Intégrations → PHP

Intégration PHP

N'importe quel site PHP — Laravel, CodeIgniter, thèmes WordPress personnalisés, simple index.php. Un seul include, filtrage en 20 lignes.

Démarrage rapide — 20 lignes

Créez zerobot.php à côté de votre point d'entrée, puis require-le en haut de chaque page à protéger (ou du contrôleur frontal).

<?php
// zerobot.php — drop-in bot screening
const ZEROBOT_LICENSE = 'YOUR_LICENSE_KEY';
const ZEROBOT_DOMAIN  = 'yoursite.com';

$ip  = $_SERVER['HTTP_CF_CONNECTING_IP'] ?? $_SERVER['REMOTE_ADDR'] ?? '';
$ua  = $_SERVER['HTTP_USER_AGENT'] ?? '';
$url = 'https://api.zerobot.info/v3/openapi?' . http_build_query([
    'license'   => ZEROBOT_LICENSE,
    'ip'        => $ip,
    'domain'    => ZEROBOT_DOMAIN,
    'useragent' => $ua,
]);

$ch  = curl_init($url);
curl_setopt_array($ch, [
    CURLOPT_RETURNTRANSFER => true,
    CURLOPT_TIMEOUT        => 5,
]);
$res = curl_exec($ch);
curl_close($ch);

$data = json_decode($res, true);
if (is_array($data) && !empty($data['is_bot'])) {
    http_response_code(403);
    exit('Blocked: ' . ($data['reason'] ?? 'bot'));
}
// Fall through = visitor is human. Render your page normally.

Comportement fail-open : si l'API expire ou ne renvoie rien, $data['is_bot'] vaut null et la requête passe. Votre site ne casse jamais à cause d'un souci réseau.

Middleware Laravel

Créez app/Http/Middleware/ZeroBot.php :

<?php
namespace App\Http\Middleware;

use Closure;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Http;

class ZeroBot
{
    public function handle(Request $request, Closure $next)
    {
        $res = Http::timeout(5)->get('https://api.zerobot.info/v3/openapi', [
            'license'   => config('services.zerobot.key'),
            'ip'        => $request->ip(),
            'domain'    => $request->getHost(),
            'useragent' => $request->userAgent() ?? '',
        ]);

        if ($res->ok() && $res->json('is_bot')) {
            abort(403, $res->json('reason', 'bot'));
        }
        return $next($request);
    }
}

Enregistrez-le dans app/Http/Kernel.php sous $middleware pour toutes les routes, ou $middlewareGroups['web'] pour le web uniquement.

Format de la réponse

Chaque appel à /v3/openapi renvoie la même structure JSON :

{
  "username":     "encrypted",
  "is_bot":       true,
  "reason":       "DATACENTER",
  "risk_score":   60,
  "country_code": "us",
  "country_name": "United States",
  "asn":          "AS15169",
  "isp":          "Google LLC",
  "hostname":     "dns.google",
  "tor":          false,
  "vpn":          false,
  "datacenter":   true,
  "left":         471,   // license days remaining
  "plan":         "ISP"
}

Bonnes pratiques

Cache per-IP. Store the verdict in APCu / Redis for 5-60 minutes to avoid hitting the API on every pageview by the same visitor.
Skip admin paths. Don't screen wp-admin, /admin, /api/webhooks, etc. — check $_SERVER['REQUEST_URI'] before the API call.
Honor Cloudflare IPs. If your site is behind CF, read HTTP_CF_CONNECTING_IP — REMOTE_ADDR is the CF edge, not the visitor.
Fail open on timeout. Never let a ZeroBot outage take your site down. Wrap the API call in try/catch and default to is_bot=false.