search

antonioribeiro / firewall

Firewall package for Laravel applications
BSD 3-Clause "New" or "Revised" License
1.39k stars 162 forks source link

BlockAttacks generate an error if in "notify only" mode #144

Closed rydje closed 4 years ago

rydje commented 5 years ago

Hello,

I'm using the BlockAttack for a notification only purpose. To prevent the middleware from returning an error I set the config attack_blocker.response.code => 200.

When an inconming request is considered as an attack I get notified as expected but I also get an Exception from the Laravel StartSession Middleware:

Argument 1 passed to Illuminate\Session\Middleware\StartSession::addCookieToResponse() must be an instance of Symfony\Component\HttpFoundation\Response, null given, called in /home/ryan/project/eurecab/vendor/laravel/framework/src/Illuminate/Session/Middleware/StartSession.php on line 60

The problem comes from the Support\Responder class when in the case of the attack_blocker.response.code = 200, the Responder will return a null response to the BlockAttack middleware which is called from the StartSession middleware.

    /**
     * Properly respond.
     *
     * @var \Illuminate\Support\Collection
     *
     * @return mixed
     */
    public function respond($response, $data = [])
    {
        if ($response['code'] === 200) {
            return;  <= null returned
        }

        [...]

    }
antonioribeiro commented 4 years ago

Should be fixed in the next version.