Integraciones → PHP

Integración PHP

Cualquier sitio PHP — Laravel, CodeIgniter, temas personalizados de WordPress, simple index.php. Un include, filtrado en 20 líneas.

Inicio rápido — 20 líneas

Crea zerobot.php junto al punto de entrada del sitio y haz require en cada página que quieras proteger (o en el controlador frontal).

<?php
// zerobot.php — drop-in bot screening
const ZEROBOT_LICENSE = 'YOUR_LICENSE_KEY';
const ZEROBOT_DOMAIN  = 'yoursite.com';

$ip  = $_SERVER['HTTP_CF_CONNECTING_IP'] ?? $_SERVER['REMOTE_ADDR'] ?? '';
$ua  = $_SERVER['HTTP_USER_AGENT'] ?? '';
$url = 'https://api.zerobot.info/v3/openapi?' . http_build_query([
    'license'   => ZEROBOT_LICENSE,
    'ip'        => $ip,
    'domain'    => ZEROBOT_DOMAIN,
    'useragent' => $ua,
]);

$ch  = curl_init($url);
curl_setopt_array($ch, [
    CURLOPT_RETURNTRANSFER => true,
    CURLOPT_TIMEOUT        => 5,
]);
$res = curl_exec($ch);
curl_close($ch);

$data = json_decode($res, true);
if (is_array($data) && !empty($data['is_bot'])) {
    http_response_code(403);
    exit('Blocked: ' . ($data['reason'] ?? 'bot'));
}
// Fall through = visitor is human. Render your page normally.

Comportamiento fail-open: si la API expira o no devuelve nada, $data['is_bot'] es null y la petición pasa. Tu sitio nunca se rompe por un problema de red.

Middleware Laravel

Crea app/Http/Middleware/ZeroBot.php:

<?php
namespace App\Http\Middleware;

use Closure;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Http;

class ZeroBot
{
    public function handle(Request $request, Closure $next)
    {
        $res = Http::timeout(5)->get('https://api.zerobot.info/v3/openapi', [
            'license'   => config('services.zerobot.key'),
            'ip'        => $request->ip(),
            'domain'    => $request->getHost(),
            'useragent' => $request->userAgent() ?? '',
        ]);

        if ($res->ok() && $res->json('is_bot')) {
            abort(403, $res->json('reason', 'bot'));
        }
        return $next($request);
    }
}

Regístralo en app/Http/Kernel.php bajo $middleware para todas las rutas, o $middlewareGroups['web'] solo para web.

Formato de la respuesta

Cada llamada a /v3/openapi devuelve la misma estructura JSON:

{
  "username":     "encrypted",
  "is_bot":       true,
  "reason":       "DATACENTER",
  "risk_score":   60,
  "country_code": "us",
  "country_name": "United States",
  "asn":          "AS15169",
  "isp":          "Google LLC",
  "hostname":     "dns.google",
  "tor":          false,
  "vpn":          false,
  "datacenter":   true,
  "left":         471,   // license days remaining
  "plan":         "ISP"
}

Buenas prácticas

Cache per-IP. Store the verdict in APCu / Redis for 5-60 minutes to avoid hitting the API on every pageview by the same visitor.
Skip admin paths. Don't screen wp-admin, /admin, /api/webhooks, etc. — check $_SERVER['REQUEST_URI'] before the API call.
Honor Cloudflare IPs. If your site is behind CF, read HTTP_CF_CONNECTING_IP — REMOTE_ADDR is the CF edge, not the visitor.
Fail open on timeout. Never let a ZeroBot outage take your site down. Wrap the API call in try/catch and default to is_bot=false.