PHPackages wafris/laravel-wafris - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Security](/categories/security) 4. / 5. wafris/laravel-wafris ActiveLibrary[Security](/categories/security) wafris/laravel-wafris ===================== Wafris for Laravel v0.0.4(1y ago)161.1k4[1 PRs](https://github.com/Wafris/laravel-wafris/pulls)MITPHPPHP >=8.1 Since Nov 4Pushed 1y ago4 watchersCompare [ Source](https://github.com/Wafris/laravel-wafris)[ Packagist](https://packagist.org/packages/wafris/laravel-wafris)[ Docs](https://github.com/wafris/laravel-wafris)[ RSS](/packages/wafris-laravel-wafris/feed)WikiDiscussions main Synced 1mo ago READMEChangelog (3)Dependencies (6)Versions (8)Used By (0) Wafris for Laravel ================== [](#wafris-for-laravel) [![Latest Version on Packagist](https://camo.githubusercontent.com/6432b9079fb977b2376d6d2657f060a868fb59adfe86ecdc2213a47c22866202/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f7761667269732f6c61726176656c2d7761667269732e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/wafris/laravel-wafris)[![GitHub Tests Action Status](https://camo.githubusercontent.com/4dc225097f2636f1e9c8be345b1a29bf09965a7780e2cf0b1c9d4c7187637ca1/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f616374696f6e732f776f726b666c6f772f7374617475732f7761667269732f6c61726176656c2d7761667269732f72756e2d74657374732e796d6c3f6272616e63683d6d61696e266c6162656c3d7465737473267374796c653d666c61742d737175617265)](https://github.com/wafris/laravel-wafris/actions?query=workflow%3Arun-tests+branch%3Amain)[![GitHub Code Style Action Status](https://camo.githubusercontent.com/f504b0c48023cabbd07278f4472cfe4545934b3fbb10490b1f66397d3fb63eb9/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f616374696f6e732f776f726b666c6f772f7374617475732f7761667269732f6c61726176656c2d7761667269732f6669782d7068702d636f64652d7374796c652d6973737565732e796d6c3f6272616e63683d6d61696e266c6162656c3d636f64652532307374796c65267374796c653d666c61742d737175617265)](https://github.com/wafris/laravel-wafris/actions?query=workflow%3A%22Fix+PHP+code+style+issues%22+branch%3Amain)[![Total Downloads](https://camo.githubusercontent.com/2fed13eece419ccf10f1546f57955084e5c6b8689f94d05c432a7c4dff64be11/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f64742f7761667269732f6c61726176656c2d7761667269732e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/wafris/laravel-wafris) Wafris is an open-source Web Application Firewall (WAF) that runs within Laravel (and other frameworks) powered by Redis. Paired with [Wafris Hub](https://wafris.org/hub), you can create rules to block malicious traffic from hitting your application. [![Rules and Graph](docs/rules-and-graph.png)](docs/rules-and-graph.png) Rules like: - Block IP addresses (IPv6 and IPv4) from making requests - Block on hosts, paths, user agents, parameters, and methods - Rate limit (throttle) requests - Visualize inbound traffic and requests Need a better explanation? Read the overview at: [wafris.org](https://wafris.org) Installation ------------ [](#installation) ### 1. Connect on Wafris Hub [](#1-connect-on-wafris-hub) Go to to create a new account and follow the instructions to link your Redis instance. **Note:** In Step 3, you'll use this same Redis URL in your app configuration. ### 2. Install this library via Composer [](#2-install-this-library-via-composer) ``` composer require wafris/laravel-wafris ``` ### 3. Publish and configure Wafris [](#3-publish-and-configure-wafris) You can publish the config file with: ``` php artisan vendor:publish --tag="wafris-config" ``` We recommend creating a separate Redis configuration for Wafris. That can be done in `config/database.php` with a new entry like this: ``` 'redis' => [ 'client' => env('REDIS_CLIENT', 'predis'), // Make sure to set your Redis client to predis 'options' => [ ... ], 'default' => [ ... ], 'cache' => [ ... ], 'wafris' => [ 'url' => env('REDIS_URL'), 'host' => env('REDIS_HOST', '127.0.0.1'), 'username' => env('REDIS_USERNAME'), 'password' => env('REDIS_PASSWORD'), 'port' => env('REDIS_PORT', '6379'), 'database' => env('REDIS_CACHE_DB', '3'), 'read_write_timeout' => 1, // Timeout in seconds ], ], ``` Usage ----- [](#usage) Add the `Wafris\AllowRequestMiddleware` middleware to routes that you want to have protected by Wafris. ### Protecting all routes [](#protecting-all-routes) To protect all routes in your Laravel application, add the `Wafris\AllowRequestMiddleware` globally. #### Laravel 11 [](#laravel-11) [Starting in Laravel 11](https://laravel.com/docs/11.x/middleware#global-middleware), middleware are registered in `bootstrap/app.php`. Add the following line in the `withMiddleware` section of that file: ``` Application::configure(basePath: dirname(__DIR__)) // ... ->withMiddleware(function (Middleware $middleware) { // ... other middleware $middleware->append(\Wafris\AllowRequestMiddleware::class); }); ``` ### Laravel 10 [](#laravel-10) To protect all routes in your Laravel application, add `Wafris\AllowRequestMiddleware` to the `$middleware` property of your `app/Http/Kernel.php` class. ``` // app/Http/Kernel.php /** * The application's global HTTP middleware stack. * * These middleware are run during every request to your application. * * @var array */ protected $middleware = [ // \App\Http\Middleware\TrustHosts::class, \App\Http\Middleware\TrustProxies::class, \Illuminate\Http\Middleware\HandleCors::class, \App\Http\Middleware\PreventRequestsDuringMaintenance::class, \Illuminate\Foundation\Http\Middleware\ValidatePostSize::class, \App\Http\Middleware\TrimStrings::class, \Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull::class, \Wafris\AllowRequestMiddleware::class, ]; ``` ### Protecting specific middleware groups [](#protecting-specific-middleware-groups) To protect specific middleware groups, such as the `web` or `api` groups, add `Wafris\AllowRequestMiddleware` to each desired middleware group in your `app/Http/Kernel.php` class. ``` // app/Http/Kernel.php /** * The application's route middleware groups. * * @var array */ protected $middlewareGroups = [ 'web' => [ \App\Http\Middleware\EncryptCookies::class, \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class, \Illuminate\Session\Middleware\StartSession::class, \Illuminate\View\Middleware\ShareErrorsFromSession::class, \App\Http\Middleware\VerifyCsrfToken::class, \Illuminate\Routing\Middleware\SubstituteBindings::class, \Wafris\AllowRequestMiddleware::class, ], 'api' => [ // \Laravel\Sanctum\Http\Middleware\EnsureFrontendRequestsAreStateful::class, \Illuminate\Routing\Middleware\ThrottleRequests::class.':api', \Illuminate\Routing\Middleware\SubstituteBindings::class, \Wafris\AllowRequestMiddleware::class, ], ]; ``` ### Protecting individual routes [](#protecting-individual-routes) Use the `Wafris\AllowRequestMiddleware` middleware when defining your route. ``` // routes/web.php Route::get('/signup', function () { // ... })->middleware(\Wafris\AllowRequestMiddleware::class); ``` Testing ------- [](#testing) ``` composer test ``` Changelog --------- [](#changelog) Please see [CHANGELOG](CHANGELOG.md) for more information on what has changed recently. Contributors ------------ [](#contributors) - [Mathias Hansen](https://github.com/MiniCodeMonkey) - [Jaryd Madlena](https://github.com/jmadlena) Help / Support -------------- [](#help--support) - Email: - Twitter: [@wafrisorg](https://twitter.com/wafrisorg) - Booking: License ------- [](#license) Elastic License 2.0 - Please see [License File](LICENSE) for more information. [![](https://camo.githubusercontent.com/ad1b355b983d74c0bf8005ae238a8646c69a8fe06728058b815c46e6155e02b6/68747470733a2f2f757074696d65722e65787065646974656473656375726974792e636f6d2f6c61726176656c2d776166726973)](https://camo.githubusercontent.com/ad1b355b983d74c0bf8005ae238a8646c69a8fe06728058b815c46e6155e02b6/68747470733a2f2f757074696d65722e65787065646974656473656375726974792e636f6d2f6c61726176656c2d776166726973) ### Health Score 32 — LowBetter than 72% of packages Maintenance32 Infrequent updates — may be unmaintained Popularity24 Limited adoption so far Community18 Small or concentrated contributor base Maturity46 Maturing project, gaining track record Bus Factor2 2 contributors hold 50%+ of commits How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~66 days Total 4 Last Release 725d ago PHP version history (2 changes)v0.0.1PHP ^8.1 v0.0.4PHP >=8.1 ### Community Maintainers ![](https://www.gravatar.com/avatar/a4d986881bd295b370454f8d8883d73012ac4717165ac8db2fd2d5859c09785b?d=identicon)[rmcastil](/maintainers/rmcastil) --- Top Contributors [![MiniCodeMonkey](https://avatars.githubusercontent.com/u/220535?v=4)](https://github.com/MiniCodeMonkey "MiniCodeMonkey (19 commits)")[![rmcastil](https://avatars.githubusercontent.com/u/155443?v=4)](https://github.com/rmcastil "rmcastil (16 commits)")[![DanielCoulbourne](https://avatars.githubusercontent.com/u/429010?v=4)](https://github.com/DanielCoulbourne "DanielCoulbourne (12 commits)")[![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?v=4)](https://github.com/dependabot[bot] "dependabot[bot] (3 commits)")[![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?v=4)](https://github.com/github-actions[bot] "github-actions[bot] (3 commits)")[![mbuckbee](https://avatars.githubusercontent.com/u/15868?v=4)](https://github.com/mbuckbee "mbuckbee (3 commits)")[![jmadlena](https://avatars.githubusercontent.com/u/4220680?v=4)](https://github.com/jmadlena "jmadlena (1 commits)") --- Tags firewalllaravelsecuritywaflaravelWafrislaravel-wafris ### Code Quality Code StyleLaravel Pint ### Embed Badge ![Health badge](/badges/wafris-laravel-wafris/health.svg) ``` [![Health](https://phpackages.com/badges/wafris-laravel-wafris/health.svg)](https://phpackages.com/packages/wafris-laravel-wafris) ``` ### Alternatives [spatie/laravel-ciphersweet Use ciphersweet in your Laravel project 416718.4k1](/packages/spatie-laravel-ciphersweet)[vormkracht10/laravel-mails Laravel Mails can collect everything you might want to track about the mails that has been sent by your Laravel app. 24149.7k](/packages/vormkracht10-laravel-mails) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)