SentraShield is a lightweight, behavior-learning WAF/IDS that runs via auto_prepend_file.
It learns your application's legitimate request patterns - then blocks anything that structurally deviates.
No agents. No root access. No code changes.
Designed for LAMP stacks, agencies, and hosting environments. SentraShield protects your PHP applications without touching your application code.
Automatically learns your application's legitimate request structure - parameter types, route schemas, and normalized input patterns. No manual rule creation.
Start safely in Monitor mode, observe potential blocks in Simulate, then switch to full protection. The lifecycle is designed to prevent false positives.
Integrates via auto_prepend_file. Every request is inspected before your application executes. Pure PHP - no Zend extension, no C agent, no root access.
Manage multiple PHP sites under a single license key. Domain registration is automatic, enforced server-side. Ideal for agencies and hosting providers.
A built-in admin panel shows baseline quality, blocked threats, parameter schemas, route coverage, and NDJSON security logs - all without a separate server.
All security events are written as structured NDJSON. Feed directly into your SIEM pipeline or analyze locally. Every request is a structured, queryable log entry.
Once your baseline is stable, freeze it into a policy. Learning stops, the schema is locked, and only known-good request patterns are allowed through.
Each application gets its own isolated baseline, schema, policy, and log directory under .sentrashield/apps/. Multiple sites on one server stay fully separated.
Sub-millisecond inspection on typical requests. License validation is cached for 24 hours. Async refresh happens after response - zero latency impact for visitors.
SentraShield follows a deterministic three-phase lifecycle that gives you full control over when and how protection is applied.
Drop the .sentrashield/ folder on your server and set auto_prepend_file. SentraShield immediately begins learning your application's legitimate traffic patterns - routes, parameter types, schemas.
Switch to Simulate mode and run the built-in test suite. SentraShield logs what it would have blocked without touching real traffic. Tune the baseline until false positives reach zero.
Freeze the schema into a policy and enable Protect mode. Requests that structurally deviate from your learned baseline are blocked in real-time - before your application code ever executes.
Start in Monitor mode - it's free during the 30-day trial, no disruption to live traffic.
Traditional WAFs ask: "Is this a known attack?" SentraShield asks: "Does this request match the learned, legitimate behavior of my application?" That's a fundamentally stronger model.
SentraShield works with behavioral allowlisting - not signature blocking. After learning your application's structure, it fixes that model as a policy. Anything outside the policy is structurally anomalous and blocked.
This is the classic positive security model: learn legitimate structure → fix it → block structural deviations. This approach catches zero-day attacks and novel payloads that signature-based systems miss entirely.
Three clearly defined modes let you adopt SentraShield at your own pace - with zero risk to production traffic.
SentraShield observes all traffic, builds the behavioral baseline and parameter schema. Nothing is blocked. Safe for immediate deployment on any live site.
Blocking rules are active but attacks are logged, not blocked. Run the test suite and verify detection coverage. Tune until zero false positives before enabling protect.
Full enforcement. Requests that deviate from the learned policy are blocked in real-time before your application executes. Automatic downgrade to Monitor if license expires.
The SentraShield dashboard gives you full visibility into your protection status, threat events, baseline quality, and schema coverage - no external tools required.
Click any screenshot to enlarge · Real dashboard screenshots coming with your trial
We believe in technical honesty. SentraShield is a specialized tool that does its job exceptionally well. Here's exactly where it fits.
Every plan includes a 30-day free trial. Upgrade, downgrade, or cancel anytime.
Enterprise plans include dedicated support, custom domain limits, and a service level agreement.
Everything you need to know before getting started.
No. SentraShield integrates entirely via auto_prepend_file in your .htaccess or php.ini. Your application code is completely unchanged.
No. You start in Monitor mode which only observes traffic - nothing is blocked. You only enable blocking after verifying zero false positives in Simulate mode.
Yes. SentraShield is specifically designed for shared hosting. It requires only PHP 7.4/8.x, no root access, no server extensions, and no compiled modules.
Each plan includes a domain limit. When you enter your license key on a new domain, it's automatically registered. The server enforces the limit - no manual configuration needed.
SentraShield automatically downgrades to Monitor mode - your site stays online, traffic continues to flow, but active blocking is paused until you renew.
Yes. Every plan includes a 30-day free trial. Start in Monitor mode with zero risk, verify it works for your application, then decide whether to continue.
No. SentraShield is built with privacy-aware logging from the ground up. Sensitive form fields — passwords, tokens, API keys, CVV numbers — are automatically detected by parameter name and replaced with ***REDACTED*** in all log files before anything is written to disk. Bearer tokens and API keys in URLs or Referer headers are stripped before traffic logs are written. HTTP Authorization headers and cookies are never read or stored. The behavioral baseline and schema store only abstract value types (:int, :str, :uuid) — never actual user input. All logs remain exclusively on your server.
SentraShield learns semantic structure, not concrete values. Values are normalized (integers become :int, UUIDs become :uuid) before storage - preventing overfitting and value-binding attacks.
Yes. SentraShield works with any PHP application. The learning phase adapts to your specific application's request patterns regardless of the framework.
Have questions, need an Enterprise quote, or want to discuss a custom integration? We respond quickly.
Thank you for reaching out. We'll get back to you shortly.