search_security
Introduction
Search Security Enhanced protects your Drupal site from malicious search injection attacks, especially those used in phone scam operations. Attackers often try to inject fake phone numbers or scam phrases through search parameters to exploit your content.
This module detects and filters suspicious search queries before they reach users or get indexed by search engines. It provides:
- Real-time detection of malicious query patterns
- Smart parameter cleaning and user redirection
- Configurable protection levels: Basic, Moderate, Strict
- Phone number and scam keyword blocking
- Educational warnings for users
- Detailed logging and email alerts for administrators
Whether you're running a government website, a membership portal, or a service directory, this module helps protect your search experience from exploitation and abuse.
Features
- Search Parameter Protection: Detects scam phrases, phone numbers, suspicious encodings
- Smart Redirects: Cleans query parameters and keeps users on the page
- Custom Warning Pages: Show contextual security alerts and contact options
- Flexible Response Behavior: Choose between clean redirect, warning page, or hard block
- Granular Detection Settings: Control query length limits, allowed parameters, and blocklists
- Comprehensive Logging: All detected threats are logged
- Email Notifications: Admins receive alerts on detection events
- Developer-Ready: Hooks, services, Twig templates, and full configuration API
- Mobile-Responsive: Works across devices without affecting UX
- Seamless Integration: Supports search404 and views_pretty_path modules
- Safe Custom Search Paths: Monitor non-default search URLs
What It Blocks
Search Security blocks common patterns used in scam operations, such as:
- “call now 555-1234”
- “urgent verify account immediately”
- “technical support suspended account”
- Phone number variations like (555) 123-4567 or +1-555-123-4567
- URL-encoded threats like %20call%20now
- Mixed terms like drupal development call now 555-1234
- Overly long search queries meant to overwhelm the system
Legitimate URLs like /search?keys=web+development&utm_source=google are left untouched.
After Installation
Once installed, visit /admin/config/security/search-security to:
- Choose your desired protection level
- Enable phone number and keyword detection
- Configure how malicious queries are handled
- Set up warning messages and contact links
- Review the blocklist and allowlist
- Monitor logs and test detection
Performance & UX
Clean redirect ensures users stay on the page, unaware of any threat
Admins can display a clear warning or educational page if preferred
Designed to minimize false positives and allow fine-tuning
EventSubscriber automatically skips admin routes and APIs
Negligible impact on performance, even on high-traffic sites
For Developers
Search Security provides:
- A dedicated detection service: search_security.detector
- Hooks for theme integration and page preprocessing
- Configurable warning templates (search-security-warning.html.twig)
- Support for extending detection patterns and whitelists
- Configuration export support for CI/CD pipelines
- Clean, PSR-4 structured code with PHP 8.3 compatibility
Example:
$is_malicious = \Drupal::service('search_security.detector')->containsMaliciousPattern($query);
Recommended Modules
- search404: Adds support for custom 404 search paths
- views_pretty_path: Enables protection for pretty filter URLs in Views
Similar Projects
Most spam and injection filters in Drupal focus on forms or comment fields.
Search Security Enhanced is purpose-built to protect search pages, clean URL parameters, and educate users.
It’s the only module offering:
- Real-time query sanitization
- Phone number pattern detection
- Redirects with cleaned parameters
- Configurable warning pages
- Full integration with Drupal's routing and logging systems
Community & Documentation
Full documentation is available in the README.