riverside/php-waf

PHP Web Application Firewall

2.0.0 2024-09-07 20:09 UTC

This package is auto-updated.

Last update: 2024-12-07 20:44:29 UTC


README

PHP Web Application Firewall

Requirements

  • PHP >= 7.0

Installation

If Composer is not installed on your system yet, you may go ahead and install it using this command line:

$ curl -sS https://getcomposer.org/installer | php

Next, add the following require entry to the composer.json file in the root of your project.

{
    "require" : {
        "riverside/php-waf" : "^2.0"
    }
}

Finally, use Composer to install php-waf and its dependencies:

$ php composer.phar install 

How to use

  1. Configure your web server
    • Apache
    php_value auto_prepend_file "/path/to/waf.php"
    
    • Nginx
    fastcgi_param PHP_VALUE "auto_prepend_file=/path/to/waf.php";
    
  2. Create an Firewall instance
    • waf.php
    <?php
    $waf = new \Riverside\Waf\Firewall();
    $waf->run();

Available filters

Migration Guide to Version 2.0.0

What's changed

In version 2.0.0, I have made the following updates to improve consistency and adherence to PHP best practices:

  1. Namespace renamed
    • Old namespace: PhpWaf
    • New namespace: Riverside\Waf
  2. Class names renamed
    • Old names:
      • src/Filter/CRLF.php (Class CRLF)
      • src/Filter/SQL.php (Class SQL)
      • src/Filter/XML.php (Class XML)
      • src/Filter/XSS.php (Class XSS)
      • src/BaseFilter.php (Class BaseFilter)
    • New names:
      • src/Filter/Crlf.php (Class Crlf)
      • src/Filter/Sql.php (Class Sql)
      • src/Filter/Xml.php (Class Xml)
      • src/Filter/Xss.php (Class Xss)
      • src/AbstractFilter.php (Class AbstractFilter)
How to update your codebase
  1. Update class imports:
    • Old way:
      • use PhpWaf\Firewall;
      • use PhpWaf\Filter\CRLF;
      • use PhpWaf\Filter\SQL;
      • use PhpWaf\Filter\XML;
      • use PhpWaf\Filter\XSS;
    • New way:
      • use Riverside\Waf\Firewall;
      • use Riverside\Waf\Filter\Crlf;
      • use Riverside\Waf\Filter\Sql;
      • use Riverside\Waf\Filter\Xml;
      • use Riverside\Waf\Filter\Xss;