Slim framework is one of my favorites. Since Slim is a mirco framework, implementing Shieldon Firewall is easy as well. Without further ado, let's get started.
Use PHP Composer:
composer require shieldon/shieldon ^2
This will also install dependencies built for Shieldon:
You can create a middleware by yourself or just use the integration class.
Example:
class FirewallMiddleware
{
/**
* Example middleware invokable class
*
* @param ServerRequest $request PSR-7 request
* @param RequestHandler $handler PSR-15 request handler
*
* @return Response
*/
public function __invoke(Request $request, RequestHandler $handler): Response
{
$response = $handler->handle($request);
$firewall = new \Shieldon\Firewall\Firewall($request, $response);
// The directory in where Shieldon Firewall will place its files.
$firewall->configure(__DIR__ . '/../cache/shieldon_firewall');
$response = $firewall->run();
if ($response->getStatusCode() !== 200) {
$httpResolver = new \Shieldon\Firewall\HttpResolver();
$httpResolver($response);
}
return $response;
}
}
For example, if you are using Slim 4 framework, the code should look like this.
Example:
$app->add(new FirewallMiddleware());
Or, if you perfer to use the integration class, here is the code.
Example:
$app->add(new \Shieldon\Firewall\Integration\Slim4);
For example, if you are using Slim 4 framework, the code should look like this. Then you can access the URL https://yourwebsite.com/firewall/panel/
to login to control panel.
Example:
$app->any('/firewall/panel[/{params:.*}]', function (Request $request, Response $response, $args) {
$firewall = new \Shieldon\Firewall\Firewall($request);
// The directory in where Shieldon Firewall will place its files.
// Must be the same as firewallMiddleware.
$firewall->configure(__DIR__ . '/../cache/shieldon_firewall');
// The base url for the control panel.
$firewall->controlPanel('/firewall/panel/');
$panel = new \Shieldon\Firewall\Panel();
// Begin - Need to set up CSRF fields if you have enabled Slim-CSRF
$csrf = new \Slim\Csrf\Guard();
$nameKey = $csrf->getTokenNameKey();
$valueKey = $csrf->getTokenValueKey();
$csrfName = $request->getAttribute('csrf_name');
$csrfVale = $request->getAttribute('csrf_value');
$panel->csrf(
[$nameKey => $csrfName],
[$valueKey => $csrfVale]
);
// End - Slim-CSRF
$panel->entry();
});
Note:
POST
and GET
both should be applied to your website. POST
method is needed for solving CAPTCHA by users who were temporarily blocked.That's it.
Shieldon has a integration class ready for this middleware, just use it by the following step.
Example:
$app->add(new \Shieldon\Firewall\Integration\Slim3);
For example, if you are using Slim3 skeleton, the code in middleware.php
will look like this:
Example:
<?php
use Slim\App;
return function (App $app) {
$app->add(new \Shieldon\Firewall\Integration\Slim3);
$app->add(new \Slim\Csrf\Guard);
};
For example, if you are using Slim 4 framework, the code should look like this. Then you can access the URL https://yourwebsite.com/firewall/panel/
to login to control panel.
Example:
$app->map(['GET', 'POST'], '/firewall/panel[/{params:.*}]', function (Request $request, Response $response, array $args) {
$firewall = new \Shieldon\Firewall\Firewall($request);
// The directory in where Shieldon Firewall will place its files.
// Must be the same as firewallMiddleware.
$firewall->configure(__DIR__ . '/../cache/shieldon_firewall');
// The base url for the control panel.
$firewall->controlPanel('/firewall/panel/');
$panel = new \Shieldon\Firewall\Panel();
// Begin - Need to set up CSRF fields if you have enabled Slim-CSRF
$csrf = new \Slim\Csrf\Guard();
$nameKey = $csrf->getTokenNameKey();
$valueKey = $csrf->getTokenValueKey();
$csrfName = $request->getAttribute('csrf_name');
$csrfVale = $request->getAttribute('csrf_value');
$panel->csrf(
[$nameKey => $csrfName],
[$valueKey => $csrfVale]
);
// End - Slim-CSRF
$panel->entry();
});
That's it.
You can access the Firewall Panel by /firewall/panel/
, to see the page, go to this URL in your browser.
https://yourwebsite.com/firewall/panel/
The default login is shieldon_user
and password
is shieldon_pass
. After logging in the Firewall Panel, the first thing you need to do is to change the login and password.
Shieldon Firewall will start watching your website if it get enabled in Deamon
setting section, make sure you have set up the settings correctly.