Prevent your Laravel application from various attacks using this package
As your application grows in popularity, it becomes a target for various attacks. And even if not so popular, there are bots that are constantly looking for vulnerabilities in your application.
So, it’s always a good idea to protect your application from such attacks. And if you’re using Laravel, there’s a package called Laravel Firewall that can help you do that. It’s a WAF (Web Application Firewall) for Laravel.
Essentially, it’s a package that can help you protect your Laravel application from various attacks like XSS, SQLi, RFI, LFI, User Agent, etc. It does so by blocking malicious requests to your application.
You protect your application from these attacks on the route level. So, you can specify which routes you want to protect from which attacks.
Installing Laravel Firewall
To install the package, you can use the composer like so.
composer require akaunting/laravel-firewall
Once installed, you can publish the config file, migrations, and language using the following command.
php artisan vendor:publish --tag=firewall
Finally, you can run the migrations to create the necessary tables.
php artisan migrate
This will create two tables: firewall_ips and firewall_logs. The firewall_ips table will store the IP addresses that you want to block and the firewall_logs table will store the logs of the blocked requests.
Usage
The package provides several middleware that you can use to protect your routes from various attacks. For instance, if you want to protect your route from XSS attacks, you can use the firewall.xss middleware like so.
Route::get('protected-route', function () {
//
})->middleware('firewall.xss');
Similarly, if you want to protect your route from SQLi attacks, you can use the firewall.sqli middleware like so.
Route::get('protected-route', function () {
//
})->middleware('firewall.sqli');
You can protect your route from all the attacks by using the firewall.all middleware like so.
Route::group(['middleware' => 'firewall.all'], function () {
Route::get('/', 'DashboardController@index');
});
Configuration
The package provides a configuration file that you can use to configure the package. You can find the config file at config/firewall.php.
The configuration lets you configure things on the attack-level individually. For instance, if you want to configure the attack for the failed login attempts, it looks like so.
'login' => [
'enabled' => env(
'FIREWALL_MIDDLEWARE_LOGIN_ENABLED',
env('FIREWALL_ENABLED', true)
),
'auto_block' => [
'attempts' => 5,
'frequency' => 1 * 60, // 1 minute
'period' => 30 * 60, // 30 minutes
],
]
Here, you can configure the number of attempts, frequency, and period for the failed login attempts.
Similarly, you can configure other attacks as well.
Conclusion
Laravel Firewall is a great package to protect your Laravel application from various attacks. It’s easy to use and configure and can be a great addition to your Laravel application and I don’t see any reason why you shouldn’t use it.
Like this article?
Buy me a coffee
👋 Hi there! I'm Amit. I write articles about all things web development. You can become a sponsor on my blog to help me continue my writing journey and get your brand in front of thousands of eyes.
