A high-performance, minimalist, and ultra-secure RCON API for retro-gaming servers. This version has been manually audited, stripped of unnecessary bloat, and hardened against common web vulnerabilities.
- 🔒 Injection Proof: 100% usage of PDO and MySQLi Prepared Statements. SQL injection is impossible.
- 🛡️ RCON Safety: All commands sent to the game server are JSON-encoded and strictly validated.
- ✅ Strict Validation: Extensive regex and type-checking for every input parameter.
- 🚀 Production Optimized: Minimalist codebase with all comments removed for performance and clarity.
- 🌐 Cross-Origin Ready: Optimized CORS configuration for access from any domain (scoped by SSO).
- 📁 Server Hardened: Pre-configured
web.configand.htaccessto block sensitive file access.
-
Clone the Repo:
git clone https://github.com/groundmanage2022/ZabboAPI-Hardened-Core.git
-
Configure Credentials: Edit
config.phpwith your database and RCON details. -
Secure Your Server: Ensure
web.config(for IIS) or.htaccess(for Apache) is active in your root directory.
| Layer | Protection Mechanism |
|---|---|
| Database | PDO Prepared Statements + Parameter Binding |
| RCON | JSON Encoding + Defense-in-Depth Validation |
| Input | Regex Whitelisting + Numeric Range Checking |
| Privilege | Strict Command Whitelist (:about, :help, etc.) |
| Infrastucture | Server-side blocking of .env, .git, and config files |
index.php: Main API entry point and validation logic.Rcon.php: Secure RCON communication layer.User.php: Database interaction using prepared statements.audio.php: Secure audio upload handler with MIME validation.web.config: IIS-specific security and routing rules..htaccess: Apache-specific security and routing rules.
This is the "Hardened Core" version. If you find any potential edge cases for injection, please open an issue immediately.
Developed for performance. Hardened for security.