Native PHP Firewall For Websites

The goal of a web application firewall is to protect sites against hackers. A PHP firewall is built to protect PHP applications.

WebARX PHP firewall was designed to work with all PHP-based web applications including, but not limited to Laravel, Symfony,  Joomla, Magento, Drupal, PrestaShop.

Why is it important to protect a PHP application?

PHP is an old language, but it is still a very popular coding language among web applications. Popularity also attracts attention and this is the reason why PHP apps are being targeted by hackers constantly.

Statistics say that web applications have become the #1 target for the exploitation of vulnerabilities and unfortunately, all kinds of software are prone to security breaches.

Source

According to research made in the year 2018, the most popular type of attacks were SQL injections which were leading with 51%. Local File Inclusion came in second place with 34% and cross-site scripting in third with 8%.

In 2018 researchers found around 70 types of weaknesses in web applications. As always, cross-site scripting (XSS) vulnerabilities are present in many web applications. (Source: PT Security)

These statistics give a strong reason why you should focus on security within your PHP application. Luckily, we have a way to help you out.

What can you do with the WebARX PHP web application firewall?

WebARX offers PHP native firewall for all PHP based web applications together with a wide range of possibilities and features. You can monitor vulnerabilities, see activity logs, firewall logs, create unlimited custom firewall rules, and more.

Under the firewall logs, you can see what kind of attacks have been blocked on your website, what are they targeting, and where they are coming from. 

The only requirement for our firewall is a version of PHP 5.3 or greater.

The firewall rules generation is a feature, that many WebARX users find one of the most important parts in addition to the lightweight firewall.

There are a few settings to consider before writing your own match rules. The main difference is whether a rule is for whitelist or not.

In case of a whitelist rule, matched elements will skip web application firewall rules from processing request and allow access to the website. In case of a firewall (blacklist) rule, you have the ability to choose from LOG, BLOCK, or REDIRECT actions.

• LOG – Logs request and proceeds with access to the website.
• BLOCK – Blocks user from accessing the website.
• REDIRECT – Redirects user to provided URL.

We also provide the ability to match the defined request method. Currently available options are GET, POST and ALL.

Read more about the WebARX firewall engine here.

How to install a PHP firewall to a web application?

We support two types of installation which are a composer and manual.

• Composer package: https://packagist.org/packages/webarx/firewall
• Manual (clone git repo and include in a project): https://bitbucket.org/webarx/php-firewall/src/master/

After installing or cloning a repository, you need to include the WebARX firewall in your project. File and function in which you inject WebARX kernel depend on the CMS or framework that you use. In most cases that’s index.php or configuration file.

The main concept behind PHP firewall is to intercept and check every request and deny access or automatically block IP for a defined amount of time.

Complete installation guide, together with other documentation can be found at our BitBucket Wiki pages.