PHP on Apache (mod_php)

This guide will walk you through installing and setting up Zen Firewall by Aikido for your application. Follow the steps below to protect your application.

If you encounter any issues or problems, don't hesitate reach out on support chat or Github issues

https://github.com/AikidoSec/firewall-php

Requirements

PHP 7.2+ (tested up to PHP 8.5).
Apache mod_php runtime.
Aikido account & Zen Firewall token

Installation & Configuration

Install Zen Firewall by Aikido

Zen for PHP is installed as a system package.

Prerequisites:

Ensure you have sudo privileges.
Use a supported PHP version (7.2+).

For Red Hat-based systems (RHEL, CentOS, Fedora):

rpm -Uvh --oldpackage https://github.com/AikidoSec/firewall-php/releases/latest/download/aikido-php-firewall.x86_64.rpm

For Red Hat-based arm64 / aarch64:

rpm -Uvh --oldpackage https://github.com/AikidoSec/firewall-php/releases/latest/download/aikido-php-firewall.aarch64.rpm

For Debian-based systems (Debian, Ubuntu):

curl -L -O https://github.com/AikidoSec/firewall-php/releases/latest/download/aikido-php-firewall.x86_64.deb
dpkg -i -E ./aikido-php-firewall.x86_64.deb

For Debian-based arm64 / aarch64:

curl -L -O https://github.com/AikidoSec/firewall-php/releases/latest/download/aikido-php-firewall.aarch64.deb
dpkg -i -E ./aikido-php-firewall.aarch64.deb

Set environment variables in your Apache vhost:

<VirtualHost *:80>
    SetEnv AIKIDO_TOKEN "AIK_RUNTIME_..."
    SetEnv AIKIDO_BLOCK "false"
</VirtualHost>

Then restart Apache:

service apache2 restart

Test your app

Browse to your application and perform a couple of actions or open a couple of pages. Zen will automatically discover the routes in your application.

You can verify a working agent by looking at the following pages of your Zen application:

Events: Should show an "Application started" event.
Routes: After some time your application routes will start showing here with the method, route and requests.
Instances: Should show the number of active instances for your application where Zen is installed.

Enable Rate limiting and User blocking

Add \aikido\set_user and \aikido\should_block_request in your app middleware/request handler.

Setup rate limiting in the dashboard

After you've added the Zen Firewall middleware, you can test it out by logging in to your Aikido account and navigating to the Zen dashboard.

To protect a route from brute force attacks, set up rate limiting in the Aikido Dashboard:

Click on the created app.
Go to the Routes tab.
Find the route you would like to limit and click Setup rate limiting.
Follow the instructions to configure the rate limit (e.g., 5 requests per minute).

Verify Rate Limiting

Start your app and try to access the route you've rate limited 5 times within a minute. After the fifth attempt, you should receive a rate limit error:

You are rate limited by Aikido firewall. (Your IP: 1.2.3.4)

Next steps

Congrats you've successfully installed Zen Firewall. If you encountered any problems, have concerns or feature requests, don't hesitate to reach out to support.

You can now go and explore the many features that Zen Firewall provides:

Additional information:

Last updated 2 days ago

Was this helpful?

hashtagRequirements

hashtagInstallation & Configuration

hashtagInstall Zen Firewall by Aikido

hashtagTest your app

hashtagEnable Rate limiting and User blocking

hashtagSetup rate limiting in the dashboard

hashtagNext steps