PHPackages ozankurt/laravel-security - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Security](/categories/security) 4. / 5. ozankurt/laravel-security ActiveLibrary[Security](/categories/security) ozankurt/laravel-security ========================= Web Application Firewall (WAF) package for Laravel 0.2.2(9mo ago)1113MITPHPPHP ^8.0 Since Mar 23Pushed 9mo ago1 watchersCompare [ Source](https://github.com/OzanKurt/laravel-security)[ Packagist](https://packagist.org/packages/ozankurt/laravel-security)[ RSS](/packages/ozankurt-laravel-security/feed)WikiDiscussions main Synced 1mo ago READMEChangelog (7)Dependencies (7)Versions (8)Used By (0) Web Application Firewall (WAF) package for Laravel ================================================== [](#web-application-firewall-waf-package-for-laravel) [![Downloads](https://camo.githubusercontent.com/01693e1d0d9a24b86a240582c1269a0a05071cf2d20c0f1ebc3457a724f8d079/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f64742f6f7a616e6b7572742f6c61726176656c2d7365637572697479)](https://camo.githubusercontent.com/01693e1d0d9a24b86a240582c1269a0a05071cf2d20c0f1ebc3457a724f8d079/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f64742f6f7a616e6b7572742f6c61726176656c2d7365637572697479)[![Tests](https://camo.githubusercontent.com/e466ce667d12f66ef2f15f802506114123307d15d522eeca171c0035fcc47460/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f616374696f6e732f776f726b666c6f772f7374617475732f6f7a616e6b7572742f6c61726176656c2d73656375726974792f74657374732e796d6c3f6c6162656c3d7465737473)](https://camo.githubusercontent.com/e466ce667d12f66ef2f15f802506114123307d15d522eeca171c0035fcc47460/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f616374696f6e732f776f726b666c6f772f7374617475732f6f7a616e6b7572742f6c61726176656c2d73656375726974792f74657374732e796d6c3f6c6162656c3d7465737473)[![StyleCI](https://camo.githubusercontent.com/cfd7c06967d33db2f9b076f855751b2b6f9aabd2a67201bafc219affcd99cc20/68747470733a2f2f6769746875622e7374796c6563692e696f2f7265706f732f3139373234323339322f736869656c643f7374796c653d666c6174266272616e63683d6d6173746572)](https://styleci.io/repos/197242392)[![License](https://camo.githubusercontent.com/1fc48780fa1ee0f31146397b84eec47f89be3d9e6bf9bbbdb31bfd0758063bf8/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f6c6963656e73652f6f7a616e6b7572742f6c61726176656c2d7365637572697479)](LICENSE.md) This package intends to protect your Laravel app from different type of attacks such as XSS, SQLi, RFI, LFI, User Agent, and a lot more. It will also block repeated attacks and send notification via email and/or slack when attack is detected. Furthermore, it will log failed logins and block the IP after a number of attempts. Note: Some middleware classes (i.e. Xss) are empty as the `Middleware` abstract class that they extend does all of the job, dynamically. In short, they all works ;) Getting Started --------------- [](#getting-started) ### 1. Install [](#1-install) Run the following command: ``` composer require ozankurt/laravel-security ``` ### 2. Publish [](#2-publish) Publish configuration, language, and migrations ``` php artisan vendor:publish --tag=security ``` ### 3. Database [](#3-database) Create db tables ``` php artisan migrate ``` ### 4. Configure [](#4-configure) You can change the security settings of your app from `config/security.php` file Usage ----- [](#usage) Middlewares are already defined so should just add them to routes. The `firewall.all` middleware applies all the middlewares available in the `all_middleware` array of config file. ``` Route::group(['middleware' => 'firewall.all'], function () { Route::get('/', 'HomeController@index'); }); ``` You can apply each middleware per route. For example, you can allow only whitelisted IPs to access admin: ``` Route::group(['middleware' => 'firewall.whitelist'], function () { Route::get('/admin', 'AdminController@index'); }); ``` Or you can get notified when anyone NOT in `whitelist` access admin, by adding it to the `inspections` config: ``` Route::group(['middleware' => 'firewall.url'], function () { Route::get('/admin', 'AdminController@index'); }); ``` Available middlewares applicable to routes: ``` firewall.all firewall.agent firewall.bot firewall.geo firewall.ip firewall.lfi firewall.php firewall.referrer firewall.rfi firewall.session firewall.sqli firewall.swear firewall.url firewall.whitelist firewall.xss firewall.keyword ``` You may also define `routes` for each middleware in `config/security.php` and apply that middleware or `firewall.all` at the top of all routes. Notifications ------------- [](#notifications) Firewall will send a notification as soon as an attack has been detected. Emails entered in `notifications.email.to` config must be valid Laravel users in order to send notifications. Check out the Notifications documentation of Laravel for further information. Dashboard --------- [](#dashboard) In order to view the dashboard, you must enable it in your `AppServiceProvider`: ``` use App\Models\User; use Illuminate\Support\Facades\Gate; /** * Bootstrap any application services. */ public function boot(): void { Gate::define('viewSecurityDashboard', function (?User $user) { return $user?->id === 1; }); // ... } ``` .env Variables -------------- [](#env-variables) ``` FIREWALL_ENABLED=true FIREWALL_WHITELIST="127.0.0.0/24" FIREWALL_DASHBOARD_ENABLED=true FIREWALL_DB_CONNECTION="${DB_CONNECTION}" FIREWALL_DB_PREFIX=security_ FIREWALL_CRON_ENABLED=false FIREWALL_CRON_EXPRESSION="* * * * *" FIREWALL_NOTIFICATIONS_ATTACK_DETECTED_ENABLED=false FIREWALL_NOTIFICATIONS_SECURITY_REPORT_ENABLED=false FIREWALL_NOTIFICATIONS_SUCCESSFUL_LOGIN_ENABLED=false FIREWALL_NOTIFICATION_CHANNELS_EMAIL_ENABLED=false FIREWALL_NOTIFICATION_CHANNELS_EMAIL_NAME="${MAIL_FROM_NAME}" FIREWALL_NOTIFICATION_CHANNELS_EMAIL_FROM="${MAIL_FROM_ADDRESS}" FIREWALL_NOTIFICATION_CHANNELS_EMAIL_TO="webmaster@example.com" FIREWALL_NOTIFICATION_CHANNELS_EMAIL_QUEUE=default FIREWALL_NOTIFICATION_CHANNELS_SLACK_ENABLED=false FIREWALL_NOTIFICATION_CHANNELS_SLACK_EMOJI=":fire:" FIREWALL_NOTIFICATION_CHANNELS_SLACK_FROM="Laravel Security" FIREWALL_NOTIFICATION_CHANNELS_SLACK_TO= # webhook url FIREWALL_NOTIFICATION_CHANNELS_SLACK_CHANNEL=null FIREWALL_NOTIFICATION_CHANNELS_SLACK_QUEUE=default FIREWALL_NOTIFICATION_CHANNELS_DISCORD_ENABLED=false FIREWALL_NOTIFICATION_CHANNELS_DISCORD_WEBHOOK_URL= FIREWALL_NOTIFICATION_CHANNELS_DISCORD_QUEUE=default FIREWALL_NOTIFICATION_CHANNELS_DISCORD_FROM="Laravel Security" FIREWALL_NOTIFICATION_CHANNELS_DISCORD_FROM_IMG=https://ozankurt.com/laravel-security.png FIREWALL_NOTIFICATION_CHANNELS_DISCORD_ROUTE= FIREWALL_NOTIFICATION_CHANNELS_DISCORD_TITLE="Attack Detected" FIREWALL_NOTIFICATION_CHANNELS_DISCORD_FOOTER="Laravel Security" FIREWALL_NOTIFICATION_CHANNELS_DISCORD_FOOTER_IMG=https://ozankurt.com/laravel-security.png FIREWALL_MIDDLEWARE_IP_ENABLED=true FIREWALL_MIDDLEWARE_AGENT_ENABLED=true FIREWALL_MIDDLEWARE_BOT_ENABLED=true FIREWALL_MIDDLEWARE_GEO_ENABLED=true FIREWALL_MIDDLEWARE_LFI_ENABLED=true FIREWALL_MIDDLEWARE_LOGIN_ENABLED=true FIREWALL_MIDDLEWARE_PHP_ENABLED=true FIREWALL_MIDDLEWARE_REFERRER_ENABLED=true FIREWALL_MIDDLEWARE_RFI_ENABLED=true FIREWALL_MIDDLEWARE_SESSION_ENABLED=true FIREWALL_MIDDLEWARE_SQLI_ENABLED=true FIREWALL_MIDDLEWARE_SWEAR_ENABLED=true FIREWALL_MIDDLEWARE_URL_ENABLED=true FIREWALL_MIDDLEWARE_WHITELIST_ENABLED=true FIREWALL_MIDDLEWARE_XSS_ENABLED=true FIREWALL_MIDDLEWARE_KEYWORD_ENABLED=true ``` Changelog --------- [](#changelog) Please see [Releases](../../releases) for more information on what has changed recently. Contributing ------------ [](#contributing) Pull requests are more than welcome. You must follow the PSR coding standards. Security -------- [](#security) Please review [our security policy](https://github.com/ozankurt/laravel-security/security/policy) on how to report security vulnerabilities. Credits ------- [](#credits) - [ozankurt/laravel-security](https://github.com/ozankurt/laravel-security) - [All Contributors](../../contributors) Todo ---- [](#todo) - logs/ips datatable - ip by country breakdown -> datatable + chart - type of attack breakdown -> datatable + chart License ------- [](#license) The MIT License (MIT). Please see [LICENSE](LICENSE.md) for more information. ### Health Score 31 — LowBetter than 68% of packages Maintenance57 Moderate activity, may be stable Popularity11 Limited adoption so far Community7 Small or concentrated contributor base Maturity41 Maturing project, gaining track record Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~83 days Total 7 Last Release 283d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/c24006c03ba24fcb1c65905a009600b34e17d532add4a381075a2d7379cf4b94?d=identicon)[OzanKurt](/maintainers/OzanKurt) --- Top Contributors [![OzanKurt](https://avatars.githubusercontent.com/u/8682003?v=4)](https://github.com/OzanKurt "OzanKurt (36 commits)") --- Tags laravelsecurityxssblacklistfirewallsqliwafrfilfi ### Code Quality TestsPHPUnit ### Embed Badge ![Health badge](/badges/ozankurt-laravel-security/health.svg) ``` [![Health](https://phpackages.com/badges/ozankurt-laravel-security/health.svg)](https://phpackages.com/packages/ozankurt-laravel-security) ``` ### Alternatives [akaunting/laravel-firewall Web Application Firewall (WAF) package for Laravel 999465.8k2](/packages/akaunting-laravel-firewall)[masterro/laravel-xss-filter Filter user input for XSS but don't touch other html 41254.5k](/packages/masterro-laravel-xss-filter) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)