Laravel Cybershield Laravel Package

Getting Started

Minimal Setup

1. Installation

   composer require subhashladumor1/laravel-cybershield
   php artisan vendor:publish --provider="CyberShield\CyberShieldServiceProvider" --tag="config"
   php artisan migrate
   

   • Verify config/cybershield.php exists and is published.

2. First Use Case: Enable Core Protections Add to app/Http/Kernel.php:

   'web' => [
       \CyberShield\Http\Middleware\CyberShieldWeb::class,
       // ... other middleware
   ],
   'api' => [
       \CyberShield\Http\Middleware\CyberShieldApi::class,
       // ... other middleware
   ],
   

3. Quick Start Dashboard Register the dashboard route in routes/web.php:

   Route::middleware(['web', 'auth'])->group(function () {
       \CyberShield\Http\Middleware\CyberShieldDashboard::route();
   });
   

   Access at /cybershield/dashboard (requires auth middleware).

Where to Look First

• Config File: config/cybershield.php – Centralized settings for all security layers.
• Middleware: app/Http/Middleware/ – Auto-generated by the package (check CyberShieldWeb/CyberShieldApi).
• Logs: storage/logs/cybershield.log – Real-time threat events and blocked requests.
• Dashboard: /cybershield/dashboard – Visual overview of active threats, blocked IPs, and security events.

Implementation Patterns

Core Workflows

1. Layered Security Activation

Enable/disable modules via config:

'modules' => [
    'waf' => true,
    'rate_limiting' => ['enabled' => true, 'max_attempts' => 100],
    'bot_detection' => ['enabled' => true, 'sensitivity' => 'high'],
    'geo_blocking' => ['enabled' => true, 'blocked_countries' => ['RU', 'CN']],
],

• Tip: Use php artisan cybershield:test to validate config syntax.

2. Custom Rate Limiting

Override global limits for specific routes:

Route::middleware(['throttle:cybershield|60,1'])->group(function () {
    // High-traffic API endpoint
});

• Integrate with Laravel’s built-in throttle middleware for granular control.

3. Honeypot Traps

Add to Blade templates:

@honeypot

• Automatically generates hidden fields to detect bots. Logs suspicious submissions to cybershield_events table.

4. API Gateway Security

Secure API routes with:

Route::middleware(['api', 'cybershield.api'])->group(function () {
    // API endpoints
});

• Enables JWT validation, IP whitelisting, and payload sanitization.

5. Event-Driven Extensions

Listen for security events:

use CyberShield\Events\ThreatDetected;

Event::listen(ThreatDetected::class, function ($event) {
    // Custom logic (e.g., Slack alert, Sentry reporting)
});

Integration Tips

• Laravel Scout: Integrate with cybershield_events for real-time threat search:

  use CyberShield\Scout\CyberShieldScout;
  
  $threats = CyberShieldScout::search('SQLi')->toArray();
  

• Queue Workers: Offload malware scans to queues:

  'malware_scanning' => [
      'enabled' => true,
      'queue' => 'cybershield',
  ],
  

• Third-Party APIs: Whitelist external services in config/cybershield.php:

  'trusted_ips' => [
      'stripe.com',
      'google.com',
  ],
  

Gotchas and Tips

Pitfalls

1. Performance Overhead

   • Issue: Geo-blocking and WAF rules can slow down requests if misconfigured.
   • Fix: Exclude static assets from middleware:

     'excluded_paths' => [
         'assets/*',
         'images/*',
     ],
     

2. False Positives

   • Issue: Bot detection may block legitimate traffic (e.g., crawlers).
   • Fix: Whitelist known bots in config:

     'bot_whitelist' => [
         'Googlebot',
         'Bingbot',
     ],
     

3. Dashboard Auth Bypass

   • Issue: Dashboard route may not respect auth middleware if not properly grouped.
   • Fix: Always wrap in auth middleware (see Getting Started).

4. SQLi/XSS Rule Conflicts

   • Issue: Overly aggressive rules may break legacy apps.
   • Fix: Adjust sensitivity:

     'xss_protection' => ['enabled' => true, 'sensitivity' => 'medium'],
     

5. Config Validation Errors

   • Issue: Undefined keys or invalid values may crash the middleware.
   • Fix: Use php artisan cybershield:validate to pre-check config.

Debugging

• Log Levels: Adjust verbosity in config/cybershield.php:

  'logging' => [
      'level' => 'debug', // 'error', 'warning', 'info', 'debug'
  ],
  

• Bypass for Testing:

  Route::middleware(['cybershield.bypass'])->group(function () {
      // Test routes (temporarily disable all checks)
  });
  

• Event Dumping: Enable for troubleshooting:

  php artisan cybershield:events --dump
  

Extension Points

1. Custom Rules Extend WAF rules via service providers:

   public function register()
   {
       CyberShield::extend('custom_rule', function ($request) {
           return $request->input('sensitive_data') === 'secret';
       });
   }
   

2. Malware Scanners Add custom scanners:

   CyberShield::malwareScanner('clamscan', function ($file) {
       return shell_exec("clamscan {$file}");
   });
   

3. Dashboard Widgets Create custom widgets:

   CyberShield::dashboardWidget('CustomWidget', \App\Widgets\CustomWidget::class);
   

4. API Hooks Intercept API requests:

   CyberShield::apiHook('before', function ($request) {
       // Pre-process API payload
   });
   

Pro Tips

• Rate Limiting by User Agent:

  'rate_limiting' => [
      'rules' => [
          'scrapers' => ['max_attempts' => 10, 'user_agents' => ['*scraper*']],
      ],
  ],
  

• Geo-Blocking Exceptions:

  'geo_blocking' => [
      'exceptions' => [
          '192.168.1.0/24', // Local dev network
      ],
  ],
  

• Automated IP Banning: Use Laravel’s ban command for auto-blocked IPs:

  php artisan ban:add $(cat storage/logs/cybershield.log | grep "Blocked IP" | awk '{print $5}')