Skip to content

Update docs for 0.7: resolver-first keying, review fixes, language pass#7

Merged
sascha-egerer merged 2 commits into
mainfrom
docs/update-for-next-release
Jul 2, 2026
Merged

Update docs for 0.7: resolver-first keying, review fixes, language pass#7
sascha-egerer merged 2 commits into
mainfrom
docs/update-for-next-release

Conversation

@sascha-egerer

Copy link
Copy Markdown
Contributor

Align the docs with the 0.7 core changes and resolve all findings from the 0.6 documentation review.

Resolver-first client-IP keying:

  • Teach setIpResolver($trustedProxyResolver->resolve(...)) as the single proxy-trust setup; keyless counter rules and PortableConfig::keyIp() key on the resolved client IP.
  • Document the KeyExtractors::ip() / clientIp() deprecations and drop both from all snippets; TrustedBotMatcher examples omit ipResolver so the matcher autowires the Config resolver.

Corrected claims:

  • @rx overlength values are truncated and matched, engine errors count as a match (was described as "skipped / not matched").
  • TrustedBotMatcher constructor signature and parameter table (six parameters, named-arguments guidance, cacheTtl).
  • Proxy guidance on bot-presets and portable-config matches the actual keyIp() late-binding behavior.
  • X-RateLimit headers carry no rule name; knownScanners ships 26 patterns; sliding-window counters are not cleared by resetThrottle().

Completeness:

  • Document Presets::coreRuleSet(), Presets::crsVersion(), and the $maxValuesPerCrsVariable per-variable value cap.
  • Drop the removed CRS example rows (04/05/14), fix the example count, and cross-link the companion preset packages from the guide flow.
  • Fix copy-paste fatals (JsonResponse, arrow function with use()) and the unsafe getParsedBody() array access.

Language pass over all pages: remove filler and marketing wording and unused imports from snippets.

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR updates the documentation set to match Phirewall 0.7 behavior, especially around resolver-first client-IP keying, TrustedBotMatcher wiring/signature, OWASP CRS semantics, and a broad language/snippet cleanup pass.

Changes:

  • Rework proxy/client-IP guidance to standardize on Config::setIpResolver($trustedProxyResolver->resolve(...)) and remove deprecated KeyExtractors::* usage from snippets.
  • Correct/expand feature documentation (TrustedBotMatcher parameters/caching, CRS factory options and @rx behavior, presets/companion packages, reset semantics, header behavior).
  • Clean up examples and prose (remove outdated example rows/counts, fix snippet hazards, tighten wording).

Reviewed changes

Copilot reviewed 24 out of 24 changed files in this pull request and generated 4 comments.

Show a summary per file
File Description
docs/services.md Language pass / wording refinement.
docs/index.md Update marketing feature blurb to match current bot-detection capabilities and naming.
docs/getting-started.md Align onboarding guidance and snippets with resolver-first keying and updated bot safelisting guidance.
docs/features/trusted-bots.md Update trusted-bot throttling keying guidance (client IP / proxy context).
docs/features/storage.md Clarify production store guidance (APCu caveat phrasing).
docs/features/safelists-blocklists.md Update TrustedBotMatcher examples to rely on Config resolver autowiring; update known-scanners count; add companion preset note; align IP resolver wiring.
docs/features/rate-limiting.md Rewrite default-key and proxy sections for resolver-first keying; update KeyExtractors section for deprecations and guidance; align proxy examples.
docs/features/owasp-crs.md Document $maxValuesPerCrsVariable, add tuning guidance via presets, and correct @rx truncation/fail-closed semantics.
docs/features/fail2ban.md Update keying/proxy guidance, remove deprecated extractor snippets, and fix unsafe parsed-body access in examples.
docs/features/bot-presets.md Clarify how presets key on resolved client IP via PortableConfig::keyIp() late binding.
docs/features/bot-detection.md Add companion preset package tip; update TrustedBotMatcher usage and signature docs; tighten wording.
docs/features/bad-ip-preset.md Align bad-IP preset client-IP matching guidance with resolver-first behavior.
docs/faq.md Update proxy/client-IP explanation and examples to resolver-first keying; tighten wording.
docs/examples.md Update example count/list to reflect moved OWASP CRS examples; add companion packages section; tighten framework-integration prose.
docs/common-attacks.md Align proxy/keying guidance and production setup wording with resolver-first behavior.
docs/advanced/track-notifications.md Tighten wording and remove deprecated extractor imports from snippets.
docs/advanced/request-context.md Replace framework-specific JsonResponse with a generic PSR-7 response example; wording pass.
docs/advanced/psr17.md Remove deprecated extractor imports from examples.
docs/advanced/presets.md Minor wording pass.
docs/advanced/portable-config.md Clarify keyIp() behavior as resolver-aware / late-bound; add stronger proxy-header warning.
docs/advanced/observability.md Wording pass to reduce filler/marketing phrasing.
docs/advanced/infrastructure.md Update documentation around request-to-IP default extraction and remove deprecated imports.
docs/advanced/dynamic-throttle.md Fix invalid arrow function syntax; document resetThrottle() limitations and header naming behavior.
docs/advanced/discriminator-normalizer.md Minor wording/clarity edits.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread docs/advanced/portable-config.md Outdated
Comment thread docs/advanced/request-context.md Outdated
Comment thread docs/features/bot-presets.md
Comment thread docs/features/rate-limiting.md
Align the docs with the 0.7 core changes and resolve all findings from
the 0.6 documentation review.

Resolver-first client-IP keying:
- Teach setIpResolver($trustedProxyResolver->resolve(...)) as the single
  proxy-trust setup; keyless counter rules and PortableConfig::keyIp()
  key on the resolved client IP.
- Document the KeyExtractors::ip() / clientIp() deprecations and drop
  both from all snippets; TrustedBotMatcher examples omit ipResolver so
  the matcher autowires the Config resolver.

Corrected claims:
- @rx overlength values are truncated and matched, engine errors count
  as a match (was described as "skipped / not matched").
- TrustedBotMatcher constructor signature and parameter table (six
  parameters, named-arguments guidance, cacheTtl).
- Proxy guidance on bot-presets and portable-config matches the actual
  keyIp() late-binding behavior.
- X-RateLimit headers carry no rule name; knownScanners ships 26
  patterns; sliding-window counters are not cleared by resetThrottle().

Completeness:
- Document Presets::coreRuleSet(), Presets::crsVersion(), and the
  $maxValuesPerCrsVariable per-variable value cap.
- Drop the removed CRS example rows (04/05/14), fix the example count,
  and cross-link the companion preset packages from the guide flow.
- Fix copy-paste fatals (JsonResponse, arrow function with use()) and
  the unsafe getParsedBody() array access.

Language pass over all pages: remove filler and marketing wording and
unused imports from snippets.

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 24 out of 24 changed files in this pull request and generated 3 comments.

Comment thread docs/advanced/request-context.md
Comment thread docs/features/trusted-bots.md Outdated
Comment thread docs/index.md Outdated
…istered resolver, split the bot-detection blurb

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 24 out of 24 changed files in this pull request and generated no new comments.

@sascha-egerer sascha-egerer merged commit e44c463 into main Jul 2, 2026
4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants