PHP Web Application Firewall: Block malicious requests using a white list

Recommend this page to a friend!

Download .zip

Info

Documentation

View files (82)

Download .zip

Reputation

Support forum (6)

Blog (1)

Links

Ratings				Unique User Downloads		Download Rankings
79%				Total: 646 This week: 2		All time: 4,914 This week: 100

Version		License		PHP version		Categories
`web-app-firewall` 30		Custom (specified...		5		HTTP, PHP 5, Security

Description Author

This package can block malicious requests using a white list.

It alters the .htaccess file to make requests for PHP pages go through a filter script that acts like a reverse proxy to implement a Web application framework (WAF).

The filter script will block requests of unauthorized format but the package provides a Web interface for the administrator white list requests of expected formats for the current Web application.

Innovation Award

October 2016
Winner

Prize: One big elePHPant Plush Mascott

Some security attacks are performed by sending requests to Web servers that it is not expected to handle.

One way to minimize the chances of these attacks happening is to use a Web application firewall (WAF).

This package implements a Web Application Firewall in PHP for Web servers that support htaccess configuration.

It alters the .htaccess file so requests are handled by a script of this framework. It keeps track of a white list of request URLs supported by your application, so only approved URL formats are allowed.

URLs with unknown formats are put in moderation, so an administrator can approve the URLs or not for future requests.

This way the application can be protected from types of requests meant to perform security exploits.

Manuel Lemos

Roman Shneer

Performance

Level

Name:	Roman Shneer `<contact>`
Classes:	4 packages by Roman Shneer
Country:	Israel

Level 3

Innovation award

Nominee: 1x

Winner: 1x

Details

Web App Firewall

Introduction

WAFs goal is protect sites against hackers and virus attacks. Web App Firewall its PHP application that implement principle of reverse-proxy , control of types variables accepted by server , and comfortable management interface. alt tag W.A.F. supported to work under LAMP servers with .htaccess files support. Security protection based on white-list strategy: after starting "Learn" mode program collect map of requests, and user have to approve requests. After starting "Guard" mode - program accept only known requests.

Program using white-list strategy, it is more absolute protection, but its requires a lot of work on configuration. In the program using Intellectual graphical UI , its give an opportunity regularize most chaotic structure.

Contains libraries:

Jquery-connections https://github.com/musclesoft/jquery-connections jQuery-1.11.3 https://jquery.com Google Charts https://developers.google.com/chart/

Requires:

Linux OS, Apache webserver with support htaccess and mod_rewrite,PHP5 with support CURL and MySQL

How its working?

Web App Firewall organize reverse-proxy by injection to .htaccess file, and writing Rewrite Rules with security key 1.

WAF script get redirected request and parse path and parameters sent from user. Detect created rules for specified situation and block or accept request via prepared politics.

If request approved, WAF script sending request back to server via CURL with added security key 2 (.htaccess rule miss request if detect key2). If request blocked, WAF save logs and show 404 page. <img src="https://github.com/shaman33/web_app_firewall/blob/master/assets/imgs/scratch/reverse_proxy.png?raw=true">

Getting Started

Installation

HTACCESS Injection

Configuration Settings

Set W.A.F Status Learn on, and Guard off. Now program start collect request-map from every request to site, leave it for one week for view more complete structure of site.

Access Map - configuration permissions

Bad Requests log

Blacklist IP

Analizing Attacks

Support

Project Facebook Write me for help RomanShneer@gmail.com Please donate: <a href="https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=ECZBTKBD7T6A8"><img src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_SM.gif"></a>

Files

File	Role	Description
`assets` (3 directories)
`inc` (2 files)
`include` (2 files)
`libs` (5 files)
`sessions` (1 file)
`.htaccess`	Data	use SetEnv flag for testing
`404.html`	Doc.	Documentation
`404.php`	Example	Example script
`ajax.php`	Class	Class source
`blacklist.php`	Example	Example script
`CONTRIBUTING.md`	Data	Auxiliary data
`COPYING`	Data	Auxiliary data
`edituser.php`	Example	Example script
`exit.php`	Aux.	Auxiliary script
`htaccess.php`	Example	Example script
`index.php`	Example	Example script
`install.php`	Example	Example script
`installed.php`	Example	Example script
`LICENSE`	Lic.	License text
`login.php`	Example	Example script
`logs.php`	Example	Example script
`map.php`	Example	Example script
`password.php`	Example	Example script
`README.md`	Doc.	Documentation
`remind_password.php`	Example	Example script
`reset_password.php`	Example	Example script
`settings.php`	Example	Example script
`users.php`	Example	Example script
`waf.php`	Class	Class source

Files

assets

File	Role	Description
`css` (3 files)
`imgs` (6 files, 1 directory)
`js` (4 files, 1 directory)

Files

assets

css

File	Role	Description
`jquery-ui.css`	Data	Auxiliary data
`style.css`	Data	Auxiliary data
`style_mobile.css`	Data	Auxiliary data

Files

assets

imgs

File	Role	Description
`scratch` (27 files)
`edit.png`	Icon	Icon image
`green.png`	Icon	Icon image
`loader.gif`	Icon	Icon image
`question.png`	Icon	Icon image
`red.png`	Icon	Icon image
`x.png`	Icon	Icon image

Files

assets

imgs

scratch

File	Role	Description
`9_1.jpg`	Data	Auxiliary data
`attack_scan.jpg`	Data	Auxiliary data
`attack_scan.jpg`	Data	Auxiliary data
`attack_variable.jpg`	Icon	Icon image
`attack_variable.jpg`	Icon	Icon image
`bf.jpg`	Data	Auxiliary data
`bf_log.jpg`	Data	Auxiliary data
`bf_segment.jpg`	Icon	Icon image
`export1.jpg`	Icon	Icon image
`htaccess1.jpg`	Icon	Icon image
`htaccess11.jpg`	Icon	Icon image
`inst1.jpg`	Data	Auxiliary data
`inst2.jpg`	Data	Auxiliary data
`map0.jpg`	Data	Auxiliary data
`map1.jpg`	Icon	Icon image
`map2.jpg`	Icon	Icon image
`map3.jpg`	Icon	Icon image
`map4.jpg`	Icon	Icon image
`map5.jpg`	Data	Auxiliary data
`map6.jpg`	Icon	Icon image
`map6_1.jpg`	Icon	Icon image
`map88.jpg`	Icon	Icon image
`map9.jpg`	Data	Auxiliary data
`menu.jpg`	Data	Auxiliary data
`reverse_proxy.png`	Data	Auxiliary data
`settings1.jpg`	Icon	Icon image
`tree1.jpg`	Icon	Icon image

Files

assets

File	Role	Description
`musclesoft-jquery-connections` (5 files, 1 directory)
`jquery-1.11.3.min.js`	Data	Auxiliary data
`jquery-ui.min.js`	Data	Auxiliary data
`waf_map.js`	Data	Auxiliary data
`waf_map_mobile.js`	Data	Auxiliary data

Files

assets

musclesoft-jquery-connections

File	Role	Description
`demo` (3 files)
`connections.jquery.json`	Data	Auxiliary data
`index.html`	Doc.	Documentation
`jquery.connections.js`	Data	Auxiliary data
`LICENSE.txt`	Doc.	Documentation
`README.md`	Doc.	Documentation

Files

assets

musclesoft-jquery-connections

demo

File	Role	Description
`labels.html`	Doc.	Documentation
`minimal.html`	Doc.	Documentation
`testmatrix.html`	Doc.	Documentation

Files

inc

File	Role	Description
`.htaccess`	Data	Auxiliary data
`waf.sql`	Data	Auxiliary data

Files

include

File	Role	Description
`head.php`	Aux.	Auxiliary script
`header.php`	Example	Example script

Files

libs

File	Role	Description
`db.inc.php`	Class	Class source
`installer.class.php`	Class	Class source
`user.class.php`	Class	Class source
`waf_helper.class.php`	Class	Class source
`waf_report.class.php`	Class	Class source