PHPackages spinzar/firewall - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Security](/categories/security) 4. / 5. spinzar/firewall ActiveLibrary[Security](/categories/security) spinzar/firewall ================ Web Application Firewall (WAF) package for Laravel 1.0.0(5y ago)0117MITPHPPHP ^5.6.0|^7.0|^7.1|^7.2|^7.3|^7.4 Since Nov 3Pushed 5y ago1 watchersCompare [ Source](https://github.com/spinzar/firewall)[ Packagist](https://packagist.org/packages/spinzar/firewall)[ RSS](/packages/spinzar-firewall/feed)WikiDiscussions main Synced 3d ago READMEChangelog (1)Dependencies (5)Versions (2)Used By (0) Web Application Firewall (WAF) package for Laravel ================================================== [](#web-application-firewall-waf-package-for-laravel) [![Version](https://camo.githubusercontent.com/1b19e182efbd7dc83abf2bf24b017c062a4a232a91c3014265064bad2f5301b3/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f7370696e7a61722f6669726577616c6c3f6c6162656c3d72656c65617365)](https://github.com/spinzar/firewall/releases)[![Downloads](https://camo.githubusercontent.com/1ef7a9d14764710ca3455360e288748639328d754822afcdc7fbadb8f85127d1/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f64742f7370696e7a61722f6669726577616c6c)](https://camo.githubusercontent.com/1ef7a9d14764710ca3455360e288748639328d754822afcdc7fbadb8f85127d1/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f64742f7370696e7a61722f6669726577616c6c)[![Tests](https://camo.githubusercontent.com/342896b980c844ff1c051fec29b8ad3121781d4c24b6c5457c6c9247d725399c/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f776f726b666c6f772f7374617475732f7370696e7a61722f6669726577616c6c2f54657374733f6c6162656c3d7465737473)](https://camo.githubusercontent.com/342896b980c844ff1c051fec29b8ad3121781d4c24b6c5457c6c9247d725399c/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f776f726b666c6f772f7374617475732f7370696e7a61722f6669726577616c6c2f54657374733f6c6162656c3d7465737473)[![StyleCI](https://camo.githubusercontent.com/56b998613399aaa8e01eb1a41b6088bd5698e481a5b11af92fdf19238513ec8c/68747470733a2f2f6769746875622e7374796c6563692e696f2f7265706f732f3330393637313231392f736869656c643f6272616e63683d6d61696e)](https://github.styleci.io/repos/309671219?branch=main)[![Quality](https://camo.githubusercontent.com/00db46ae83c392ff72faba0442df2beafd13436853f4137684be7b71d119fd01/68747470733a2f2f696d672e736869656c64732e696f2f7363727574696e697a65722f7175616c6974792f672f7370696e7a61722f6669726577616c6c3f6c6162656c3d7175616c697479)](https://scrutinizer-ci.com/g/spinzar/firewall)[![License](https://camo.githubusercontent.com/d06b66bfdaf9d18f28e766df0caa133d98aab5aee9e033e2894eefe4cefe695f/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f6c6963656e73652f7370696e7a61722f6669726577616c6c)](LICENSE.md) This package intends to protect your Laravel app from different type of attacks such as XSS, SQLi, RFI, LFI, User Agent, and a lot more. It will also block repeated attacks and send notification via email and/or slack when attack is detected. Furthermore, it will log failed logins and block the IP after a number of attempts. Note: Some middleware classes (i.e. Xss) are empty as the `Middleware` abstract class that they extend does all of the job, dynamically. In short, they all works ;) Getting Started --------------- [](#getting-started) ### 1. Install [](#1-install) Run the following command: ``` composer require spinzar/firewall ``` ### 2. Register (for Laravel < 5.5) [](#2-register-for-laravel--55) Register the service provider in `config/app.php` ``` Spinzar\Firewall\Provider::class, ``` ### 3. Publish [](#3-publish) Publish configuration, language, and migrations ``` php artisan vendor:publish --tag=firewall ``` ### 4. Database [](#4-database) Create db tables ``` php artisan migrate ``` ### 5. Configure [](#5-configure) You can change the firewall settings of your app from `config/firewall.php` file Usage ----- [](#usage) Middlewares are already defined so should just add them to routes. The `firewall.all` middleware applies all the middlewares available in the `all_middleware` array of config file. ``` Route::group(['middleware' => 'firewall.all'], function () { Route::get('/', 'HomeController@index'); }); ``` You can apply each middleware per route. For example, you can allow only whitelisted IPs to access admin: ``` Route::group(['middleware' => 'firewall.whitelist'], function () { Route::get('/admin', 'AdminController@index'); }); ``` Or you can get notified when anyone NOT in `whitelist` access admin, by adding it to the `inspections` config: ``` Route::group(['middleware' => 'firewall.url'], function () { Route::get('/admin', 'AdminController@index'); }); ``` Available middlewares applicable to routes: ``` firewall.all firewall.agent firewall.bot firewall.geo firewall.ip firewall.lfi firewall.php firewall.referrer firewall.rfi firewall.session firewall.sqli firewall.swear firewall.url firewall.whitelist firewall.xss ``` You may also define `routes` for each middleware in `config/firewall.php` and apply that middleware or `firewall.all` at the top of all routes. Notifications ------------- [](#notifications) Firewall will send a notification as soon as an attack has been detected. Emails entered in `notifications.email.to` config must be valid Laravel users in order to send notifications. Check out the Notifications documentation of Laravel for further information. Changelog --------- [](#changelog) Please see [Releases](../../releases) for more information what has changed recently. Contributing ------------ [](#contributing) Pull requests are more than welcome. You must follow the PSR coding standards. Security -------- [](#security) If you discover any security related issues, please email instead of using the issue tracker. Credits ------- [](#credits) - [Nassim Nasibullah](https://github.com/spinzar) - [All Contributors](../../contributors) License ------- [](#license) The MIT License (MIT). Please see [LICENSE](LICENSE.md) for more information. ### Health Score 25 — LowBetter than 37% of packages Maintenance20 Infrequent updates — may be unmaintained Popularity10 Limited adoption so far Community9 Small or concentrated contributor base Maturity53 Maturing project, gaining track record Bus Factor1 Top contributor holds 66.7% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Unknown Total 1 Last Release 2019d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/987ff229c44a1c7100e95f77e4bc07c911f99ff9f270bbcf7b9b4bac0318635f?d=identicon)[spinzar](/maintainers/spinzar) --- Top Contributors [![spinzar](https://avatars.githubusercontent.com/u/73431676?v=4)](https://github.com/spinzar "spinzar (2 commits)")[![nassimnasibullah](https://avatars.githubusercontent.com/u/12146118?v=4)](https://github.com/nassimnasibullah "nassimnasibullah (1 commits)") --- Tags laravelsecurityxssblacklistfirewallsqliwafrfilfi ### Code Quality TestsPHPUnit ### Embed Badge ![Health badge](/badges/spinzar-firewall/health.svg) ``` [![Health](https://phpackages.com/badges/spinzar-firewall/health.svg)](https://phpackages.com/packages/spinzar-firewall) ``` ### Alternatives [akaunting/laravel-firewall Web Application Firewall (WAF) package for Laravel 999465.8k2](/packages/akaunting-laravel-firewall)[masterro/laravel-xss-filter Filter user input for XSS but don't touch other html 41254.5k](/packages/masterro-laravel-xss-filter) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)