

Sapien This package provides server API (SAPI) request and response objects for PHP 8.1: Sapien\Request, composed of readonly copies of PHP supergloba

null 37 Jan 3, 2023
Simple loader to send request and read response from address.

Simple loader to send request and read response from address. Uses cURL extension. Composer package.

null 2 May 17, 2022
FilterGuard is a simple PHP library for sanitizing data. It provides methods to sanitize strings, integers, floats, booleans, arrays, and objects. The library helps protect against common security vulnerabilities such as XSS and SQL injection.

FilterGuard FilterGuard is a simple PHP library for data sanitization. It provides methods to sanitize strings, integers, floats, boolean values, arra

Dobren Dragojević 6 Jun 11, 2023
Execute time consuming tasks as late as possible in a request

Procrastinator for PHP: do stuff later A few classes to help you executing complicated tasks (like sending mails) later. Example using fastcgi_finish_

Lars Strojny 62 Apr 29, 2021
Simple game server with php without socket programming. Uses the Api request post(json).

QMA server Simple game server with php without socket programming. Uses the Api request post(json). What does this code do? Register the user as a gue

reza malekpour 3 Sep 4, 2021
Add the W3C payment request on Magento 2

Payment Request API for Magento 2 About This Magento Extension will allow you to use the W3C's payment request api for checkout in Magento 2. The Paym

Imagination Media - Ecommerce Solutions 11 Nov 12, 2021
Echo your public IP address with a very simple cURL request

Echo your public IP address with a very simple cURL request

Lucas Burlingham 13 Apr 10, 2022