DEV Community

Cover image for Built an AI-Powered WAF for PHP/Laravel Apps in Africa — Here’s What It Catches

Built an AI-Powered WAF for PHP/Laravel Apps in Africa — Here’s What It Catches

Originally published on Medium

A student developer from Cameroon built a security tool that explains exactly why it blocked a request. Here’s the story and how to install it in 30 seconds.

Press enter or click to view image in full size
As a PHP developer in Africa, you already know the problem: your apps get hit by automated bots, SQL injection attempts, and XSS attacks every single day — and most security tools built to stop them are either too expensive, too complex, or built by people who have never touched an African server in their life.

I built Kriosa to fix that.

What is Kriosa?

Kriosa is an AI-powered Web Application Firewall for PHP and Laravel apps. It uses a hybrid Machine Learning engine — combining Random Forest and Neural Networks — to detect and block threats before they reach your application. But the part that makes it different from every other WAF is the Explainable AI dashboard.

Most WAFs are a black box. They block a request and tell you nothing. Kriosa tells you exactly why it blocked it — which features of the request triggered the ML model, what the confidence score was, and what attack pattern it matched. As a developer, that means you are not just protected — you understand what happened.

What it catches:

SQL Injection attempts
Cross-Site Scripting (XSS)
Path Traversal attacks
Malicious bot detection
Rate limiting abuse
And 25+ other attack vectors
Install it in 30 seconds:
For Laravel:

//Step 1 — Install via Composer
composer require kriosa-ai/kriosa-php
Enter fullscreen mode Exit fullscreen mode
//Step 2  Add to your .env file
KRIOSA_API_KEY=sk_your_api_key_here
KRIOSA_TIMEOUT=5
KRIOSA_DEBUG=false
KRIOSA_BADGE=true
Enter fullscreen mode Exit fullscreen mode
//Step 3 — Create config/kriosa.php
// config/kriosa.php
return [
    'api_key' => env('KRIOSA_API_KEY'),
    'timeout' => env('KRIOSA_TIMEOUT', 5),
    'debug'   => env('KRIOSA_DEBUG', false),
];
Enter fullscreen mode Exit fullscreen mode
//Step 4 — Create the Middleware
// app/Http/Middleware/KriosaSecurity.php

use Closure;
use Kriosa;
use Illuminate\Http\Request;

class KriosaSecurity
{
    public function handle(Request $request, Closure $next)
    {
        $apiKey = config('kriosa.api_key');

        // Skip if no API key configured
        if (!$apiKey) {
            return $next($request);
        }

        try {
            $kriosa = new Kriosa($apiKey, [
                'timeout' => config('kriosa.timeout', 5),
                'debug'   => config('kriosa.debug', false),
            ]);

            if (!$kriosa->protect()) {
                return response('Access denied', 403);
            }

        } catch (\Exception $e) {
            // Fail open — don't block users if Kriosa is unreachable
            report($e);
        }

        return $next($request);
    }
}
Enter fullscreen mode Exit fullscreen mode
//Step 5 — Register the Middleware
// app/Http/Kernel.php

protected $middleware = [
    // ... existing middleware
    \App\Http\Middleware\KriosaSecurity::class,
];

// OR apply to specific routes only:

// routes/web.php
Route::middleware(['kriosa'])->group(function () {
    Route::get('/dashboard', [DashboardController::class, 'index']);
});
Enter fullscreen mode Exit fullscreen mode

Then add the middleware to your app/Http/Middleware/KriosaMiddleware.php:

For PHP

Or Download and use the SDK

//Step 1 — Install via Composer
composer require kriosa-ai/kriosa-php

//or download kriosa.php
Enter fullscreen mode Exit fullscreen mode
<?php
// Add this to your index.php or front controller
require_once __DIR__ . '/kriosa.php'; // for downloaded 
require_once 'vendor/autoload.php'; // for composer install

//KTIOSA_API_KEY FROM YOUR .ENV FILE

$apiKey = getenv('KRIOSA_API_KEY') ?: 'YOUR_API_KEY_HERE';

try {
    $kriosa = new Kriosa($apiKey, [
        'timeout'     => 3,
        'debug'       => false,
        'fail_closed' => false,
        'show_badge'  => true,
    ]);

    if (!$kriosa->protect()) {
        header('X-Kriosa-Blocked: true');
        http_response_code(403);
        exit('Access Denied');
    }
} catch (Exception $e) {
    error_log('Kriosa Security Error: ' . $e->getMessage());
}

// Your application continues safely here...
Enter fullscreen mode Exit fullscreen mode

That’s it. Your app is now protected by an AI layer that watches every incoming request.

Why I built this

I am a final-year computer science student at the University of Bamenda, Cameroon. I watched developers around me get their client sites hacked with no affordable way to understand what happened or prevent it from happening again. Enterprise WAFs like Cloudflare cost hundreds of dollars a month. Sucuri is built for a completely different context. Nothing existed for the PHP developer in Africa building real products for real clients on a real budget.

So I built it myself a hybrid ML engine, a 25+ attack, and an XAI dashboard that makes security understandable, not just automated.

It is free to start.

The Starter tier is free. No credit card. No enterprise contract. Just install the SDK, connect your app, and open the dashboard.

If you build PHP or Laravel apps and you have ever had a client site get hacked — or you are terrified of it happening — Kriosa is built specifically for you.

Try it today: kriosa.com
Install it: composer require kriosa-ai/kriosa-php
Full docs: kriosa.com/documentation.php

Built by a developer from Cameroon, for developers across Africa and beyond. If you have questions, drop them in the comments — I read everything.

Top comments (0)