定制 ozankurt/laravel-security 二次开发

按需修改功能、优化性能、对接业务系统,提供一站式技术支持

邮箱:yvsm@zunyunkeji.com | QQ:316430983 | 微信:yvsm316

ozankurt/laravel-security

Composer 安装命令:

composer require ozankurt/laravel-security

包简介

Comprehensive Laravel security suite, WAF, malware scanner, ACL, audit log, live traffic, and notifications. The Wordfence-equivalent for Laravel.

README 文档

README

Latest Version on Packagist License

Comprehensive security suite for Laravel, the Wordfence equivalent.

WAF + scanner + ACL + audit log + live traffic + notifications, all configurable, all auditable, all Laravel-native.

Brand site: laravel-shield.ozankurt.com, docs, pricing, license activation.

Why Laravel Shield

Need What Shield gives you
Block malicious requests 15+ WAF middlewares (XSS, SQLi, LFI, RFI, PHP wrappers, sessions, agents, geo, bots, keyword path filters) + DB-backed rule engine
Manage allow/deny lists Unified ls_acl table, IP / CIDR / ASN / country / regex / hostname, first-match-wins evaluation, Redis-cached
Detect malware Scanner with native engine + ClamAV + composer audit; quarantine + restore; signature feed sync
Audit-log everything HMAC-chained ls_audit_log, file/config/composer drift detection, HasAuditLog trait for model events
See live traffic Sampled ls_live_traffic table with optional real-time broadcasting (Reverb / Pusher / Ably)
Get alerts Mail / Slack / Discord / Telegram / Webhook channels, severity-routed
Stay locked out? Three-layer bypass (env key + config IPs + Artisan recovery commands)
Beyond Wordfence Security headers + CSP nonce, honeypot routes, generalized redaction, suspicious activity scoring, HTTPS enforcement, cookie security audit, trusted-proxy auto-discovery, pre-configured rate limiters

Install

composer require ozankurt/laravel-shield
php artisan shield:install

shield:install publishes config + migrations + lang + assets, runs migrations, seeds lookup tables + ~47 built-in WAF rules + ~33 built-in malware signatures, generates LS_AUDIT_HMAC_SECRET + LS_BYPASS_KEY if missing, and optionally whitelists your current IP so you don't lock yourself out.

Then expose the dashboard by allowing the gate it defines:

// AppServiceProvider::boot()
Gate::define('viewShieldDashboard', fn ($user) => $user && $user->is_admin);

Visit /shield.

Quickstart middlewares

In your route file or middleware group, attach what you need:

Route::middleware('firewall.all')->group(function () {
    Route::post('/login', LoginController::class);
});

Route::post('/api/upload', UploadController::class)
    ->middleware(['firewall.av_uploads', 'throttle:shield_login']);

Route::middleware(['firewall.acl', 'firewall.headers'])->group(function () {
    // Public site with security headers + ACL evaluation
});

Configuration

After install, see config/shield.php. Every limit, threshold, regex, path, and behaviour is exposed. Highlights:

// Storage strategy (sync default; queue/redis_batch for high traffic)
'storage' => ['driver' => env('LS_STORAGE_DRIVER', 'sync'), 'sample_rate' => ['live_traffic' => 0.1]],

// Audit log with HMAC chain tamper evidence
'audit' => ['drift' => ['enabled' => true, 'paths' => ['config/' => '*.php', '.env' => null]]],

// Scanner with ClamAV (composer suggest xenolope/quahog)
'scanner' => ['clamav' => ['enabled' => env('LS_CLAMAV_ENABLED', false)]],

// Three-layer bypass for admin lockout recovery
'bypass' => ['ips' => array_filter(explode(',', env('LS_BYPASS_IPS', '')))],

// Beyond-WF extras (all opt-in)
'headers' => ['enabled' => true, 'csp' => ['enabled' => false, 'use_nonce' => true]],
'honeypot' => ['enabled' => false, 'paths' => ['wp-admin', '.env', 'phpmyadmin', '.git/config']],
'scoring' => ['enabled' => false, 'threshold' => 100, 'window' => 3600],

Documentation

Topic Doc
Installation + configuration docs/installation.md
ACL evaluation + matchers docs/acl.md
Audit log + HMAC chain docs/audit-log.md
Scanner + ClamAV + signatures docs/scanner.md
File-change watcher docs/security-watch.md
Notifications + multi-cadence reports docs/notifications.md
Bypass mechanism docs/bypass.md
Premium tier + license docs/premium.md

Premium tier

Premium features live in the same package, gated by LS_PREMIUM_LICENSE_KEY at runtime. No separate composer repo, no Satis, no auth tokens. Buy at laravel-shield.ozankurt.com, paste the key into .env, premium features activate on next request.

Premium unlocks:

  • Real-time threat feed sync (free tier syncs daily; premium polls every few minutes)
  • Real-time IP blocklist subscription
  • Hosted audit-log sink (forward audit events to the Shield Central app for cross-site aggregation)
  • Future SIEM dashboard integration

The license check is honest soft-enforcement (see docs/premium.md, the real moat is the API services Ozan hosts, which patching the local check can't unlock).

Companion packages

  • ozankurt/laravel-shield-filament, Filament panel adapter. v1.x for Filament 3 + 4, v2.x for Filament 5+. (Ships post-1.0.)
  • ozankurt/laravel-shield-signatures, Public GitHub repo of malware signatures. shield:signatures-sync pulls from here.

License

MIT, see LICENSE.md.

ozankurt/laravel-security 适用场景与选型建议

ozankurt/laravel-security 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 117 次下载、GitHub Stars 达 1, 最近一次更新时间为 2024 年 03 月 13 日, 在 PHP 生态内属于活跃度较高的组件。

它主要适用于以下技术方向: 「security」 「firewall」 「laravel」 「scanner」 「xss」 「blacklist」 等业务场景。在实际项目中,围绕这些方向常见需要落地的问题包括:接口对接、性能调优、并发安全、与既有框架(Laravel / ThinkPHP / Yii / Webman 等)的兼容适配,以及生产环境的日志埋点与稳定性保障。

我们在过去多个企业项目中使用过 ozankurt/laravel-security 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。

围绕 ozankurt/laravel-security 我们能提供哪些服务?
定制开发 / 二次开发

基于 ozankurt/laravel-security 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。

BUG 修复 & 性能优化

线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。

项目外包 & 长期维护

承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。

yvsm@zunyunkeji.com QQ:316430983 微信:yvsm316 西安尊云信息科技 · 专注 PHP / Go / 分布式系统研发

统计信息

  • 总下载量: 117
  • 月度下载量: 0
  • 日度下载量: 0
  • 收藏数: 1
  • 点击次数: 31
  • 依赖项目数: 0
  • 推荐数: 0

GitHub 信息

  • Stars: 1
  • Watchers: 1
  • Forks: 0
  • 开发语言: PHP

其他信息

  • 授权协议: MIT
  • 更新时间: 2024-03-13