Zend framework officially provides two types of skeleton - Zend MVC and Zend Expressive.

No matter which skeleton you are using, this guide might give you some ideas on how to implement Shieldon Firewall, not sure which way is considered best practice to Zend, you can pick one you prefer.

Firewall in Zend Framework

These ideas are:

  • PSR-7 Middleware. (Prior to Zend 3.1.0)
  • PSR-15 Middleware (Starting in Zend 3.1.0)
  • Bootstrapper.

If your Zend application has CSRF protected, be sure to define a _shieldon_csrf CSRF token for Shieldon ready Middlewares.


Use PHP Composer:

composer require shieldon/shieldon


Zend Expressive

This is an example that shows you using a PSR-15 Middleware in Zend Expressive skeleton.

1. Define a Middleware.

In your pipeline.php, add this line:


2. Defind a Handler.

Let's go to App/src/Handler directory and create a PHP file named FirewallPanelHandler.

Copy the text blew, paste them into that file.

<?php declare(strict_types=1);

namespace App\Handler;

use Psr\Http\Message\ResponseInterface;
use Psr\Http\Message\ServerRequestInterface;
use Psr\Http\Server\RequestHandlerInterface;
use Zend\Diactoros\Response;

 * Firewall Panel Handler
 * If you have CSRF enabled, make sure to pass the csrf token to the control panel.
class FirewallPanelHandler implements RequestHandlerInterface
    public function handle(ServerRequestInterface $request): ResponseInterface
        $firewall = \Shieldon\Container::get('firewall');
        $controlPanel = new \Shieldon\FirewallPanel($firewall);

        return new Response();

3. Defind a Route for Firewall Panel.

In your route.php, add this line:

$app->route('/firewall/panel', App\Handler\FirewallPanelHandler::class, ['GET', 'POST'], 'panel');

Zend MVC

Because that I am not sure how old version of Zend framework you are using. Therefore I decide to get rid of Middleware to make sure this guide will work with the most versions of Zend.

1. Before initializing Core

In your public/index.php under this line:

include __DIR__ . '/../vendor/autoload.php';

Add the following code:

| Run The Shieldon Firewall
| Shieldon Firewall will watch all HTTP requests coming to your website.

if (isset($_SERVER['REQUEST_URI'])) {

    $firewallstorage = __DIR__ . '/../data/shieldon';

    $firewall = new \Shieldon\Firewall($firewallstorage);

The next step is to create a controller for control panel.

2. Defind a Controller.

Let's create a controller and named it with FirewallPanelController. Ths is the entry point of our Shieldon Firewall's controll panel.


namespace Application\Controller;

use Zend\Mvc\Controller\AbstractActionController;

class FirewallPanelController extends AbstractActionController
     * The entry point of the Firewall Panel.
     * @return string
    public function indexAction()
       // Get Firewall instance from Shieldon Container.
       $firewall = \Shieldon\Container::get('firewall');

       // Get into the Firewall Panel.
       $controlPanel = new \Shieldon\FirewallPanel($firewall);

3. Defind a Route for Firewall Panel.

In your module.config.php, add the code as below.

'firewallpanel' => [
    'type' => Literal::class,
    'options' => [
        'route'    => '/firewall/panel',
        'defaults' => [
            'controller' => Controller\FirewallPanelController::class,
            'action'     => 'index',

That's it.

You can access the Firewall Panel by /firewall/panel, to see the page, go to this URL in your browser.


The default login is shieldon_user and password is shieldon_pass. After logging in the Firewall Panel, the first thing you need to do is to change the login and password.

Shieldon Firewall will start watching your website if it get enabled in Deamon setting section, make sure you have set up the settings correctly.