PHPackages akaunting/laravel-firewall - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Security](/categories/security) 4. / 5. akaunting/laravel-firewall ActiveLibrary[Security](/categories/security) akaunting/laravel-firewall ========================== Web Application Firewall (WAF) package for Laravel 2.3.0(1y ago)999465.8k—5.7%116[3 issues](https://github.com/akaunting/laravel-firewall/issues)[3 PRs](https://github.com/akaunting/laravel-firewall/pulls)2MITPHPPHP ^8.0CI passing Since Jul 16Pushed 1y ago16 watchersCompare [ Source](https://github.com/akaunting/laravel-firewall)[ Packagist](https://packagist.org/packages/akaunting/laravel-firewall)[ RSS](/packages/akaunting-laravel-firewall/feed)WikiDiscussions master Synced 1mo ago READMEChangelog (10)Dependencies (5)Versions (42)Used By (2) Web Application Firewall (WAF) package for Laravel ================================================== [](#web-application-firewall-waf-package-for-laravel) [![Downloads](https://camo.githubusercontent.com/ea9f0138b225e3723b6dbb2887ea57c1d61f3dce101aed929eda6256b39ffdb4/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f64742f616b61756e74696e672f6c61726176656c2d6669726577616c6c)](https://camo.githubusercontent.com/ea9f0138b225e3723b6dbb2887ea57c1d61f3dce101aed929eda6256b39ffdb4/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f64742f616b61756e74696e672f6c61726176656c2d6669726577616c6c)[![Tests](https://camo.githubusercontent.com/cbc90ae70acaea8cdb59519c87777ef18a0565fb6c9d0fdf5c98c6932b8ef486/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f616374696f6e732f776f726b666c6f772f7374617475732f616b61756e74696e672f6c61726176656c2d6669726577616c6c2f74657374732e796d6c3f6c6162656c3d7465737473)](https://camo.githubusercontent.com/cbc90ae70acaea8cdb59519c87777ef18a0565fb6c9d0fdf5c98c6932b8ef486/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f616374696f6e732f776f726b666c6f772f7374617475732f616b61756e74696e672f6c61726176656c2d6669726577616c6c2f74657374732e796d6c3f6c6162656c3d7465737473)[![StyleCI](https://camo.githubusercontent.com/cfd7c06967d33db2f9b076f855751b2b6f9aabd2a67201bafc219affcd99cc20/68747470733a2f2f6769746875622e7374796c6563692e696f2f7265706f732f3139373234323339322f736869656c643f7374796c653d666c6174266272616e63683d6d6173746572)](https://styleci.io/repos/197242392)[![License](https://camo.githubusercontent.com/e0f44a697f1e32d00a4e7d47333cc06dcdd5475ab12b45ff94fdc58184884ead/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f6c6963656e73652f616b61756e74696e672f6c61726176656c2d6669726577616c6c)](LICENSE.md) This package intends to protect your Laravel app from different type of attacks such as XSS, SQLi, RFI, LFI, User Agent, and a lot more. It will also block repeated attacks and send notification via email and/or slack when attack is detected. Furthermore, it will log failed logins and block the IP after a number of attempts. Note: Some middleware classes (i.e. Xss) are empty as the `Middleware` abstract class that they extend does all of the job, dynamically. In short, they all works ;) Getting Started --------------- [](#getting-started) ### 1. Install [](#1-install) Run the following command: ``` composer require akaunting/laravel-firewall ``` ### 2. Publish [](#2-publish) Publish configuration, language, and migrations ``` php artisan vendor:publish --tag=firewall ``` ### 3. Database [](#3-database) Create db tables ``` php artisan migrate ``` ### 4. Configure [](#4-configure) You can change the firewall settings of your app from `config/firewall.php` file Usage ----- [](#usage) Middlewares are already defined so should just add them to routes. The `firewall.all` middleware applies all the middlewares available in the `all_middleware` array of config file. ``` Route::group(['middleware' => 'firewall.all'], function () { Route::get('/', 'HomeController@index'); }); ``` You can apply each middleware per route. For example, you can allow only whitelisted IPs to access admin: ``` Route::group(['middleware' => 'firewall.whitelist'], function () { Route::get('/admin', 'AdminController@index'); }); ``` Or you can get notified when anyone NOT in `whitelist` access admin, by adding it to the `inspections` config: ``` Route::group(['middleware' => 'firewall.url'], function () { Route::get('/admin', 'AdminController@index'); }); ``` Available middlewares applicable to routes: ``` firewall.all firewall.agent firewall.bot firewall.geo firewall.ip firewall.lfi firewall.php firewall.referrer firewall.rfi firewall.session firewall.sqli firewall.swear firewall.url firewall.whitelist firewall.xss ``` You may also define `routes` for each middleware in `config/firewall.php` and apply that middleware or `firewall.all` at the top of all routes. Notifications ------------- [](#notifications) Firewall will send a notification as soon as an attack has been detected. Emails entered in `notifications.email.to` config must be valid Laravel users in order to send notifications. Check out the Notifications documentation of Laravel for further information. Changelog --------- [](#changelog) Please see [Releases](../../releases) for more information on what has changed recently. Contributing ------------ [](#contributing) Pull requests are more than welcome. You must follow the PSR coding standards. Security -------- [](#security) Please review [our security policy](https://github.com/akaunting/laravel-firewall/security/policy) on how to report security vulnerabilities. Credits ------- [](#credits) - [Denis Duliçi](https://github.com/denisdulici) - [All Contributors](../../contributors) License ------- [](#license) The MIT License (MIT). Please see [LICENSE](LICENSE.md) for more information. ### Health Score 57 — FairBetter than 98% of packages Maintenance46 Moderate activity, may be stable Popularity61 Solid adoption and visibility Community31 Small or concentrated contributor base Maturity76 Established project with proven stability Bus Factor1 Top contributor holds 84.8% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~52 days Recently: every ~146 days Total 41 Last Release 404d ago Major Versions 1.3.4 → 2.0.02022-08-02 PHP version history (4 changes)1.0.0PHP >=5.6.4 1.3.0PHP >=7.0 1.3.4PHP >=7.3 2.0.0PHP ^8.0 ### Community Maintainers ![](https://avatars.githubusercontent.com/u/5254835?v=4)[Denis Dulici](/maintainers/denisdulici)[@denisdulici](https://github.com/denisdulici) ![](https://avatars.githubusercontent.com/u/10936547?v=4)[Cüneyt Şentürk](/maintainers/cuneytsenturk)[@cuneytsenturk](https://github.com/cuneytsenturk) --- Top Contributors [![denisdulici](https://avatars.githubusercontent.com/u/5254835?v=4)](https://github.com/denisdulici "denisdulici (117 commits)")[![thomascombe](https://avatars.githubusercontent.com/u/39582382?v=4)](https://github.com/thomascombe "thomascombe (6 commits)")[![HaroldST](https://avatars.githubusercontent.com/u/70189863?v=4)](https://github.com/HaroldST "HaroldST (4 commits)")[![mozami](https://avatars.githubusercontent.com/u/613641?v=4)](https://github.com/mozami "mozami (4 commits)")[![samehdoush](https://avatars.githubusercontent.com/u/48515888?v=4)](https://github.com/samehdoush "samehdoush (2 commits)")[![andreia](https://avatars.githubusercontent.com/u/38911?v=4)](https://github.com/andreia "andreia (2 commits)")[![vlasscontreras](https://avatars.githubusercontent.com/u/17748144?v=4)](https://github.com/vlasscontreras "vlasscontreras (1 commits)")[![ip2location-com](https://avatars.githubusercontent.com/u/6367210?v=4)](https://github.com/ip2location-com "ip2location-com (1 commits)")[![2000calories](https://avatars.githubusercontent.com/u/25191098?v=4)](https://github.com/2000calories "2000calories (1 commits)") --- Tags akauntingblacklistfirewalllaravelphpsecuritywafwhitelistlaravelsecurityxssblacklistfirewallsqliwafrfilfi ### Code Quality TestsPHPUnit ### Embed Badge ![Health badge](/badges/akaunting-laravel-firewall/health.svg) ``` [![Health](https://phpackages.com/badges/akaunting-laravel-firewall/health.svg)](https://phpackages.com/packages/akaunting-laravel-firewall) ``` ### Alternatives [masterro/laravel-xss-filter Filter user input for XSS but don't touch other html 41254.5k](/packages/masterro-laravel-xss-filter) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)