crowdsec / magento2-module-bouncer
crowdsec/magento2-module-bouncer
The Bouncer module for Magento 2 allows rejecting IP detected as malicious by CrowdSec
CrowdSec Bouncer extension for Magento 2
This Magento 2 module allows you to apply decisions from CrowdSec directly within the Magento 2 application.
Usage
See User Guide
Installation
Technical notes
See Technical notes
Developer guide
See Developer guide
License
Changelog
All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog
and this project adheres to Semantic Versioning.
The public API for this project is defined by the set of
functions provided by the module.
2.2.1 - 2025-10-10
Fixed
- Fix deprecation warning on PHP 8.4 (PR 28)
2.2.0 - 2025-09-15
Changed
- Update to add compatibility with Magento 2.4.8
2.1.1 - 2024-04-12
Changed
- No change: released on marketplace to confirm compatibility with Magento 2.4.7 and PHP 8.3
2.1.0 - 2024-01-05
Changed
- Encrypt bouncer key in database
Removed
- Removed Events log feature
Added
- Add
api_connect_timeoutconfiguration forCurlrequest handler - Add
api_timeoutconfiguration
Fixed
- Allow
crowdsec/symfony-cache:3.0.0dependency to avoid composer conflict with some Magento 2.4.6 patch versions
2.0.0 - 2023-03-23
Changed
- All source code has been refactored using new CrowdSec PHP librairies:
- Logs messages have been changed
- User Agent sent to CrowdSec LAPI has been changed to
csphplapi_Magento2/vX.Y.Z
- Change composer minimum stability from
devtostable
Added
- Add compatibility with Magento 2.4.6 and PHP 8.2
1.5.0 - 2022-09-08
Added
- Add TLS authentication feature
1.4.0 - 2022-08-11
Added
- Add configuration to use
cURLinstead offile_get_contentsto call LAPI. - Add configuration
forced_test_forwarded_ipfor testing purpose.
1.3.0 - 2022-06-09
Added
- Add configuration to set captcha flow cache lifetime
- Add configuration to set geolocation result cache lifetime
Changed
- Use cache instead of session to store some values
Fixed
- Fix wrong deleted decisions count during cache refresh
1.2.0 - 2022-05-12
Added
- Add geolocation feature
- Add compatibility with Magento 2.4.4 and PHP 8.1
1.1.0 - 2022-03-11
Added
- Add events log feature
Fixed
- Fix primary and secondary text configuration path
1.0.0 - 2021-12-10
Changed
- Modify default auto_prepend mode filename to avoid Magento 2 PHP code sniff error
- Update documentation
0.7.9 - 2021-11-19
Added
- Initial release
| Version | Stability | QA Status | Compatibility | Released |
|---|---|---|---|---|
| 2.2.1 | stable | Fail | Magento 2.4.7 Details | 2025-10-10 01:21:14 |
| 2.2.0 | stable | Not tested | Not yet tested Details | 2025-09-15 06:38:02 |
| 2.1.1 | stable | Not tested | Not yet tested Details | 2024-04-12 04:49:24 |
| 2.1.0 | stable | Not tested | Not yet tested Details | 2024-01-05 04:19:21 |
| 2.0.0 | stable | Not tested | Not yet tested Details | 2023-03-23 01:19:00 |
| 1.5.0 | stable | Not tested | Not yet tested Details | 2022-09-08 04:20:56 |
| 1.4.0 | stable | Not tested | Not yet tested Details | 2022-08-11 00:26:03 |
| 1.3.0 | stable | Not tested | Not yet tested Details | 2022-06-09 04:08:18 |
| 1.2.0 | stable | Not tested | Not yet tested Details | 2022-05-12 09:15:21 |
| 1.1.0 | stable | Not tested | Not yet tested Details | 2022-03-11 05:09:59 |
| 1.0.0 | stable | Not tested | Not yet tested Details | 2021-12-10 06:57:31 |
| 0.7.9 | stable | Not tested | Not yet tested Details | 2021-11-19 06:58:07 |
Requires 4
| Package | Constraint |
|---|---|
| magento/framework | >=102 |
| crowdsec/bouncer | ^4.3.0 |
| swaggest/json-schema | 0.12.39 |
| crowdsec/magento-symfony-cache | 1.1.0 || 2.2.0 || 3.0.0 |
Compatibility
Each Magento release line is installed on its supported PHP versions, then the module is built (DI compilation + static-content deploy) and its unit and integration suites are run. The matrix shows the lines and PHP versions the module is confirmed to install and run on. Code-quality results further down (phpstan, phpcs, …) are reported separately and never affect compatibility.
Code Quality
Advisory checks against the module's source. Static analysis runs once across the whole module; PHPStan re-runs per Magento + PHP version because resolvable symbols differ between releases. These NEVER affect the Compatibility badge — a phpcs finding can't make a module incompatible.
Static analysis
Coding standards (phpcs), mess detection (phpmd), copy-pasted code (cpd), PHP cross-version compatibility, composer.json validity. Each runs once for the whole module.
PHPStan
Type-checks the module's PHP against a real Magento install at the configured gate level. Re-runs per Magento and PHP version because resolvable symbols differ between releases. Cell → details modal.
Tests
Unit and integration suites, run for each applicable Magento and PHP version. A test failure speaks to the module's behaviour, not its compatibility with a Magento line, so it is reported here separately and never reddens the compatibility matrix.
Unit tests
Integration tests
| Magento | PHP 8.2 | PHP 8.3 | PHP 8.4 | PHP 8.5 |
|---|---|---|---|---|
| 2.4.7 | N/A | N/A | ||
| 2.4.8 | N/A | N/A | ||
| 2.4.9 | N/A | N/A |
Security
Security checks run directly against the module: an audit of its declared dependencies for known vulnerabilities (composer audit) and a scan of its source for malware and web-shell signatures. Each runs once. A malware detection fails the version outright.
Turn an existing module into recurring revenue.
If you already maintain a Magento 2 module on GitHub or GitLab, listing it on Packagento takes about five minutes. We mirror your tags, handle distribution signing, and route paid licenses through Stripe Connect, so you can keep shipping the way you already do.