PHPackages restruct/silverstripe-waf - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Security](/categories/security) 4. / 5. restruct/silverstripe-waf ActiveSilverstripe-vendormodule[Security](/categories/security) restruct/silverstripe-waf ========================= PHP-level Web Application Firewall for Silverstripe - blocks vulnerability scanners, bad bots, and malicious IPs 1.3.0(1mo ago)151↓100%MITPHPPHP ^8.1 Since Feb 7Pushed 1mo agoCompare [ Source](https://github.com/restruct/silverstripe-waf)[ Packagist](https://packagist.org/packages/restruct/silverstripe-waf)[ RSS](/packages/restruct-silverstripe-waf/feed)WikiDiscussions main Synced 1mo ago READMEChangelogDependencies (3)Versions (11)Used By (0) Silverstripe WAF ================ [](#silverstripe-waf) PHP-level Web Application Firewall for Silverstripe CMS. Blocks vulnerability scanners, malicious bots, and bad IPs without requiring a separate WAF service. Features -------- [](#features) - **Early PHP Filter** — Blocks requests before Silverstripe loads (minimal overhead) - **Early Filter Banning** — Self-contained fail2ban alternative, bans repeat offenders at the PHP level - **Pattern-based blocking** — WordPress probes, webshells, config file access, path traversal - **IP Blocklists** — Auto-sync from threat intelligence feeds (FireHOL, Binary Defense) - **Rate Limiting** — Hard limits with soft progressive delays - **Privileged IPs** — Elevated rate limits for trusted IPs (still subject to all security checks) - **Auto-banning** — Automatically ban IPs after repeated violations - **ModelAdmin Guard** — Prevents PHP errors from scanner probes on admin URLs - **Fail2ban Integration** — Log format compatible with fail2ban filters - **CMS Admin** — View blocked requests, manage bans and privileged IPs - **QueuedJobs Support** — Auto-schedules blocklist sync if module is installed Requirements ------------ [](#requirements) - PHP 8.1+ - Silverstripe Framework 5.0+ or 6.0+ Installation ------------ [](#installation) ``` composer require restruct/silverstripe-waf vendor/bin/sake dev/build flush=1 ``` ### Enable Early Filter (Recommended) [](#enable-early-filter-recommended) Add to your `public/index.php` **at the very top**, before `use` statements: ```