Site Firewalls: 6G

The 6G WAF was originally developed by Jeff Starr at Perishable Press for Apache-based servers. 6G is an excellent lightweight firewall that parses requests for anything anomalous or malicious looking, looking for: Bad Bots Bad Referrers Bad Query Strings Bad Requests Disallowed Request Methods We have adapted the firewall for Nginx, but more details can be found here. […]

Site Firewalls: ModSec

Introduction Developer plan accounts have access to the ModSecurity WAF for each of their sites on a GridPane managed server. We use the full OWASP foundation 3+ Core Ruleset (CRS) to protect your sites from a wide array of attack vectors including:  SQL Injection (SQLi) Cross-Site Scripting (XSS) Local File Inclusion (LFI) Remote File Inclusion (RFI) PHP Code Injection Java […]

Using the GridPane 6G Web Application Firewall

Index  Introduction Using the Firewall Provision a server and deploy a GridPane Site Enable/Disable the GridPane 6G WAF The 6G WAF Logs Enable/Disable 6G WAF Rulesets Create WAF Whitelists when necessary. Note: The modular 6G firewall with logs is an upgrade to the original 6G firewall. Sites using the previous version will need to disable […]

Using the GridPane ModSec Web Application Firewall

Index  Introduction Using the Firewall Provision a server and deploy a GridPane Site Enable/Disable the GridPane 6G WAF Adjusting ModSec Waf Sensitivity Setting the Paranoia Level Setting the Anomaly Threshold ModSec WAF Audit Logging Adding exceptions and whitelists to tune the core ruleset Exceptions versus Whitelist Adding a whitelist rule Introduction Developer plan accounts have […]

Using the GridPane 7G Web Application Firewall on Nginx

TABLE OF CONTENTS  Introduction The 7G Firewall Configuration Location on Nginx Part 1. Enable the Firewall Part 2. The 7G WAF Logs Part 3. Enable/Disable 7G WAF Rulesets Part 4. 7G WAF Whitelist Rules Part 5. Real 7G Whitelist Rule Examples Part 6. 7G Ruleset Customisation Part 7. Creating Custom Rules IMPORTANT Do NOT copy […]

Diagnosing 403 Forbidden Errors

TABLE OF CONTENTS Introduction: What is a 403 Error? Firewall Rules 403 on an Image or File Caching and Nonces File Permissions CDN Issues Corrupt/Misconfigured .htaccess file Broken/Missing Plugins Custom Nginx Config Rules Introduction: What is a 403 Forbidden Error? The 403 Forbidden error occurs when a request is made the server cannot allow. This […]