# crowdsec/magento2-module-bouncer

> The Bouncer module for Magento 2 allows rejecting IP detected as malicious by CrowdSec

`composer require crowdsec/magento2-module-bouncer`

Canonical URL: https://packagento.com/crowdsec/magento2-module-bouncer

## At a glance

- **Vendor**: crowdsec (https://packagento.com/crowdsec.md)
- **Latest version**: 2.2.1 — released 2025-10-10
- **Pricing**: Free
- **Package type**: Magento 2 module
- **Status**: active, accepting new buyers

## Installation

Packagento is licence-gated, so even free packages need a licence on a project before Composer can resolve them.

1. **Sign in or create an account** at https://packagento.com/customer/account/.

2. **Add the package to your account.** Open https://packagento.com/crowdsec/magento2-module-bouncer and complete the free checkout. A licence is minted automatically.

3. **Create or pick a project, then activate the licence on it.**
   - Projects represent the Magento installs you deploy to. Manage them at https://packagento.com/projects/.
   - Activate the new licence on the project you'll deploy this package to. Activation is what generates the Composer credentials scoped to that project.

4. **Add the project credentials to your Magento codebase.**

   Grab the project's public + private key from https://packagento.com/projects/ (open the project, then its Credentials tab), and add them to `auth.json`:

   ```json
   {
     "http-basic": {
       "packagento.com": {
         "username": "ppk_live_...",
         "password": "psk_live_..."
       }
     }
   }
   ```

   Add the Packagento Composer repository to `composer.json`:

   ```json
   {
     "repositories": [
       { "type": "composer", "url": "https://packagento.com" }
     ]
   }
   ```

5. **Install and apply.**

   ```bash
   composer require crowdsec/magento2-module-bouncer:*
   bin/magento setup:upgrade
   bin/magento setup:di:compile
   bin/magento cache:flush
   ```

## What it does

The Bouncer module for Magento 2 allows rejecting IP detected as malicious by CrowdSec

## README

![CrowdSec Logo](https://raw.githubusercontent.com/crowdsecurity/cs-magento-bouncer/main/doc/images/logo_crowdsec.png) 

## CrowdSec Bouncer extension for Magento 2

> This Magento 2 module allows you to apply decisions from CrowdSec directly within the Magento 2 application.

[![Version](https://img.shields.io/github/v/release/crowdsecurity/cs-magento-bouncer?include_prereleases)](https://github.com/crowdsecurity/cs-magento-bouncer/releases)
[![End to end tests](https://github.com/crowdsecurity/cs-magento-bouncer/actions/workflows/end-to-end-test-suite.yml/badge.svg)](https://github.com/crowdsecurity/cs-magento-bouncer/actions/workflows/end-to-end-test-suite.yml)
[![Static and unit tests](https://github.com/crowdsecurity/cs-magento-bouncer/actions/workflows/static-and-unit-test-suite.yml/badge.svg)](https://github.com/crowdsecurity/cs-magento-bouncer/actions/workflows/static-and-unit-test-suite.yml)
[![Installation and varnish tests](https://github.com/crowdsecurity/cs-magento-bouncer/actions/workflows/installation-and-varnish-test-suite.yml/badge.svg)](https://github.com/crowdsecurity/cs-magento-bouncer/actions/workflows/installation-and-varnish-test-suite.yml)
[![Licence](https://img.shields.io/github/license/crowdsecurity/cs-magento-bouncer)](https://github.com/crowdsecurity/cs-magento-bouncer/blob/main/LICENSE)


### Usage

See [User Guide](https://github.com/crowdsecurity/cs-magento-bouncer/blob/main/doc/USER_GUIDE.md)

### Installation

See [Installation Guide](https://github.com/crowdsecurity/cs-magento-bouncer/blob/main/doc/INSTALLATION_GUIDE.md)


### Technical notes

See [Technical notes](https://github.com/crowdsecurity/cs-magento-bouncer/blob/main/doc/TECHNICAL_NOTES.md)

### Developer guide

See [Developer guide](https://github.com/crowdsecurity/cs-magento-bouncer/blob/main/doc/DEVELOPER.md)


### License

[MIT](https://github.com/crowdsecurity/cs-magento-bouncer/blob/main/LICENSE)

## Changelog

All notable changes to this project will be documented in this file.

The format is based on [Keep a Changelog](https://keepachangelog.com/en)
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).

The [public API](https://semver.org/spec/v2.0.0.html#spec-item-1) for this project is defined by the set of
functions provided by the module.

### [2.2.1](https://github.com/crowdsecurity/cs-magento-bouncer/releases/tag/v2.2.1) - 2025-10-10
[_Compare with previous release_](https://github.com/crowdsecurity/cs-magento-bouncer/compare/v2.2.0...v2.2.1)

#### Fixed

- Fix deprecation warning on PHP 8.4 ([PR 28](https://github.com/crowdsecurity/cs-magento-bouncer/pull/28))


---

### [2.2.0](https://github.com/crowdsecurity/cs-magento-bouncer/releases/tag/v2.2.0) - 2025-09-15
[_Compare with previous release_](https://github.com/crowdsecurity/cs-magento-bouncer/compare/v2.1.1...v2.2.0)

#### Changed

- Update to add compatibility with Magento 2.4.8


---

### [2.1.1](https://github.com/crowdsecurity/cs-magento-bouncer/releases/tag/v2.1.1) - 2024-04-12
[_Compare with previous release_](https://github.com/crowdsecurity/cs-magento-bouncer/compare/v2.1.0...v2.1.1)

#### Changed

- No change: released on marketplace to confirm compatibility with Magento 2.4.7 and PHP 8.3


---

### [2.1.0](https://github.com/crowdsecurity/cs-magento-bouncer/releases/tag/v2.1.0) - 2024-01-05
[_Compare with previous release_](https://github.com/crowdsecurity/cs-magento-bouncer/compare/v2.0.0...v2.1.0)


#### Changed

- Encrypt bouncer key in database

#### Removed

- Removed Events log feature

#### Added

- Add `api_connect_timeout` configuration for `Curl` request handler
- Add `api_timeout` configuration

#### Fixed

- Allow `crowdsec/symfony-cache:3.0.0` dependency to avoid composer conflict with some Magento 2.4.6 patch versions

---


### [2.0.0](https://github.com/crowdsecurity/cs-magento-bouncer/releases/tag/v2.0.0) - 2023-03-23
[_Compare with previous release_](https://github.com/crowdsecurity/cs-magento-bouncer/compare/v1.5.0...v2.0.0)

#### Changed

- All source code has been refactored using new CrowdSec PHP librairies:
    - Logs messages have been changed
    - User Agent sent to CrowdSec LAPI has been changed to `csphplapi_Magento2/vX.Y.Z`
- Change composer minimum stability from `dev` to `stable`

#### Added

- Add compatibility with Magento 2.4.6 and PHP 8.2

---


### [1.5.0](https://github.com/crowdsecurity/cs-magento-bouncer/releases/tag/v1.5.0) - 2022-09-08
[_Compare with previous release_](https://github.com/crowdsecurity/cs-magento-bouncer/compare/v1.4.0...v1.5.0)
#### Added
- Add TLS authentication feature
---

### [1.4.0](https://github.com/crowdsecurity/cs-magento-bouncer/releases/tag/v1.4.0) - 2022-08-11
[_Compare with previous release_](https://github.com/crowdsecurity/cs-magento-bouncer/compare/v1.3.0...v1.4.0)
#### Added
- Add configuration to use `cURL` instead of `file_get_contents` to call LAPI.
- Add configuration `forced_test_forwarded_ip` for testing purpose.
---
### [1.3.0](https://github.com/crowdsecurity/cs-magento-bouncer/releases/tag/v1.3.0) - 2022-06-09
[_Compare with previous release_](https://github.com/crowdsecurity/cs-magento-bouncer/compare/v1.2.0...v1.3.0)
#### Added
- Add configuration to set captcha flow cache lifetime
- Add configuration to set geolocation result cache lifetime
#### Changed
- Use cache instead of session to store some values
#### Fixed
- Fix wrong deleted decisions count during cache refresh
---
### [1.2.0](https://github.com/crowdsecurity/cs-magento-bouncer/releases/tag/v1.2.0) - 2022-05-12
[_Compare with previous release_](https://github.com/crowdsecurity/cs-magento-bouncer/compare/v1.1.0...v1.2.0)
#### Added
- Add geolocation feature
- Add compatibility with Magento 2.4.4 and PHP 8.1

_(Changelog truncated for .md surface. Full history on https://packagento.com/crowdsec/magento2-module-bouncer.)_

## Recent Versions

| Version | Released |
|---|---|
| 2.2.1 | 2025-10-10 |
| 2.2.0 | 2025-09-15 |
| 2.1.1 | 2024-04-12 |
| 2.1.0 | 2024-01-05 |
| 2.0.0 | 2023-03-23 |
| 1.5.0 | 2022-09-08 |
| 1.4.0 | 2022-08-11 |
| 1.3.0 | 2022-06-09 |
| 1.2.0 | 2022-05-12 |
| 1.1.0 | 2022-03-11 |

Showing 10 of 12 versions. Full release history on https://packagento.com/crowdsec/magento2-module-bouncer.

## Dependencies

### Require

| Package | Constraint |
|---|---|
| crowdsec/bouncer | ^4.3.0 |
| crowdsec/magento-symfony-cache | 1.1.0 \|\| 2.2.0 \|\| 3.0.0 |
| magento/framework | >=102 |
| swaggest/json-schema | 0.12.39 |

## Quality

Latest release (2.2.1) fails the Packagento QA pipeline. Verdicts below are per-cell (Magento line × PHP version) for the matrixed tools, and run-once for the static / security tiers.


### Compatibility

Each Magento line is installed on its supported PHP versions, then the module is built (DI compile + static-content deploy). Cells show passed / failed / untested; staircase gaps render as `–`.

| Magento | PHP 8.2 | PHP 8.3 | PHP 8.4 | PHP 8.5 |
|---|---|---|---|---|
| 2.4.7 | Pass | Pass | – | – |
| 2.4.8 | – | Pass | not tested | – |
| 2.4.9 | – | – | not tested | not tested |


### Code Quality

Advisory checks against the module's source. Never affect the Compatibility verdict — a phpcs finding can't make a module incompatible.

#### Static Analysis

Coding standards (phpcs), mess detection (phpmd), copy-pasted code (cpd), PHP cross-version compatibility, composer.json validity. Each runs once for the whole module.

| Tool | Status | Findings | Summary |
|---|---|---|---|
| PHPCS | Pass | 0 |  |
| PHPMD | Warning | 3 | 3 rule violations (ExcessiveClassComplexity:2, TooManyPublicMethods:1) |
| Cpd | Pass | 0 |  |
| Composer validate | Info | 2 | valid; 2 advisory notes (composer validate --strict) |

#### PHPStan

Type-checks the module against a real Magento install. Re-runs per Magento + PHP version because resolvable symbols differ between releases.

| Magento | PHP 8.2 | PHP 8.3 | PHP 8.4 | PHP 8.5 |
|---|---|---|---|---|
| 2.4.7 | 12 | 12 | – | – |
| 2.4.8 | – | 12 | 12 | – |
| 2.4.9 | – | – | N/A | N/A |


### Tests

Unit and integration suites run per Magento + PHP cell. Test failures speak to the module's behaviour, not its compatibility with a line, so they're reported here separately.

#### Unit Tests

| Magento | PHP 8.2 | PHP 8.3 | PHP 8.4 | PHP 8.5 |
|---|---|---|---|---|
| 2.4.7 | N/A | N/A | – | – |
| 2.4.8 | – | N/A | N/A | – |
| 2.4.9 | – | – | N/A | N/A |

#### Integration Tests

| Magento | PHP 8.2 | PHP 8.3 | PHP 8.4 | PHP 8.5 |
|---|---|---|---|---|
| 2.4.7 | N/A | N/A | – | – |
| 2.4.8 | – | N/A | N/A | – |
| 2.4.9 | – | – | N/A | N/A |


### Security

Dependency-advisory audit (composer audit) plus a source malware scan. A malware detection fails the version outright.

| Tool | Status | Findings | Summary |
|---|---|---|---|
| Composer audit | Pass | 0 |  |
| Malware scan | Pass | 0 |  |

## Licence and pricing

Free. A licence is still minted on checkout and bound to your project for Composer access — no payment step.

Refundable within 14 days of first purchase via https://packagento.com/account/refunds/.

## Install via Claude Code or any MCP client

The Packagento MCP server can run the licence + project + Composer steps above in one tool call:

```
purchase_and_install_packages(
  composer_names=["crowdsec/magento2-module-bouncer"],
  project_id="proj_xxx"
)
```

This handles cart, checkout, licence minting, project activation, and writes auth.json credentials. Connect a client with `claude mcp add packagento https://mcp.packagento.com`. Full setup at https://packagento.com/docs/mcp-setup.

## Vendor

crowdsec is a Magento 2 vendor on Packagento. See https://packagento.com/crowdsec.md for their full catalogue.