wafris / laravel-wafris
Wafris for Laravel
Requires
- php: >=8.1
- illuminate/contracts: ^10.0|^11.0
- predis/predis: ^2.2
- spatie/laravel-package-tools: ^1.14.0
Requires (Dev)
- laravel/pint: ^1.0
- orchestra/testbench: ^8.8|^9.0
- spatie/laravel-ray: ^1.26
This package is auto-updated.
Last update: 2024-11-08 08:35:23 UTC
README
Wafris is an open-source Web Application Firewall (WAF) that runs within Laravel (and other frameworks) powered by Redis.
Paired with Wafris Hub, you can create rules to block malicious traffic from hitting your application.
Rules like:
- Block IP addresses (IPv6 and IPv4) from making requests
- Block on hosts, paths, user agents, parameters, and methods
- Rate limit (throttle) requests
- Visualize inbound traffic and requests
Need a better explanation? Read the overview at: wafris.org
Installation
1. Connect on Wafris Hub
Go to https://wafris.org/hub to create a new account and follow the instructions to link your Redis instance.
Note: In Step 3, you'll use this same Redis URL in your app configuration.
2. Install this library via Composer
composer require wafris/laravel-wafris
3. Publish and configure Wafris
You can publish the config file with:
php artisan vendor:publish --tag="wafris-config"
We recommend creating a separate Redis configuration for Wafris. That can be done in config/database.php with a new entry like this:
'redis' => [ 'client' => env('REDIS_CLIENT', 'predis'), // Make sure to set your Redis client to predis 'options' => [ ... ], 'default' => [ ... ], 'cache' => [ ... ], 'wafris' => [ 'url' => env('REDIS_URL'), 'host' => env('REDIS_HOST', '127.0.0.1'), 'username' => env('REDIS_USERNAME'), 'password' => env('REDIS_PASSWORD'), 'port' => env('REDIS_PORT', '6379'), 'database' => env('REDIS_CACHE_DB', '3'), 'read_write_timeout' => 1, // Timeout in seconds ], ],
Usage
Add the Wafris\AllowRequestMiddleware middleware to routes that you want to have protected by Wafris.
Protecting all routes
To protect all routes in your Laravel application, add the Wafris\AllowRequestMiddleware globally.
Laravel 11
Starting in Laravel 11, middleware are registered in bootstrap/app.php. Add the following line in the withMiddleware section of that file:
Application::configure(basePath: dirname(__DIR__)) // ... ->withMiddleware(function (Middleware $middleware) { // ... other middleware $middleware->append(\Wafris\AllowRequestMiddleware::class); });
Laravel 10
To protect all routes in your Laravel application, add Wafris\AllowRequestMiddleware to the $middleware property of your app/Http/Kernel.php class.
// app/Http/Kernel.php /** * The application's global HTTP middleware stack. * * These middleware are run during every request to your application. * * @var array<int, class-string|string> */ protected $middleware = [ // \App\Http\Middleware\TrustHosts::class, \App\Http\Middleware\TrustProxies::class, \Illuminate\Http\Middleware\HandleCors::class, \App\Http\Middleware\PreventRequestsDuringMaintenance::class, \Illuminate\Foundation\Http\Middleware\ValidatePostSize::class, \App\Http\Middleware\TrimStrings::class, \Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull::class, \Wafris\AllowRequestMiddleware::class, ];
Protecting specific middleware groups
To protect specific middleware groups, such as the web or api groups, add Wafris\AllowRequestMiddleware to each desired middleware group in your app/Http/Kernel.php class.
// app/Http/Kernel.php /** * The application's route middleware groups. * * @var array<string, array<int, class-string|string>> */ protected $middlewareGroups = [ 'web' => [ \App\Http\Middleware\EncryptCookies::class, \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class, \Illuminate\Session\Middleware\StartSession::class, \Illuminate\View\Middleware\ShareErrorsFromSession::class, \App\Http\Middleware\VerifyCsrfToken::class, \Illuminate\Routing\Middleware\SubstituteBindings::class, \Wafris\AllowRequestMiddleware::class, ], 'api' => [ // \Laravel\Sanctum\Http\Middleware\EnsureFrontendRequestsAreStateful::class, \Illuminate\Routing\Middleware\ThrottleRequests::class.':api', \Illuminate\Routing\Middleware\SubstituteBindings::class, \Wafris\AllowRequestMiddleware::class, ], ];
Protecting individual routes
Use the Wafris\AllowRequestMiddleware middleware when defining your route.
// routes/web.php Route::get('/signup', function () { // ... })->middleware(\Wafris\AllowRequestMiddleware::class);
Testing
composer test
Changelog
Please see CHANGELOG for more information on what has changed recently.
Contributors
Help / Support
- Email: support@wafris.org
- Twitter: @wafrisorg
- Booking: https://app.harmonizely.com/expedited/wafris
License
Elastic License 2.0 - Please see License File for more information.