Find Plumbing Services

Laravel

This guide will help you implement Shieldon Firewall on your Laravel application. The following steps have been tested on Laravel 5 and 6.

These tips are not the only way to make it, but also gives you some ideas.

Firewall in Laravel Framework

Installation

Use PHP Composer:

composer require shieldon/shieldon

This will also install dependencies required for Shieldon:

Implementing

You can use Shieldon as a middleware or implement Shieldon at the bootstrap stage of your web application.

Bootstrap Stage

Initialize Shieldon in the bootstrap stage of your application, mostly right after the Composer autoloader has been included. This way is preferred to avoid possible conflicts with Laravel's built-in functions.

(1) Before Initializing the $app

In your bootstrap/app.php, after <?php, add the following code.

/*
|--------------------------------------------------------------------------
| Run The Shieldon Firewall
|--------------------------------------------------------------------------
|
| Shieldon Firewall will watch all HTTP requests coming to your website.
| Running Shieldon Firewall before initializing Laravel will avoid possible
| conflicts with Laravel's built-in functions.
*/
if (isset($_SERVER['REQUEST_URI'])) {

    // This directory must be writable.
    // We put it in the `storage/shieldon_firewall` directory.
    $storage =  __DIR__ . '/../storage/shieldon_firewall';

    $firewall = new \Shieldon\Firewall\Firewall();

    $firewall->configure($storage);

    // The base url for the control panel.
    $firewall->controlPanel('/firewall/panel/');

    $response = $firewall->run();

    if ($response->getStatusCode() !== 200) {
        $httpResolver = new \Shieldon\Firewall\HttpResolver();
        $httpResolver($response);
    }
}

(2) Define a Route for the Firewall Panel

Add the following route to your routes/web.php file:

Route::any('/firewall/panel/{path?}', function() {

    $panel = new \Shieldon\Firewall\Panel();
    $panel->csrf(['_token' => csrf_token()]);
    $panel->entry();

})->where('path', '(.*)');

If you adopt this method, Shieldon Firewall will run in the global scope. However, you can set up an exclusion list for the URLs you want Shieldon Firewall to ignore.

Middleware

You can define a middleware by yourself or use the intergration class provided.

If you choose to use the integration class, skip step 1 and go to step 2-2.

1. Define a Middleware

Run the following command to create a middleware named ShieldonFirewall:

php artisan make:middleware ShieldonFirewall

Then, update the handle method of the ShieldonFirewall middleware class with the following code:

<?php

namespace App\Http\Middleware;

use Closure;

class ShieldonFirewall
{
    /**
     * Handle an incoming request.
     *
     * @param  \Illuminate\Http\Request  $request
     * @param  \Closure  $next
     * @return mixed
     */
    public function handle($request, Closure $next)
    {
        $firewall = new \Shieldon\Firewall\Firewall();

        // The directory in where Shieldon Firewall will place its files.
        $storage = storage_path('shieldon_firewall');;

        $firewall->configure($storage);

        // Base URL for control panel.
        $firewall->controlPanel('/firewall/panel/');

        $firewall->getKernel()->setCaptcha(
            new Csrf([
                'name' => '_token',
                'value' => csrf_token(),
            ])
        );

        $response = $firewall->run();

        if ($response->getStatusCode() !== 200) {
            $httpResolver = new \Shieldon\Firewall\HttpResolver();
            $httpResolver($response);
        }

        return $next($request);
    }
}

2. Register the Middleware Alias

Update the app/Http/Kernel.php file and add the following line to the $routeMiddleware property:

For Step 2-1:

'firewall' => \App\Http\Middleware\ShieldonFirewall::class,

For Step 2-2 (using the integration class):

If you use intergation class, the code will look like this:

'firewall' => \Shieldon\Firewall\Integration\Laravel::class,

3. Define a Route for Firewall Panel.

Add the following route to your routes/web.php file:

Route::any('/firewall/panel/{path?}', function() {

    $panel = new \Shieldon\Firewall\Panel();
    $panel->csrf(['_token' => csrf_token()]);
    $panel->entry();

})->where('path', '(.*)');

Shieldon Firewall will start watching your website if it get enabled in Deamon setting section.

4. Assign firewall Middleware to a Route

Assign firewall middleware to any route you would like to protect. For example:

Route::any('/', function () {
    return view('welcome');

})->middleware('firewall');

That's it.

Control Panel

You can access the control panel by visiting /firewall/panel/ in your browser.

https://for.example.com/firewall/panel/

The default login is shieldon_user, and the password is shieldon_pass. After logging into the Firewall Panel, the first thing you should do is change the login and password.

If Shieldon Firewall is enabled in the Daemon setting section, it will start monitoring your website. Make sure you have correctly set up the settings.