Enterprise Middleware
Subashi Pro WAF Middleware
Introduction
Note: This middleware is only available with Kipchak Enterprise.
The Subashi Pro middleware is a Web Application Firewall (WAF) for Kipchak APIs. It builds on the existing Subashi WAF and evaluates requests against whitelist, blacklist, and rate-limit rules to help block common attack patterns and abusive traffic.
In addition to this, it adds Geo and ASN based IP intelligence, allowing you to block traffic by countries or ASN ranges.
Key features include:
- Rule-Based Filtering: Combine multiple conditions per rule using a simple operator system.
- Rate Limiting: Apply per-IP or custom key limits with a pluggable cache backend.
- IP Intelligence: Geo-country and ASN matching powered by the 7x geolocation API.
Installation
To install this middleware, you need to access the Enterprise Composer repository at https://php.pkgs.1x.ax.
If you have an enterprise license, please contact your account representative for access.
Once you have access (see https://getcomposer.org/doc/articles/authentication-for-private-packages.md on how to configure access once you have credentials), install the middleware via composer by running:
composer require kipchak/middleware-subashi-pro
Configuration
The middleware reads its configuration from kipchak.subashi.pro (for example in a subashi.pro.php config file).
Global Settings
enabled(bool): Master switch for the WAF.blocked_response_code(int): Default HTTP status code for blocked requests.blocked_response_message(string): Default response message for blocked requests.
Rate Limiting
rate_limiting.enabled(bool): Enable or disable rate limiting.rate_limiting.default_limit(int): Default request limit.rate_limiting.default_window(int): Default window length in seconds.rate_limiting.store(string):memcachedorfile.rate_limiting.memcached_pool(string): Pool name when using Memcached.
Geolocation (7x API)
geolocation.enabled(bool): Enable geolocation lookups.geolocation.api_key(string): 7x API key for geolocation.geolocation.base_url(string): Base URL for the 7x API.geolocation.timeout_seconds(int): HTTP timeout for geo lookups.geolocation.cache_ttl(int): Cache TTL in seconds for IP lookup results.
Rules
Rules are declared under whitelist, blacklist, and rate_limit_rules. Each rule has a name and a list of conditions. All conditions must match for the rule to apply.
Condition Types
header- HTTP header valuequery_param- URL query parameterip- Client IP addressgeo_country- ISO 3166-1 alpha-2 country code (from IP geolocation)asn- Autonomous System Number (from IP geolocation)method- HTTP methodpath- URL pathbody- JSON body field
Operators
equalsnot_equalscontainsnot_containsregexin_listnot_in_listexistsnot_existsgtltgtelte
Usage
Once enabled, the middleware evaluates requests in this order:
- Whitelist: Matching rules bypass all other checks.
- Blacklist: Matching rules block the request (with optional custom response).
- Rate limiting: Matching rules enforce request limits.
Example Blacklist Rule
[
'name' => 'Block SQL injection attempts',
'conditions' => [
[
'type' => 'path',
'operator' => 'regex',
'value' => '/(union.*select|select.*from|drop.*table)/i',
],
],
'action' => 'block',
'response_code' => 403,
'response_message' => 'SQL injection attempt detected',
]
Example Geo Country Rule
[
'name' => 'Block specific countries',
'conditions' => [
[
'type' => 'geo_country',
'operator' => 'in_list',
'values' => ['RU', 'CN'],
],
],
'action' => 'block',
]
Example ASN Rule
[
'name' => 'Block known ASN ranges',
'conditions' => [
[
'type' => 'asn',
'operator' => 'in_list',
'values' => ['13335', '15169'],
],
],
'action' => 'block',
]
Example Rate Limit Rule
[
'name' => 'Per IP rate limit',
'conditions' => [],
'rate_limit' => [
'limit' => 100,
'window' => 60,
'key_prefix' => 'ip',
'key_source' => 'ip',
],
]
Git Repository
The source code for this middleware is hosted internally.