Built an AI-Powered WAF for PHP/Laravel Apps in Africa - Here’s What It Catches
DEV Community

Built an AI-Powered WAF for PHP/Laravel Apps in Africa - Here’s What It Catches

Originally published on Medium

A student developer from Cameroon built a security tool that explains exactly why it blocked a request. Here’s the story and how to install it in 30 seconds.

As a PHP developer in Africa, you already know the problem: your apps get hit by automated bots, SQL injection attempts, and XSS attacks every single day - and most security tools built to stop them are either too expensive, too complex, or built by people who have never touched an African server in their life. I built Kriosa to fix that.

What is Kriosa?

Kriosa is an AI-powered Web Application Firewall for PHP and Laravel apps. It uses a hybrid Machine Learning engine - combining Random Forest and Neural Networks - to detect and block threats before they reach your application.

But the part that makes it different from every other WAF is the Explainable AI dashboard. Most WAFs are a black box. They block a request and tell you nothing. Kriosa tells you exactly why it blocked it - which features of the request triggered the ML model, what the confidence score was, and what attack pattern it matched. As a developer, that means you are not just protected - you understand what happened.

What it catches

  • SQL Injection attempts
  • Cross-Site Scripting (XSS)
  • Path Traversal attacks
  • Malicious bot detection
  • Rate limiting abuse
  • And 25+ other attack vectors

Install it in 30 seconds

For Laravel

Step 1 - Install via Composer

composer require kriosa-ai/kriosa-php

Step 2 - Add to your .env file

KRIOSA_API_KEY=sk_your_api_key_here
KRIOSA_TIMEOUT=5
KRIOSA_DEBUG=false
KRIOSA_BADGE=true

Step 3 - Create config/kriosa.php

// config/kriosa.php
return [
    'api_key' => env('KRIOSA_API_KEY'),
    'timeout' => env('KRIOSA_TIMEOUT', 5),
    'debug' => env('KRIOSA_DEBUG', false),
];

Step 4 - Create the Middleware

// app/Http/Middleware/KriosaSecurity.php
use Closure;
use Kriosa;
use Illuminate\Http\Request;

class KriosaSecurity {
    public function handle(Request $request, Closure $next) {
        $apiKey = config('kriosa.api_key');

        // Skip if no API key configured
        if (!$apiKey) {
            return $next($request);
        }

        try {
            $kriosa = new Kriosa($apiKey, [
                'timeout' => config('kriosa.timeout', 5),
                'debug' => config('kriosa.debug', false),
            ]);

            if (!$kriosa->protect()) {
                return response('Access denied', 403);
            }
        } catch (\Exception $e) {
            // Fail open - don't block users if Kriosa is unreachable
            report($e);
        }

        return $next($request);
    }
}

Step 5 - Register the Middleware

// app/Http/Kernel.php
protected $middleware = [
    // ... existing middleware
    \App\Http\Middleware\KriosaSecurity::class,
];

// OR apply to specific routes only:
// routes/web.php
Route::middleware(['kriosa'])->group(function () {
    Route::get('/dashboard', [DashboardController::class, 'index']);
});

Then add the middleware to your app/Http/Middleware/KriosaMiddleware.php.

For PHP (or download and use the SDK)

Step 1 - Install via Composer

composer require kriosa-ai/kriosa-php

Or download kriosa.php.

Step 2 - Add to your index.php or front controller

<?php
// Add this to your index.php or front controller
require_once __DIR__ . '/kriosa.php'; // for downloaded
require_once 'vendor/autoload.php';   // for composer install

// KRIOSA_API_KEY FROM YOUR .ENV FILE
$apiKey = getenv('KRIOSA_API_KEY') ?: 'YOUR_API_KEY_HERE';

try {
    $kriosa = new Kriosa($apiKey, [
        'timeout' => 3,
        'debug' => false,
        'fail_closed' => false,
        'show_badge' => true,
    ]);

    if (!$kriosa->protect()) {
        header('X-Kriosa-Blocked: true');
        http_response_code(403);
        exit('Access Denied');
    }
} catch (Exception $e) {
    error_log('Kriosa Security Error: ' . $e->getMessage());
}

// Your application continues safely here...

That’s it. Your app is now protected by an AI layer that watches every incoming request.

Why I built this

I am a final-year computer science student at the University of Bamenda, Cameroon. I watched developers around me get their client sites hacked with no affordable way to understand what happened or prevent it from happening again.

Enterprise WAFs like Cloudflare cost hundreds of dollars a month. Sucuri is built for a completely different context. Nothing existed for the PHP developer in Africa building real products for real clients on a real budget.

So I built it myself - a hybrid ML engine, a 25+ attack vector coverage, and an XAI dashboard that makes security understandable, not just automated.

It is free to start. The Starter tier is free. No credit card. No enterprise contract. Just install the SDK, connect your app, and open the dashboard.

If you build PHP or Laravel apps and you have ever had a client site get hacked - or you are terrified of it happening - Kriosa is built specifically for you.

Built by a developer from Cameroon, for developers across Africa and beyond. If you have questions, drop them in the comments - I read everything.

Comments

No comments yet. Start the discussion.