PHPackages                             karster/firewall - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Security](/categories/security)
4. /
5. karster/firewall

ActiveLibrary[Security](/categories/security)

karster/firewall
================

012PHP

Since Sep 19Pushed 8y ago1 watchersCompare

[ Source](https://github.com/karster/firewall)[ Packagist](https://packagist.org/packages/karster/firewall)[ RSS](/packages/karster-firewall/feed)WikiDiscussions master Synced 3d ago

READMEChangelogDependenciesVersions (1)Used By (0)

Firewall
========

[](#firewall)

[![Build Status](https://camo.githubusercontent.com/213c611111d0d33d9918d77800ba5efca753a777149917022ed01009a976083e/68747470733a2f2f7472617669732d63692e6f72672f6b6172737465722f6669726577616c6c2e7376673f6272616e63683d6d6173746572)](https://travis-ci.org/karster/firewall)[![Latest Stable Version](https://camo.githubusercontent.com/29bfa2c012a699e4ce5fe5927728485ca9d0cfaca8dd7bf97cc144ce21330792/68747470733a2f2f706f7365722e707567782e6f72672f6b6172737465722f73656375726974792f762f737461626c65)](https://packagist.org/packages/karster/security)[![GitHub license](https://camo.githubusercontent.com/7013272bd27ece47364536a221edb554cd69683b68a46fc0ee96881174c4214c/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f6c6963656e73652d4d49542d626c75652e737667)](LICENSE.md)

> Simple firewall to protect your web application against many attacks

Installation
------------

[](#installation)

The preferred way to install this extension is through [composer](http://getcomposer.org/download/).

Either run

```
composer require karster/firewall:"dev-master"
```

or add

```
"karster/firewall": "dev-master"

```

to the require section of your composer.json.

Usage
-----

[](#usage)

```
require __DIR__ . '/vendor/autoload.php';

$config = [
    'logDirectory' => __DIR__ . "/firewall_logs",
    'logFilesCount' => 10,
    'allowAttackCount' => 5,
    'active' => true,
    'protection' => [
        'allowedRequestMethod' => [
            'active' => true
        ],
        'allowedGlobals' => [
            'active' => false
        ],
        'urlLength' => [
            'active' => true,
            'rules' => 200,
        ],
        'getProtection' => [
            'active' => true,
            'rules' => ['select', 'from'],
        ],
        'urlProtection' => [
            'active' => true,
            'rulesFile' => 'path/to/rulesFile.json'
        ],
        'whitelistIp' => [
            'active' => true,
            'rules' => ['127.0.0.1', '::1']
        ],
        'blacklistIp' => [
            'active' => true,
            'rules' => ['23.254.0.1', '22.23.22.8']
        ]
    ]
];

$firewall = new \karster\security\Firewall($config);
$firewall->run();
```

or

```
require __DIR__ . '/vendor/autoload.php';

$protections = [
    'allowedRequestMethod' => [
        'active' => true
    ],
    'allowedGlobals' => [
        'active' => false
    ],
    'urlLength' => [
        'active' => true,
        'rules' => 200,
    ],
    'getProtection' => [
        'active' => true,
        'rules' => ['select', 'from'],
    ],
    'urlProtection' => [
        'active' => true,
        'rulesFile' => 'path/to/rulesFile.json'
    ],
    'whitelistIp' => [
        'active' => true,
        'rules' => ['127.0.0.1', '::1']
    ],
    'blacklistIp' => [
        'active' => true,
        'rules' => ['23.254.0.1', '22.23.22.8']
    ]
];

$firewall = new \karster\security\Firewall();
$firewall->setAllowAttackCount(5)
         ->setActive(true)
         ->setLogDirectory(__DIR__ . "/firewall_logs")
         ->setLogFilesCount(10)
         ->setProtection($protections)
         ->run();
```

- logDirectory - `string` - path to directory where firewall can writes
- logFilesCount - `integer` - delete older logs than specific count. Set `0` to disable
- allowAttackCount - `integer` - attack count from same IP address before blacklisting (**logDirectory** is required). Set `0` to disable
- active - `boolean` - default `true`
- protection - `array` - associative array of protections where key is protection name and value is protection configuration

Protections
-----------

[](#protections)

We can chose different types of protection:

- allowedRequestMethod
- allowedGlobals
- blacklistIp
- cookieProtection
- getProtection
- postProtection
- sessionProtection
- urlLength
- urlProtection

Every protection contains configuration array with parameters:

- active `boolen` - default `true`
- rules `array|integer` - every protection accept array except **urlLength** protection witch accept integer
- rulesFile `string` - path to json file with rules

```
'cookieProtection' => [
    'active' => true,
    'rules' => [
        'select', 'from', 'where'
    ],
    // or
    'rulesFile' => 'path/to/rulesFile.json'
]
```

If isn't set `rules` or `rulesFile` use default rules.

Tests
-----

[](#tests)

```
./vendor/bin/phpunit -c phpunit.xml

```

Contribution
------------

[](#contribution)

Have an idea? Found a bug? See [how to contribute](CONTRIBUTING.md).

License
-------

[](#license)

MIT see [LICENSE](LICENSE.md) for the full license text.

###  Health Score

20

—

LowBetter than 14% of packages

Maintenance20

Infrequent updates — may be unmaintained

Popularity3

Limited adoption so far

Community11

Small or concentrated contributor base

Maturity41

Maturing project, gaining track record

 Bus Factor1

Top contributor holds 96.1% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

### Community

Maintainers

![](https://www.gravatar.com/avatar/9861d8483a334bd54621b1829f2b55620417df08080a0fe29426659eacb9385b?d=identicon)[karster](/maintainers/karster)

---

Top Contributors

[![karster](https://avatars.githubusercontent.com/u/17579408?v=4)](https://github.com/karster "karster (49 commits)")[![stromajer](https://avatars.githubusercontent.com/u/9317212?v=4)](https://github.com/stromajer "stromajer (2 commits)")

---

Tags

firewallprotectionsecuritywaf

### Embed Badge

![Health badge](/badges/karster-firewall/health.svg)

```
[![Health](https://phpackages.com/badges/karster-firewall/health.svg)](https://phpackages.com/packages/karster-firewall)
```

###  Alternatives

[defuse/php-encryption

Secure PHP Encryption Library

3.9k162.4M214](/packages/defuse-php-encryption)[roave/security-advisories

Prevents installation of composer packages with known security vulnerabilities: no API, simply require it

2.9k97.3M6.4k](/packages/roave-security-advisories)[mews/purifier

Laravel 5/6/7/8/9/10 HtmlPurifier Package

2.0k16.7M113](/packages/mews-purifier)[robrichards/xmlseclibs

A PHP library for XML Security

41278.1M118](/packages/robrichards-xmlseclibs)[bjeavons/zxcvbn-php

Realistic password strength estimation PHP library based on Zxcvbn JS

86917.5M63](/packages/bjeavons-zxcvbn-php)[enlightn/security-checker

A PHP dependency vulnerabilities scanner based on the Security Advisories Database.

33732.2M110](/packages/enlightn-security-checker)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)