Skip to content
Web Application Firewall (WAF) for PHP.
PHP Shell
Branch: master
Clone or download
Latest commit 505f371 Jan 19, 2020
Type Name Latest commit message Commit time
Failed to load latest commit information.
tests Improve unit testing. Jan 18, 2020
LICENSE update readme Dec 19, 2019
config.json Add new settings. Jan 15, 2020
phpunit.xml End of line sequence - CRLF to LF Dec 11, 2019

Shieldon - Web Application Firewall for PHP

Build Status codecov PHP from Packagist License: MIT

Shieldon is a Web Application Firewall (WAF) for PHP. Taking less than 10 minutes only, PHP expert developers will understand how to implement Shiedon Firewall on their Web applications. The goal of this library is to make the PHP community more secure and being extremely use-to-use.


This is basic concepts about how Shieldon works.

  • The network-layer firewall such as CloudFlare.
  • The system-layer firewall such as iptables module.
  • To use firewall software in the Web application layer, we are capable of implementing Shieldon in a very early stage of your APP, mostly just after Composer autoloader.
  • Shieldon analyzes all your HTTP and HTTPS requests.
  • Once Shieldon has detected strange behaviors of a request, Shieldon will temporarily ban them and prompt them CAPTCHA for them to unban.
  • If a request fails in a row many times (depends on your setting), they will be permanently banned in current data circle.
  • If a request has been permanently banned, but they still access your page, drop them in System-layer firewall - iptables.


  • SEO friendly
  • Http-type DDOS mitigation.
  • Anti-scraping.
  • Online session control.
  • Cross-site scripting (XSS) protection.
  • Interrupting vulnerability scanning.
  • Eradicating brute force attacks.
  • IP manager.
  • Protecting pages via WWW-Authenticate.
  • Detailed statistics and charts.
  • Send notifications when specific events occurred. Supported modules:
    • Telegram
    • Line Notify
    • SendGrid
  • Web UI for System firewall - iptables and ip6tables.
  • More features will come...


Use PHP Composer:

composer require shieldon/shieldon

Or, download it and include the Shieldon autoloader.

require 'Shieldon/autoload.php';


Here are the guides of integrating with the popular PHP frameworks.

Firewall Panel

Shieldon provides a Firewall Instance, and it's visualization UI called Firewall Panel. By using Shieldon Firewall, you can easily implement it on your Web application.

Firewall Panel

Click here to view demo.

  • user: demo
  • password: demo


Only a few screenshots are listed below.

Firewall Panel

Captcha Stats

Captcha Statistics

Online Session Stats

You can see the real-time data here if Online Session Limit is enabled.

Firewall Panel - Online Session Control

Rule Table

You can temporarily ban a user here.

Firewall Panel - Rule Table


Shieldon's Firewall Panel is fully responsive, and you can manage it when you are not in front of your computer, using your mobile phone at any time.

Responsive Firewall Panel


Temporarily Ban a User

When the users or robots are trying to view many your web pages in a short period of time, they will temporarily get banned. Get unbanned by solving a Catpcha.

Firewall Dialog 1

Permanently Ban a User

When a user has been permanently banned.

Firewall Dialog 2

Online Session Control

Firewall Dialog 3

When a user has reached the online session limit.


Provided by Messenger library.


Send notification via Telegram API.


Shieldon library is brought to you by Terry L. from Taiwan.


Thank you very much for considering contributing to Shieldon Firewall, yet we need your help to translate our webiste, documentation and i18n files in Shieldon library. Here are the links:


Shieldon Firewall is an open-sourced software licensed under the MIT license.

You can’t perform that action at this time.