PHP Classes

PHP Web Application Firewall: Block malicious requests using a white list

Recommend this page to a friend!
  Info   Documentation   View files Files   Install with Composer Install with Composer   Download Download   Reputation   Support forum   Blog    
Ratings Unique User Downloads Download Rankings
StarStarStarStar 79%Total: 689 All time: 4,736 This week: 40Up
Version License PHP version Categories
web-app-firewall 30Custom (specified...5HTTP, PHP 5, Security
Description 

Author

This package can block malicious requests using a white list.

It alters the .htaccess file to make requests for PHP pages go through a filter script that acts like a reverse proxy to implement a Web application framework (WAF).

The filter script will block requests of unauthorized format but the package provides a Web interface for the administrator white list requests of expected formats for the current Web application.

Innovation Award
PHP Programming Innovation award winner
October 2016
Winner


Prize: One big elePHPant Plush Mascott
Some security attacks are performed by sending requests to Web servers that it is not expected to handle.

One way to minimize the chances of these attacks happening is to use a Web application firewall (WAF).

This package implements a Web Application Firewall in PHP for Web servers that support htaccess configuration.

It alters the .htaccess file so requests are handled by a script of this framework. It keeps track of a white list of request URLs supported by your application, so only approved URL formats are allowed.

URLs with unknown formats are put in moderation, so an administrator can approve the URLs or not for future requests.

This way the application can be protected from types of requests meant to perform security exploits.

Manuel Lemos
Picture of Roman Shneer
  Performance   Level  
Name: Roman Shneer <contact>
Classes: 4 packages by
Country: Israel Israel
Age: 45
All time rank: 9897 in Israel Israel
Week rank: 215 Up1 in Israel Israel Up
Innovation award
Innovation award
Nominee: 1x

Winner: 1x

Documentation

Web App Firewall

Introduction

WAFs goal is protect sites against hackers and virus attacks. Web App Firewall its PHP application that implement principle of reverse-proxy , control of types variables accepted by server , and comfortable management interface.<br> alt tag<br> W.A.F. supported to work under LAMP servers with .htaccess files support. Security protection based on white-list strategy: after starting "Learn" mode program collect map of requests, and user have to approve requests. After starting "Guard" mode - program accept only known requests.

Program using white-list strategy, it is more absolute protection, but its requires a lot of work on configuration. In the program using Intellectual graphical UI , its give an opportunity regularize most chaotic structure.

Contains libraries:<br>

Jquery-connections https://github.com/musclesoft/jquery-connections<br> jQuery-1.11.3 https://jquery.com<br> Google Charts https://developers.google.com/chart/<br>

Requires:<br>

Linux OS, Apache webserver with support htaccess and mod_rewrite,PHP5 with support CURL and MySQL<br>

How its working?

Web App Firewall organize reverse-proxy by injection to .htaccess file, and writing Rewrite Rules with security key 1.

WAF script get redirected request and parse path and parameters sent from user. Detect created rules for specified situation and block or accept request via prepared politics.

If request approved, WAF script sending request back to server via CURL with added security key 2 (.htaccess rule miss request if detect key2). If request blocked, WAF save logs and show 404 page. <img src="https://github.com/shaman33/web_app_firewall/blob/master/assets/imgs/scratch/reverse_proxy.png?raw=true">

Getting Started

Installation

HTACCESS Injection

Configuration Settings

Set W.A.F Status Learn on, and Guard off. Now program start collect request-map from every request to site, leave it for one week for view more complete structure of site.

Access Map - configuration permissions

Bad Requests log

Blacklist IP

Analizing Attacks

Support

Project Facebook<br> Write me for help RomanShneer@gmail.com<br> Please donate: <a href="https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=ECZBTKBD7T6A8"><img src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_SM.gif"></a>


  Files folder image Files (82)  
File Role Description
Files folder imageassets (3 directories)
Files folder imageinc (2 files)
Files folder imageinclude (2 files)
Files folder imagelibs (5 files)
Files folder imagesessions (1 file)
Accessible without login Plain text file .htaccess Data use SetEnv flag for testing
Accessible without login HTML file 404.html Doc. Documentation
Accessible without login Plain text file 404.php Example Example script
Plain text file ajax.php Class Class source
Accessible without login Plain text file blacklist.php Example Example script
Accessible without login Plain text file CONTRIBUTING.md Data Auxiliary data
Accessible without login Plain text file COPYING Data Auxiliary data
Accessible without login Plain text file edituser.php Example Example script
Accessible without login Plain text file exit.php Aux. Auxiliary script
Accessible without login Plain text file htaccess.php Example Example script
Accessible without login Plain text file index.php Example Example script
Accessible without login Plain text file install.php Example Example script
Accessible without login Plain text file installed.php Example Example script
Accessible without login Plain text file LICENSE Lic. License text
Accessible without login Plain text file login.php Example Example script
Accessible without login Plain text file logs.php Example Example script
Accessible without login Plain text file map.php Example Example script
Accessible without login Plain text file password.php Example Example script
Accessible without login Plain text file README.md Doc. Documentation
Accessible without login Plain text file remind_password.php Example Example script
Accessible without login Plain text file reset_password.php Example Example script
Accessible without login Plain text file settings.php Example Example script
Accessible without login Plain text file users.php Example Example script
Plain text file waf.php Class Class source

  Files folder image Files (82)  /  assets  
File Role Description
Files folder imagecss (3 files)
Files folder imageimgs (6 files, 1 directory)
Files folder imagejs (4 files, 1 directory)

  Files folder image Files (82)  /  assets  /  css  
File Role Description
  Accessible without login Plain text file jquery-ui.css Data Auxiliary data
  Accessible without login Plain text file style.css Data Auxiliary data
  Accessible without login Plain text file style_mobile.css Data Auxiliary data

  Files folder image Files (82)  /  assets  /  imgs  
File Role Description
Files folder imagescratch (27 files)
  Accessible without login Image file edit.png Icon Icon image
  Accessible without login Image file green.png Icon Icon image
  Accessible without login Image file loader.gif Icon Icon image
  Accessible without login Image file question.png Icon Icon image
  Accessible without login Image file red.png Icon Icon image
  Accessible without login Image file x.png Icon Icon image

  Files folder image Files (82)  /  assets  /  imgs  /  scratch  
File Role Description
  Accessible without login Image file 9_1.jpg Data Auxiliary data
  Accessible without login Image file attack_scan.jpg Data Auxiliary data
  Accessible without login Image file attack_scan.jpg Data Auxiliary data
  Accessible without login Image file attack_variable.jpg Icon Icon image
  Accessible without login Image file attack_variable.jpg Icon Icon image
  Accessible without login Image file bf.jpg Data Auxiliary data
  Accessible without login Image file bf_log.jpg Data Auxiliary data
  Accessible without login Image file bf_segment.jpg Icon Icon image
  Accessible without login Image file export1.jpg Icon Icon image
  Accessible without login Image file htaccess1.jpg Icon Icon image
  Accessible without login Image file htaccess11.jpg Icon Icon image
  Accessible without login Image file inst1.jpg Data Auxiliary data
  Accessible without login Image file inst2.jpg Data Auxiliary data
  Accessible without login Image file map0.jpg Data Auxiliary data
  Accessible without login Image file map1.jpg Icon Icon image
  Accessible without login Image file map2.jpg Icon Icon image
  Accessible without login Image file map3.jpg Icon Icon image
  Accessible without login Image file map4.jpg Icon Icon image
  Accessible without login Image file map5.jpg Data Auxiliary data
  Accessible without login Image file map6.jpg Icon Icon image
  Accessible without login Image file map6_1.jpg Icon Icon image
  Accessible without login Image file map88.jpg Icon Icon image
  Accessible without login Image file map9.jpg Data Auxiliary data
  Accessible without login Image file menu.jpg Data Auxiliary data
  Accessible without login Image file reverse_proxy.png Data Auxiliary data
  Accessible without login Image file settings1.jpg Icon Icon image
  Accessible without login Image file tree1.jpg Icon Icon image

  Files folder image Files (82)  /  assets  /  js  
File Role Description
Files folder imagemusclesoft-jquery-connections (5 files, 1 directory)
  Accessible without login Plain text file jquery-1.11.3.min.js Data Auxiliary data
  Accessible without login Plain text file jquery-ui.min.js Data Auxiliary data
  Accessible without login Plain text file waf_map.js Data Auxiliary data
  Accessible without login Plain text file waf_map_mobile.js Data Auxiliary data

  Files folder image Files (82)  /  assets  /  js  /  musclesoft-jquery-connections  
File Role Description
Files folder imagedemo (3 files)
  Accessible without login Plain text file connections.jquery.json Data Auxiliary data
  Accessible without login HTML file index.html Doc. Documentation
  Accessible without login Plain text file jquery.connections.js Data Auxiliary data
  Accessible without login Plain text file LICENSE.txt Doc. Documentation
  Accessible without login Plain text file README.md Doc. Documentation

  Files folder image Files (82)  /  assets  /  js  /  musclesoft-jquery-connections  /  demo  
File Role Description
  Accessible without login HTML file labels.html Doc. Documentation
  Accessible without login HTML file minimal.html Doc. Documentation
  Accessible without login HTML file testmatrix.html Doc. Documentation

  Files folder image Files (82)  /  inc  
File Role Description
  Accessible without login Plain text file .htaccess Data Auxiliary data
  Accessible without login Plain text file waf.sql Data Auxiliary data

  Files folder image Files (82)  /  include  
File Role Description
  Accessible without login Plain text file head.php Aux. Auxiliary script
  Accessible without login Plain text file header.php Example Example script

  Files folder image Files (82)  /  libs  
File Role Description
  Plain text file db.inc.php Class Class source
  Plain text file installer.class.php Class Class source
  Plain text file user.class.php Class Class source
  Plain text file waf_helper.class.php Class Class source
  Plain text file waf_report.class.php Class Class source

  Files folder image Files (82)  /  sessions  
File Role Description
  Accessible without login Plain text file .htaccess Data Auxiliary data

The PHP Classes site has supported package installation using the Composer tool since 2013, as you may verify by reading this instructions page.
Install with Composer Install with Composer
 Version Control Unique User Downloads Download Rankings  
 97%
Total:689
This week:0
All time:4,736
This week:40Up
User Ratings User Comments (1)
 All time
Utility:100%StarStarStarStarStarStar
Consistency:100%StarStarStarStarStarStar
Documentation:100%StarStarStarStarStarStar
Examples:93%StarStarStarStarStar
Tests:-
Videos:-
Overall:79%StarStarStarStar
Rank:27
 
very very good
7 years ago (muabshir)
80%StarStarStarStarStar