Blog Detail


Protect Laravel Apps with Web Application Firewall Package cover image

arrow_back Protect Laravel Apps with Web Application Firewall Package

A Web Application Firewall (WAF) protects your web apps by filtering, monitoring, and blocking any malicious HTTP/S traffic traveling to the web application, and prevents any unauthorized data from leaving the app. Generally speaking, a web application firewall creates a set of rules designed to protect your website.

So, Akaunting comes up with a package called Web Application Firewall (WAF) package for Laravel that intends to protect your Laravel app from different types of attacks such as XSS, SQLi, RFI, LFI, User-Agent, and a lot more. It will also block repeated attacks and send notifications via email and/or slack when an attack is detected. Furthermore, it will log failed logins and block the IP after a number of attempts.

Note: Some middleware classes (i.e. Xss) are empty as the Middleware abstract class that they extend does all of the jobs, dynamically. In short, they all works.


For the installation purpose you’ve to run the following command:

composer require akaunting/laravel-firewall 

Now publish configuration, language, and migrations

php artisan vendor:publish --tag=firewall

Then you can create db tables by running this command.

php artisan migrate


You can change the firewall settings of your app from config/firewall.php file.


Middlewares are already defined so should just add them to routes. The firewall.all middleware applies all the middlewares available in the all_middleware array of the config file.

Route::group(['middleware' => 'firewall.all'], function () {
    Route::get('/', 'HomeController@index');

You can apply each middleware per route. For example, you can allow only whitelisted IPs to access admin:

Route::group(['middleware' => 'firewall.whitelist'], function () {
    Route::get('/admin', 'AdminController@index');

Or you can get notified when anyone NOT in whitelist access admin, by adding it to the inspections config:

Route::group(['middleware' => 'firewall.url'], function () {
    Route::get('/admin', 'AdminController@index');

Available middlewares applicable to routes:



You may also define routes for each middleware in config/firewall.php and apply that middleware or firewall.all at the top of all routes.


The firewall will send a notification as soon as an attack has been detected. Emails entered in config must be valid Laravel users in order to send notifications. Check out the Notifications documentation of Laravel for further information.

If you want to dig more about this package, you can visit its documentation & source code on Github.

Published at : 16-12-2021

Author : Rizwan Aslam
Rizwan Aslam

I am a highly results-driven professional with 12+ years of collective experience in the grounds of web application development especially in laravel, native android application development in java, and desktop application development in the dot net framework. Now managing a team of expert developers at Codebrisk.

Launch your project

Launch project