flowd / typo3-firewall
Firewall for TYPO3 - Firewall implements a PSR-15 middleware that helps to protect your website against malicious requests
Package info
github.com/flowd/typo3-firewall
Type:typo3-cms-extension
pkg:composer/flowd/typo3-firewall
Requires
- php: >=8.3
- flowd/phirewall: ^0.8.0
- typo3/cms-backend: ^12.4 || ^13.4 || ^14.0
- typo3/cms-core: ^12.4 || ^13.4 || ^14.0
Requires (Dev)
- ergebnis/composer-normalize: ^2.52.0
- friendsofphp/php-cs-fixer: ^3.95.4
- helmich/typo3-typoscript-lint: ^3.3.0
- icanhazstring/composer-unused: ^0.8.11 || ^0.9.3
- mikey179/vfsstream: ^1.6.12
- php-parallel-lint/php-parallel-lint: ^1.4.0
- phpmd/phpmd: ^2.15.0
- phpstan/extension-installer: ^1.4.3
- phpstan/phpstan: ^2.1.56
- phpstan/phpstan-phpunit: ^2.0.17
- phpstan/phpstan-strict-rules: ^2.0.11
- phpunit/phpunit: ^11.5.55
- rector/type-perfect: ^2.1.4
- saschaegerer/phpstan-typo3: ^2.1.1
- seld/jsonlint: ^1.12.1
- spaze/phpstan-disallowed-calls: ^4.5.0
- ssch/typo3-rector: ^3.14.3
- ssch/typo3-rector-testing-framework: ^3.0.0
- symfony/console: ^7.4.14
- symfony/translation: ^7.4.14
- symfony/yaml: ^7.4.14
- tomasvotruba/cognitive-complexity: ^1.2.0
- tomasvotruba/type-coverage: ^2.2.1
- typo3/cms-dashboard: ^12.4 || ^13.4 || ^14.0
- typo3/cms-form: ^12.4 || ^13.4 || ^14.0
- typo3/coding-standards: ^0.8.0
- typo3/testing-framework: ^8.3.1 || ^9.5.0
Suggests
- flowd/phirewall-preset-bad-ips: Block requests from known-bad IPs using a bundled public-domain threat-intelligence feed snapshot
- flowd/phirewall-preset-bots: Block AI crawlers and rate-limit aggressive SEO bots with curated user-agent presets
- flowd/phirewall-preset-owasp-crs: OWASP CRS detection (SQL injection, XSS, ...): the SecRule engine plus per-paranoia-level presets
- typo3/cms-dashboard: Adds firewall dashboard widgets (blocked attackers, events chart)
- typo3/cms-form: Adds the flood-protection form finisher that bans clients hammering a form
Replaces
- typo3-ter/firewall: 0.4.0
This package is auto-updated.
Last update: 2026-07-09 22:28:11 UTC
README
This extension adds a simple but powerful firewall to your TYPO3 site. It helps protect your website from unwanted traffic, bots, and attacks. You can block or limit requests based on IP, path, or other patterns.
It is built on top of the phirewall package.
Key Features
- Block requests from specific IPs or patterns
- Limit how often users can access certain pages (rate limiting)
- Temporarily block users after repeated abuse (like Fail2Ban)
- Easy to configure with PHP
- Works with Redis, APCu, or in-memory cache
Installation
Install with Composer:
composer require flowd/typo3-firewall
Quick Start
Add a file at config/system/phirewall.php in your TYPO3 project. This example blocks requests to /wp_admin using APCu as the cache backend.
<?php use Flowd\Phirewall\Config; use Flowd\Phirewall\Store\ApcuCache; use Psr\EventDispatcher\EventDispatcherInterface; return function (EventDispatcherInterface $eventDispatcher): Config { $config = new Config(new ApcuCache(), $eventDispatcher); $config->blocklists->add( name: 'block-wp-admin', callback: fn($request) => str_starts_with(strtolower($request->getUri()->getPath()), '/wp_admin') ); return $config; };
Documentation
- Extension documentation: configuration, examples, and the backend module (source in
Documentation/) - Phirewall reference: all rule types, stores, and advanced features