Intégration PHP
N'importe quel site PHP — Laravel, CodeIgniter, thèmes WordPress personnalisés, simple index.php. Un seul include, filtrage en 20 lignes.
Démarrage rapide — 20 lignes
Créez zerobot.php à côté de votre point d'entrée, puis require-le en haut de chaque page à protéger (ou du contrôleur frontal).
<?php // zerobot.php — drop-in bot screening const ZEROBOT_LICENSE = 'YOUR_LICENSE_KEY'; const ZEROBOT_DOMAIN = 'yoursite.com'; $ip = $_SERVER['HTTP_CF_CONNECTING_IP'] ?? $_SERVER['REMOTE_ADDR'] ?? ''; $ua = $_SERVER['HTTP_USER_AGENT'] ?? ''; $url = 'https://api.zerobot.info/v3/openapi?' . http_build_query([ 'license' => ZEROBOT_LICENSE, 'ip' => $ip, 'domain' => ZEROBOT_DOMAIN, 'useragent' => $ua, ]); $ch = curl_init($url); curl_setopt_array($ch, [ CURLOPT_RETURNTRANSFER => true, CURLOPT_TIMEOUT => 5, ]); $res = curl_exec($ch); curl_close($ch); $data = json_decode($res, true); if (is_array($data) && !empty($data['is_bot'])) { http_response_code(403); exit('Blocked: ' . ($data['reason'] ?? 'bot')); } // Fall through = visitor is human. Render your page normally.
Comportement fail-open : si l'API expire ou ne renvoie rien, $data['is_bot'] vaut null et la requête passe. Votre site ne casse jamais à cause d'un souci réseau.
Include Mode — hosted script, no API code
The simplest integration: no API calls to write. Download ZeroBot.php from your dashboard (Download Antibot), upload it next to the page you want to protect, then include it at the very top of that PHP file. Bots are blocked before anything renders; verified humans fall straight through into your page.
<?php // Top of your page — before ANY HTML output include 'ZeroBot.php'; ?> <!-- Your real page below. Bots never reach this line. --> <!DOCTYPE html> <html> <body> <h1>Welcome — you passed ZeroBot's checks.</h1> </body> </html>
Three requirements: (1) leave the rule's Redirect Link EMPTY — that is what switches the script into passthrough/include mode instead of redirecting; (2) put the include before any HTML output, so the bot block runs first; (3) set the rule's Antibot Link to the public URL of this file. Prefer the classic gateway behavior? Set a Redirect Link on the rule and the script will send verified humans there instead of passing through.
Middleware Laravel
Créez app/Http/Middleware/ZeroBot.php :
<?php namespace App\Http\Middleware; use Closure; use Illuminate\Http\Request; use Illuminate\Support\Facades\Http; class ZeroBot { public function handle(Request $request, Closure $next) { $res = Http::timeout(5)->get('https://api.zerobot.info/v3/openapi', [ 'license' => config('services.zerobot.key'), 'ip' => $request->ip(), 'domain' => $request->getHost(), 'useragent' => $request->userAgent() ?? '', ]); if ($res->ok() && $res->json('is_bot')) { abort(403, $res->json('reason', 'bot')); } return $next($request); } }
Enregistrez-le dans app/Http/Kernel.php sous $middleware pour toutes les routes, ou $middlewareGroups['web'] pour le web uniquement.
Format de la réponse
Chaque appel à /v3/openapi renvoie la même structure JSON :
{
"username": "encrypted",
"is_bot": true,
"reason": "DATACENTER",
"risk_score": 60,
"country_code": "us",
"country_name": "United States",
"asn": "AS15169",
"isp": "Google LLC",
"hostname": "dns.google",
"tor": false,
"vpn": false,
"datacenter": true,
"left": 471, // license days remaining
"plan": "ISP"
}
Bonnes pratiques
- Cache per-IP. Store the verdict in APCu / Redis for 5-60 minutes to avoid hitting the API on every pageview by the same visitor.
- Skip admin paths. Don't screen wp-admin, /admin, /api/webhooks, etc. — check
$_SERVER['REQUEST_URI']before the API call. - Honor Cloudflare IPs. If your site is behind CF, read
HTTP_CF_CONNECTING_IP—REMOTE_ADDRis the CF edge, not the visitor. - Fail open on timeout. Never let a ZeroBot outage take your site down. Wrap the API call in try/catch and default to
is_bot=false.