CodeIgniter is a light-weight MVC framework. I talk the CodeIgniter 3 first because that Its version 4 has extreme differences from the early versions.
In this guide, I will share with you the tips for implementing Shieldon Firewall on your CodeIgniter application.
Use PHP Composer:
composer require shieldon/shieldon ^2
This will also install dependencies built for Shieldon:
CodeIgniter 3 has a core controller called CI_Controller
that handles its MVC (Model-View-Controller) architectural pattern.
I highly recommend you to a parent controller calle MY_Controller
in the core
folder, and then put the initial code into it.
Let's create a MY_Controller.php in the core
folder.
class MY_Controller extends CI_Controller
{
/**
* Constructor.
*/
public function __construct()
{
parent::__construct();
}
}
Put the initial code in the constructor so that any controller extends MY_Controller will have Shieldon Firewall initialized and $this->firewall()
method ready.
class MY_Controller extends CI_Controller
{
/**
* Constructor.
*/
public function __construct()
{
parent::__construct();
// Composer autoloader
require_once APPPATH . '../vendor/autoload.php';
// This directory must be writable.
$storage = APPPATH . 'cache/shieldon_firewall';
$firewall = new \Shieldon\Firewall\Firewall();
$firewall->configure($storage);
// The base url for the control panel.
$firewall->controlPanel('/firewall/panel/');
$response = $firewall->run();
if ($response->getStatusCode() !== 200) {
$httpResolver = new \Shieldon\Firewall\HttpResolver();
$httpResolver($response);
}
}
/**
* Shieldon Firewall protection.
*/
public function firewall()
{
$firewall = \Shieldon\Container::get('firewall');
$firewall->run();
}
}
Reminder
For the best security, both the system and application folders should be placed above web root so that they are not directly accessible via a browser.
If your application folder is in the same level with index.php, please move the $storage
to a safe place. For example:
$storage = APPPATH . '../shieldon';
We need a controller to get into Shieldon firewall controll panel, in this example, wedefine a controller named Firewall
.
class Firewall extends MY_Controller
{
public function __construct()
{
parent::__construct();
}
/**
* This is the entry of our Firewall Panel.
*/
public function panel()
{
$panel = new \Shieldon\Firewall\Panel();
$panel->entry();
}
}
Now, you can access the Firewall Panel via URL:
https://yoursite.com/firewall/panel/
In your app/Config/Filter.php
, add the following code to the $aliases
property.
'firewall' => \Shieldon\Firewall\Intergration\CodeIgniter4::class,
And then, add the string firewall to the $globals
property, before
array.
public $globals = [
'before' => [
'firewall'
],
];
<?php
namespace App\Controllers;
class Firewall extends BaseController
{
public function panel()
{
$panel = new \Shieldon\Firewall\Panel();
$panel->csrf([csrf_token() => csrf_hash()]);
$panel->entry();
}
}
That's it.
You can access the Firewall Panel by /firewall/panel
, to see the page, go to this URL in your browser.
https://yoursite.com/firewall/panel/
The default login is shieldon_user
and password
is shieldon_pass
. After logging in the Firewall Panel, the first thing you need to do is to change the login and password.
Shieldon Firewall will start watching your website if it get enabled in Deamon
setting section, make sure you have set up the settings correctly.