Find Plumbing Services

CodeIgniter

CodeIgniter is a lightweight MVC framework. I'll first discuss CodeIgniter 3 since its version 4 has significant differences from the earlier versions.

In this guide, I will share some tips for implementing Shieldon Firewall in your CodeIgniter application.

Firewall in CodeIgniter Framework

Installation

Use PHP Composer:

composer require shieldon/shieldon

This will also install dependencies required for Shieldon:

Implementing

  • CodeIgniter 3
  • CodeIgniter 4

CodeIgniter 3

CodeIgniter 3 has a core controller called CI_Controller that handles its MVC (Model-View-Controller) architectural pattern.

I highly recommend creating a parent controller called MY_Controller in the core folder and adding the initial code to it.

1. MY_Controller

Let's create a file called MY_Controller.php in the core folder.

class MY_Controller extends CI_Controller
{
    /**
     * Constructor.
     */
    public function __construct()
    {
        parent::__construct();
    }
}

2. Initialize the Firewall Instance

Put the initial code in the constructor so that any controller that extends MY_Controller will have Shieldon Firewall initialized and the $this->firewall() method available.

class MY_Controller extends CI_Controller
{
    /**
     * Constructor.
     */
    public function __construct()
    {
        parent::__construct();

        // Composer autoloader
        require_once APPPATH . '../vendor/autoload.php';

        // This directory must be writable.
        $storage = APPPATH . 'cache/shieldon_firewall';

        $firewall = new \Shieldon\Firewall\Firewall();
        $firewall->configure($storage);

        // The base url for the control panel.
        $firewall->controlPanel('/firewall/panel/');

        $response = $firewall->run();

        if ($response->getStatusCode() !== 200) {
            $httpResolver = new \Shieldon\Firewall\HttpResolver();
            $httpResolver($response);
        }
    }

    /**
     * Shieldon Firewall protection.
     */
    public function firewall()
    {
        $firewall = \Shieldon\Container::get('firewall');
        $firewall->run();
    }
}

Reminder

For optimal security, both the system and application folders should be placed above the web root so that they are not directly accessible via a browser.

If your application folder is at the same level as index.php, please move the $storage directory to a secure location. For example:

$storage =  APPPATH . '../shieldon';

3. Define a Controller for the Control Panel

We need a controller to get into Shieldon firewall controll panel, in this example, wedefine a controller named Firewall.

class Firewall extends MY_Controller
{
    public function __construct()
    {
        parent::__construct();
    }

    /**
     * This is the entry of our Firewall Panel.
     */
    public function panel()
    {
        $panel = new \Shieldon\Firewall\Panel();
        $panel->entry();
    }
}

Now, you can access the Firewall Panel using the following URL:

https://yoursite.com/firewall/panel/

CodeIgniter 4

1. Register a Filter.

In your app/Config/Filters.php file, add the following code to the $aliases property:

'firewall' => \Shieldon\Firewall\Intergration\CodeIgniter4::class,

Next, add the string firewall to the $globals property, within the before array:

public $globals = [
    'before' => [
        'firewall'
    ],
];

2. Define a Controller for the Firewall Panel

<?php 

namespace App\Controllers;

class Firewall extends BaseController
{
    public function panel()
    {
        $panel = new \Shieldon\Firewall\Panel();
        $panel->csrf([csrf_token() => csrf_hash()]);
        $panel->entry();
    }
}

That's it!

You can access the Firewall Panel at /firewall/panel. To view the page, go to this URL in your browser.

Control Panel

https://yoursite.com/firewall/panel/

The default login is shieldon_user, and the password is shieldon_pass. After logging into the Firewall Panel, the first thing you should do is change the login and password.

If Shieldon Firewall is enabled in the Daemon setting section, it will start monitoring your website. Make sure you have correctly set up the settings.