Releases · tomakakwark/wafy

Command: php artisan wafy:mode {enable|disable}
Config: Added 'enabled' => env('WAFY_ENABLED', true) to config/wafy.php
Logic: Uses Laravel Cache for runtime persistence, allowing for immediate reaction during maintenance or debugging.

Define a list of trusted IP addresses that will never be blocked or banned, ensuring you never lock yourself out.

Config: Add 'allowed_ips' => ['127.0.0.1', ...] to
config/wafy.php

Behavior: These IPs bypass all security checks and ban middleware.

Critical Fix: Permanent Bans

Fixed a logic error where permanent bans (set via command or high-severity triggers) were being treated as expired and deleted. Permanent bans are now correctly enforced indefinitely.

Enhanced Detection Patterns

SQL Injection (SQLi): Added robust patterns for UNION SELECT, hex-encoded attacks, and time-based SQLi (WAITFOR DELAY, BENCHMARK()).
XSS & LFI: Improved regex to catch sophisticated Cross-Site Scripting and Local File Inclusion attempts (including PHP wrappers and system file access).
RCE: Added detection for common Remote Code Execution vectors (e.g., eval(), base64_decode(), shell commands).

Full English Translations: The entire codebase, including README.md and comments, has been translated to English for broader accessibility.
Test Suite: Implemented a comprehensive test suite using orchestra/testbench covering middleware logic, console commands, and edge cases. (100% Pass Rate).
Standards: Added LICENSE (MIT) and standard .gitignore

Update Composer:

composer update bdsa/wafy

Republish Configuration: (Optional, but recommended to get the new allowed_ips and enabled options)

php artisan vendor:publish --tag=wafy-config --force

Assets 2

25 Sep 12:03

tomakakwark

1.0.0

First release !

Assets 2

Releases: tomakakwark/wafy