PHPackages bdsa/wafy - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Security](/categories/security) 4. / 5. bdsa/wafy ActiveLibrary[Security](/categories/security) bdsa/wafy ========= A Laravel package to automatically ban IP addresses and detect malicious requests. 1.2.4(1mo ago)131MITPHPPHP >=7.4 Since Feb 9Pushed 1mo ago2 watchersCompare [ Source](https://github.com/tomakakwark/wafy)[ Packagist](https://packagist.org/packages/bdsa/wafy)[ RSS](/packages/bdsa-wafy/feed)WikiDiscussions main Synced 1mo ago READMEChangelog (8)Dependencies (6)Versions (8)Used By (0) Wafy - Laravel Firewall & Malicious Request Detector ======================================================== [](#wafy---laravel-firewall--malicious-request-detector) [![License](https://camo.githubusercontent.com/7013272bd27ece47364536a221edb554cd69683b68a46fc0ee96881174c4214c/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f6c6963656e73652d4d49542d626c75652e737667)](https://camo.githubusercontent.com/7013272bd27ece47364536a221edb554cd69683b68a46fc0ee96881174c4214c/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f6c6963656e73652d4d49542d626c75652e737667)[![PHP](https://camo.githubusercontent.com/291fb48c27888cb58d3daa496237532ea2d0bdd51a933f0a7a4262e9d87b7304/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f7068702d253345253344372e342d3838393242462e737667)](https://camo.githubusercontent.com/291fb48c27888cb58d3daa496237532ea2d0bdd51a933f0a7a4262e9d87b7304/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f7068702d253345253344372e342d3838393242462e737667)[![Laravel](https://camo.githubusercontent.com/a186717ae438bc8634bbbcb6ef3ef71f06e15b4eecc5cba0fbb563f2b46efdf4/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f6c61726176656c2d253545382e30253743253545392e3025374325354531302e3025374325354531312e3025374325354531322e302d4646324432302e737667)](https://camo.githubusercontent.com/a186717ae438bc8634bbbcb6ef3ef71f06e15b4eecc5cba0fbb563f2b46efdf4/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f6c61726176656c2d253545382e30253743253545392e3025374325354531302e3025374325354531312e3025374325354531322e302d4646324432302e737667) **Wafy** is a robust Laravel package developed by **Bdsa** designed to automatically ban IP addresses and detect malicious requests, including SQL Injection, XSS, and more. Features -------- [](#features) - 🛡️ **IP Banning**: Automatically block IPs engaging in suspicious activity. - 🕵️ **Malicious Request Detection**: Detects SQLi, XSS, LFI, and RCE attempts. - ⏱️ **Temporary & Permanent Bans**: Configurable ban durations. - ⚙️ **Customizable Patterns**: Define your own regex patterns for detection. - 🖥️ **Artisan Commands**: Easily manage banned IPs via CLI. --- Installation ------------ [](#installation) ### 1. Require with Composer [](#1-require-with-composer) Add the package to your project: ``` composer require bdsa/wafy ``` ### 2. Publish Configuration [](#2-publish-configuration) Publish the configuration file and migrations: ``` php artisan vendor:publish --provider="Bdsa\Wafy\WafyServiceProvider" ``` ### 3. Run Migrations [](#3-run-migrations) Create the `banned_ips` table: ``` php artisan migrate ``` --- Usage ----- [](#usage) ### Middleware [](#middleware) Wafy provides two key middlewares : BlockBannedIp & DetectMaliciousRequests. #### Protecting Routes [](#protecting-routes) Apply the middleware to your routes or groups: ``` use Bdsa\Wafy\Middleware\BlockBannedIp; use Bdsa\Wafy\Middleware\DetectMaliciousRequests; Route::group(['middleware' => ['block.banned.ip', 'detect.malicious.requests']], function () { Route::get('/', function () { return view('welcome'); }); // Your protected routes }); ``` ### Artisan Commands [](#artisan-commands) Manage banned IPs directly from the terminal: - **Ban an IP manually:** ``` php artisan wafy:ban {ip_address} [--reason="Your reason"] ``` - **Unban an IP:** ``` php artisan wafy:unban {ip_address} ``` - **List all banned IPs:** ``` php artisan wafy:list ``` - **Enable/Disable WAF:** ``` php artisan wafy:mode {enable|disable} ``` - **Set Action Mode (Block or Log-Only):** ``` php artisan wafy:action {block|log} ``` --- Configuration ------------- [](#configuration) The configuration file is located at `config/wafy.php`. You can customize the detection patterns here. Default protection covers: - **SQL Injection (SQLi)**: `UNION SELECT`, common SQL verbs, hex encoding. - **Local File Inclusion (LFI)**: Directory traversal (`../`), system files (`/etc/passwd`). - **Cross-Site Scripting (XSS)**: Script tags, event handlers (`onload`, `onerror`). - **Remote Code Execution (RCE)**: Shell commands (`cat`, `wget`), PHP execution functions. Example `config/wafy.php`: ``` return [ 'enabled' => env('WAFY_ENABLED', true), 'patterns' => [ '/(union(\s+all)?\s+select)/i', '/(select\s+.*\s+from|delete\s+from|update\s+.*\s+set)/i', '/(.*?)/is', // Add your custom patterns here ], 'allowed_ips' => [ '127.0.0.1', // Localhost '192.168.1.1', // Office IP ], 'notifications' => [ 'enabled' => env('WAFY_NOTIFICATIONS_ENABLED', false), 'channels' => ['mail'], // Choose 'mail', 'slack' or both 'email' => env('WAFY_NOTIFICATION_EMAIL', 'admin@example.com'), 'slack_webhook' => env('WAFY_SLACK_WEBHOOK', ''), ], ]; ``` --- Testing ------- [](#testing) To run the package tests: ``` vendor/bin/phpunit ``` --- License ------- [](#license) This project is licensed under the [MIT License](LICENSE). ### Health Score 37 — LowBetter than 83% of packages Maintenance88 Actively maintained with recent releases Popularity10 Limited adoption so far Community4 Small or concentrated contributor base Maturity39 Early-stage or recently created project How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~6 days Total 7 Last Release 59d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/7455d6ae991a3a7b524d7013b092d6c77544d9b1221124d1a1c9e2bdf4efebac?d=identicon)[tomakakwark](/maintainers/tomakakwark) --- Tags banipfirewalllaravellaravel-packagesecuritysqlinject-defensewaf ### Code Quality TestsPHPUnit ### Embed Badge ![Health badge](/badges/bdsa-wafy/health.svg) ``` [![Health](https://phpackages.com/badges/bdsa-wafy/health.svg)](https://phpackages.com/packages/bdsa-wafy) ``` ### Alternatives [illuminate/encryption The Illuminate Encryption package. 9229.7M280](/packages/illuminate-encryption)[tzsk/otp A secure, database-free One-Time Password (OTP) generator and verifier for PHP and Laravel. 241641.4k1](/packages/tzsk-otp)[genealabs/laravel-governor Managing policy and control in Laravel. 201262.8k](/packages/genealabs-laravel-governor)[dgtlss/warden A Laravel package that proactively monitors your dependencies for security vulnerabilities by running automated composer audits and sending notifications via webhooks and email 8745.6k](/packages/dgtlss-warden)[ercsctt/laravel-file-encryption Secure file encryption and decryption for Laravel applications 642.6k](/packages/ercsctt-laravel-file-encryption)[laragear/poke Keep your forms alive, avoid TokenMismatchException by gently poking your Laravel app 2211.5k](/packages/laragear-poke) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)