Skip to content
Web Application Firewall (WAF) for PHP community.
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.
src modify code to be complitiable with PHP 7.1 Oct 16, 2019
tests modify code to be complitiable with PHP 7.1 Oct 16, 2019
.travis.yml Support PHP 7.1.0 Oct 16, 2019
LICENSE Initial commit May 14, 2019 Update composer.json Oct 16, 2019
composer.json Update composer.json Oct 16, 2019
phpunit.xml Update readme. Oct 14, 2019

Shieldon - Web Application Firewall for PHP

Build Status codecov PHP from Packagist License: MIT

Shieldon is a Web Application Firewall (WAF) for PHP. Taking less than 10 minutes only, PHP expert developers will understand how to implement Shiedon Firewall on their Web applications. The goal of this library is to make the PHP community more secure and being extremely use-to-use.


  • SEO friendly.
  • Http-type DDOS mitigation.
  • Anti-scraping.
  • Online session control.
  • Cross-site scripting (XSS) protection.
  • Interrupting vulnerability scanning.
  • Eradicating brute force attacks.
  • IP manager.
  • Protecting pages via WWW-Authenticate.
  • Detailed statistics and charts.
  • More features will come...


Use PHP Composer:

composer require terrylinooo/shieldon

Or, download it and include the Shieldon autoloader.

require 'Shieldon/src/autoload.php';


Here are the guides of integrating with the popular PHP frameworks.

Firewall Panel

Since 3.0.0, Shieldon starts providing a Firewall Instance, and it's visualization UI called Firewall Panel. By using Shieldon Firewall, you can easily implement it on your Web application.

Firewall Panel

Click here to view demo.

  • user: demo
  • password: demo


Only a few screenshots are listed below.

Firewall Panel

Captcha Stats

Captcha Statistics

Online Session Stats

You can see the real-time data here if Online Session Limit is enabled.

Rule Table

You can temporarily ban a user here.


Temporarily Ban a User

When the users or robots are trying to view many your web pages in a short period of time, they will temporarily get banned. Get unbanned by solving a Catpcha.

Permanently Ban a User

When a user has been permanently banned.

Online Session Control

When a user has reached the online session limit. You can set the online session limit by using limitSession API.


Shieldon library is brought to you by Terry L. from Taiwan.



You can’t perform that action at this time.