PHP download

Download the PHP package restruct/silverstripe-waf without Composer

On this page you can find all versions of the php package restruct/silverstripe-waf. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.

Table of contents
Download restruct/silverstripe-waf
More information about restruct/silverstripe-waf
Files in restruct/silverstripe-waf

Vendor restruct
Package silverstripe-waf
Short Description PHP-level Web Application Firewall for Silverstripe - blocks vulnerability scanners, bad bots, and malicious IPs
License MIT

Keywords security firewall silverstripe waf rate-limiting ip-blocking

FAQ

After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.

Example:

If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.

In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.

Some PHP packages are not free to download and because of that hosted in private repositories. In this case some credentials are needed to access such packages. Please use the auth.json textarea to insert credentials, if a package is coming from a private repository. You can look here for more information.

Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
To use Composer is sometimes complicated. Especially for beginners.
Composer needs much resources. Sometimes they are not available on a simple webspace.
If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.

Please rate this library. Is it a good library?

Example code of restruct/silverstripe-waf

Informations about the package silverstripe-waf

Silverstripe WAF

PHP-level Web Application Firewall for Silverstripe CMS. Blocks vulnerability scanners, malicious bots, and bad IPs without requiring a separate WAF service.

Features

Early PHP Filter — Blocks requests before Silverstripe loads (minimal overhead)
Early Filter Banning — Self-contained fail2ban alternative, bans repeat offenders at the PHP level
Pattern-based blocking — WordPress probes, webshells, config file access, path traversal
IP Blocklists — Auto-sync from threat intelligence feeds (FireHOL, Binary Defense)
Rate Limiting — Hard limits with soft progressive delays
Privileged IPs — Elevated rate limits for trusted IPs (still subject to all security checks)
Auto-banning — Automatically ban IPs after repeated violations
ModelAdmin Guard — Prevents PHP errors from scanner probes on admin URLs
Fail2ban Integration — Log format compatible with fail2ban filters
CMS Admin — View blocked requests, manage bans and privileged IPs
QueuedJobs Support — Auto-schedules blocklist sync if module is installed

Requirements

PHP 8.1+
Silverstripe Framework 5.0+ or 6.0+

Installation

Enable Early Filter (Recommended)

Add to your public/index.php at the very top, before use statements:

Why before use statements? The use statements are just namespace aliases (resolved at compile time), so the practical difference is minimal. However, placing the WAF filter first makes the security-first intent clear and ensures blocked requests parse the absolute minimum PHP before exiting.

Quick Configuration

All configuration is in _config/config.yml with extensive inline comments. The defaults work well for most sites. Common overrides:

CMS Admin

Access via the WAF menu item in the CMS:

Blocked Requests — View blocked request log with reason, detail, URI, and user agent
Banned IPs — Manage banned IPs (add/remove bans)
Privileged IPs — Manage elevated rate limits for trusted IPs (protected from auto-ban)
Blocklist Status — View sync status and source health

Works in all storage modes — no database required for file mode.

Documentation

Topic	Description
Configuration	Storage modes, rate limiting, whitelists, privileged IPs, user-agents
Early Filter	Blocked patterns, early banning, pattern philosophy
ModelAdmin Guard	Protect ModelAdmin from scanner probes
Fail2ban	Fail2ban integration + Laravel Forge setup
Performance	TTFB benchmarks, memory footprint, optimizations
Extending	Custom patterns, blocklist sources, environment variables, testing

Complementary Module

Pairs well with restruct/silverstripe-security-baseline which provides authentication security (password policy, brute-force, logging).

License

MIT

All versions of silverstripe-waf with dependencies

PHP Build Version

Package Version

Version 1.3.0 Release 12. Mar 2026
create-project require 0 people chose require and
0 people chose create-project.

Download

Download latest version of silverstripe-waf from vendor restruct

Requires php Version ^8.1
silverstripe/framework Version ^5.0 || ^6.0
psr/simple-cache Version ^1.0 || ^2.0 || ^3.0

Composer command for our command line client (download client) This client runs in each environment. You don't need a specific PHP version etc. The first 20 API calls are free. Standard composer command

The package restruct/silverstripe-waf contains the following files

Loading the files please wait ...