Integrazione PHP
Qualsiasi sito PHP — Laravel, CodeIgniter, temi WordPress custom, semplice index.php. Un include, screening in 20 righe.
Avvio rapido — 20 righe
Crea zerobot.php vicino all'entry point del sito e inseriscilo con require in ogni pagina da proteggere (o nel front controller).
<?php // zerobot.php — drop-in bot screening const ZEROBOT_LICENSE = 'YOUR_LICENSE_KEY'; const ZEROBOT_DOMAIN = 'yoursite.com'; $ip = $_SERVER['HTTP_CF_CONNECTING_IP'] ?? $_SERVER['REMOTE_ADDR'] ?? ''; $ua = $_SERVER['HTTP_USER_AGENT'] ?? ''; $url = 'https://api.zerobot.info/v3/openapi?' . http_build_query([ 'license' => ZEROBOT_LICENSE, 'ip' => $ip, 'domain' => ZEROBOT_DOMAIN, 'useragent' => $ua, ]); $ch = curl_init($url); curl_setopt_array($ch, [ CURLOPT_RETURNTRANSFER => true, CURLOPT_TIMEOUT => 5, ]); $res = curl_exec($ch); curl_close($ch); $data = json_decode($res, true); if (is_array($data) && !empty($data['is_bot'])) { http_response_code(403); exit('Blocked: ' . ($data['reason'] ?? 'bot')); } // Fall through = visitor is human. Render your page normally.
Fail-open: se l'API va in timeout o non risponde, $data['is_bot'] è null e la richiesta passa. Il tuo sito non si rompe per un problema di rete.
Include Mode — hosted script, no API code
The simplest integration: no API calls to write. Download ZeroBot.php from your dashboard (Download Antibot), upload it next to the page you want to protect, then include it at the very top of that PHP file. Bots are blocked before anything renders; verified humans fall straight through into your page.
<?php // Top of your page — before ANY HTML output include 'ZeroBot.php'; ?> <!-- Your real page below. Bots never reach this line. --> <!DOCTYPE html> <html> <body> <h1>Welcome — you passed ZeroBot's checks.</h1> </body> </html>
Three requirements: (1) leave the rule's Redirect Link EMPTY — that is what switches the script into passthrough/include mode instead of redirecting; (2) put the include before any HTML output, so the bot block runs first; (3) set the rule's Antibot Link to the public URL of this file. Prefer the classic gateway behavior? Set a Redirect Link on the rule and the script will send verified humans there instead of passing through.
Middleware Laravel
Crea app/Http/Middleware/ZeroBot.php:
<?php namespace App\Http\Middleware; use Closure; use Illuminate\Http\Request; use Illuminate\Support\Facades\Http; class ZeroBot { public function handle(Request $request, Closure $next) { $res = Http::timeout(5)->get('https://api.zerobot.info/v3/openapi', [ 'license' => config('services.zerobot.key'), 'ip' => $request->ip(), 'domain' => $request->getHost(), 'useragent' => $request->userAgent() ?? '', ]); if ($res->ok() && $res->json('is_bot')) { abort(403, $res->json('reason', 'bot')); } return $next($request); } }
Registralo in app/Http/Kernel.php sotto $middleware per tutte le route, o $middlewareGroups['web'] solo per il web.
Formato della risposta
Ogni chiamata a /v3/openapi restituisce la stessa struttura JSON:
{
"username": "encrypted",
"is_bot": true,
"reason": "DATACENTER",
"risk_score": 60,
"country_code": "us",
"country_name": "United States",
"asn": "AS15169",
"isp": "Google LLC",
"hostname": "dns.google",
"tor": false,
"vpn": false,
"datacenter": true,
"left": 471, // license days remaining
"plan": "ISP"
}
Buone pratiche
- Cache per-IP. Store the verdict in APCu / Redis for 5-60 minutes to avoid hitting the API on every pageview by the same visitor.
- Skip admin paths. Don't screen wp-admin, /admin, /api/webhooks, etc. — check
$_SERVER['REQUEST_URI']before the API call. - Honor Cloudflare IPs. If your site is behind CF, read
HTTP_CF_CONNECTING_IP—REMOTE_ADDRis the CF edge, not the visitor. - Fail open on timeout. Never let a ZeroBot outage take your site down. Wrap the API call in try/catch and default to
is_bot=false.