ozankurt/laravel-security
Composer 安装命令:
composer require ozankurt/laravel-security
包简介
Comprehensive Laravel security suite, WAF, malware scanner, ACL, audit log, live traffic, and notifications. The Wordfence-equivalent for Laravel.
关键字:
README 文档
README
Comprehensive security suite for Laravel, the Wordfence equivalent.
WAF + scanner + ACL + audit log + live traffic + notifications, all configurable, all auditable, all Laravel-native.
Brand site: laravel-shield.ozankurt.com, docs, pricing, license activation.
Why Laravel Shield
| Need | What Shield gives you |
|---|---|
| Block malicious requests | 15+ WAF middlewares (XSS, SQLi, LFI, RFI, PHP wrappers, sessions, agents, geo, bots, keyword path filters) + DB-backed rule engine |
| Manage allow/deny lists | Unified ls_acl table, IP / CIDR / ASN / country / regex / hostname, first-match-wins evaluation, Redis-cached |
| Detect malware | Scanner with native engine + ClamAV + composer audit; quarantine + restore; signature feed sync |
| Audit-log everything | HMAC-chained ls_audit_log, file/config/composer drift detection, HasAuditLog trait for model events |
| See live traffic | Sampled ls_live_traffic table with optional real-time broadcasting (Reverb / Pusher / Ably) |
| Get alerts | Mail / Slack / Discord / Telegram / Webhook channels, severity-routed |
| Stay locked out? | Three-layer bypass (env key + config IPs + Artisan recovery commands) |
| Beyond Wordfence | Security headers + CSP nonce, honeypot routes, generalized redaction, suspicious activity scoring, HTTPS enforcement, cookie security audit, trusted-proxy auto-discovery, pre-configured rate limiters |
Install
composer require ozankurt/laravel-shield php artisan shield:install
shield:install publishes config + migrations + lang + assets, runs migrations, seeds lookup tables + ~47 built-in WAF rules + ~33 built-in malware signatures, generates LS_AUDIT_HMAC_SECRET + LS_BYPASS_KEY if missing, and optionally whitelists your current IP so you don't lock yourself out.
Then expose the dashboard by allowing the gate it defines:
// AppServiceProvider::boot() Gate::define('viewShieldDashboard', fn ($user) => $user && $user->is_admin);
Visit /shield.
Quickstart middlewares
In your route file or middleware group, attach what you need:
Route::middleware('firewall.all')->group(function () { Route::post('/login', LoginController::class); }); Route::post('/api/upload', UploadController::class) ->middleware(['firewall.av_uploads', 'throttle:shield_login']); Route::middleware(['firewall.acl', 'firewall.headers'])->group(function () { // Public site with security headers + ACL evaluation });
Configuration
After install, see config/shield.php. Every limit, threshold, regex, path, and behaviour is exposed. Highlights:
// Storage strategy (sync default; queue/redis_batch for high traffic) 'storage' => ['driver' => env('LS_STORAGE_DRIVER', 'sync'), 'sample_rate' => ['live_traffic' => 0.1]], // Audit log with HMAC chain tamper evidence 'audit' => ['drift' => ['enabled' => true, 'paths' => ['config/' => '*.php', '.env' => null]]], // Scanner with ClamAV (composer suggest xenolope/quahog) 'scanner' => ['clamav' => ['enabled' => env('LS_CLAMAV_ENABLED', false)]], // Three-layer bypass for admin lockout recovery 'bypass' => ['ips' => array_filter(explode(',', env('LS_BYPASS_IPS', '')))], // Beyond-WF extras (all opt-in) 'headers' => ['enabled' => true, 'csp' => ['enabled' => false, 'use_nonce' => true]], 'honeypot' => ['enabled' => false, 'paths' => ['wp-admin', '.env', 'phpmyadmin', '.git/config']], 'scoring' => ['enabled' => false, 'threshold' => 100, 'window' => 3600],
Documentation
| Topic | Doc |
|---|---|
| Installation + configuration | docs/installation.md |
| ACL evaluation + matchers | docs/acl.md |
| Audit log + HMAC chain | docs/audit-log.md |
| Scanner + ClamAV + signatures | docs/scanner.md |
| File-change watcher | docs/security-watch.md |
| Notifications + multi-cadence reports | docs/notifications.md |
| Bypass mechanism | docs/bypass.md |
| Premium tier + license | docs/premium.md |
Premium tier
Premium features live in the same package, gated by LS_PREMIUM_LICENSE_KEY at runtime. No separate composer repo, no Satis, no auth tokens. Buy at laravel-shield.ozankurt.com, paste the key into .env, premium features activate on next request.
Premium unlocks:
- Real-time threat feed sync (free tier syncs daily; premium polls every few minutes)
- Real-time IP blocklist subscription
- Hosted audit-log sink (forward audit events to the Shield Central app for cross-site aggregation)
- Future SIEM dashboard integration
The license check is honest soft-enforcement (see docs/premium.md, the real moat is the API services Ozan hosts, which patching the local check can't unlock).
Companion packages
ozankurt/laravel-shield-filament, Filament panel adapter. v1.x for Filament 3 + 4, v2.x for Filament 5+. (Ships post-1.0.)ozankurt/laravel-shield-signatures, Public GitHub repo of malware signatures.shield:signatures-syncpulls from here.
License
MIT, see LICENSE.md.
ozankurt/laravel-security 适用场景与选型建议
ozankurt/laravel-security 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 117 次下载、GitHub Stars 达 1, 最近一次更新时间为 2024 年 03 月 13 日, 在 PHP 生态内属于活跃度较高的组件。
它主要适用于以下技术方向: 「security」 「firewall」 「laravel」 「scanner」 「xss」 「blacklist」 等业务场景。在实际项目中,围绕这些方向常见需要落地的问题包括:接口对接、性能调优、并发安全、与既有框架(Laravel / ThinkPHP / Yii / Webman 等)的兼容适配,以及生产环境的日志埋点与稳定性保障。
我们在过去多个企业项目中使用过 ozankurt/laravel-security 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。
基于 ozankurt/laravel-security 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。
线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。
承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。
与 ozankurt/laravel-security 相关的其它包
同方向 / 同关键字的高下载量 PHP Composer 包推荐,方便对比选型:
PHP Basic Firewall
Provide a way to secure accesses to all routes of an symfony application.
It's a barebone security class written on PHP
Contao CMS integrity check for some files
A PHP security linter to detect insecure functions like var_dump, print_r, and other dangerous functions in your codebase
Web Application Firewall (WAF) package for Laravel
统计信息
- 总下载量: 117
- 月度下载量: 0
- 日度下载量: 0
- 收藏数: 1
- 点击次数: 31
- 依赖项目数: 0
- 推荐数: 0
其他信息
- 授权协议: MIT
- 更新时间: 2024-03-13