
:guardsman: PHP Web Application Firewall

Primary LanguagePHPMIT LicenseMIT


PHP Web Application Firewall

Build License
CI License


  • PHP >= 7.0


If Composer is not installed on your system yet, you may go ahead and install it using this command line:

$ curl -sS https://getcomposer.org/installer | php

Next, add the following require entry to the composer.json file in the root of your project.

    "require" : {
        "riverside/php-waf" : "*"

Finally, use Composer to install php-waf and its dependencies:

$ php composer.phar install 

How to use

  1. Configure your web server
    • Apache
    php_value auto_prepend_file "/path/to/waf.php"
    • Nginx
    fastcgi_param PHP_VALUE "auto_prepend_file=/path/to/waf.php";
  2. Create an Firewall instance
    • waf.php
    $waf = new \PhpWaf\Firewall();

Available filters

Filter Description
SQL SQL Injection
CRLF CRLF Injection
XSS Cross-site Scripting
XML XML Attacks