Site Firewalls: 6G

The 6G WAF was originally developed by Jeff Starr at Perishable Press for Apache-based servers. 6G is an excellent lightweight firewall that parses requests for anything anomalous or malicious looking, looking for: Bad Bots Bad Referrers Bad Query Strings Bad Requests Disallowed Request Methods We have adapted the firewall for Nginx, but more details can be found here. […]

Site Firewalls: ModSec

Introduction Developer plan accounts have access to the ModSecurity WAF for each of their sites on a GridPane managed server. We use the full OWASP foundation 3+ Core Ruleset (CRS) to protect your sites from a wide array of attack vectors including:  SQL Injection (SQLi) Cross-Site Scripting (XSS) Local File Inclusion (LFI) Remote File Inclusion (RFI) PHP Code Injection Java […]

Using the GridPane 6G Web Application Firewall

Index  Introduction Using the Firewall Provision a server and deploy a GridPane Site Enable/Disable the GridPane 6G WAF The 6G WAF Logs Enable/Disable 6G WAF Rulesets Create WAF Whitelists when necessary. Note: The modular 6G firewall with logs is an upgrade to the original 6G firewall. Sites using the previous version will need to disable […]

Using the GridPane ModSec Web Application Firewall

Index  Introduction Using the Firewall Provision a server and deploy a GridPane Site Enable/Disable the GridPane 6G WAF Adjusting ModSec Waf Sensitivity Setting the Paranoia Level Setting the Anomaly Threshold ModSec WAF Audit Logging Adding exceptions and whitelists to tune the core ruleset Exceptions versus Whitelist Adding a whitelist rule Introduction Developer plan accounts have […]

Using the GridPane 7G Web Application Firewall on Nginx

TABLE OF CONTENTS  Introduction The 7G Firewall Configuration Location on Nginx Part 1. Enable the Firewall Part 2. The 7G WAF Logs Part 3. Enable/Disable 7G WAF Rulesets Part 4. 7G WAF Whitelist Rules Part 5. Real 7G Whitelist Rule Examples Part 6. 7G Ruleset Customisation Part 7. Creating Custom Rules IMPORTANT Do NOT copy […]

Using the GridPane 7G Web Application Firewall on OpenLiteSpeed (OLS)

TABLE OF CONTENTS Introduction Part 1. Enable the Firewall Part 2. The 7G WAF Logs Part 3. Enable/Disable 7G WAF Rulesets Part 4. Customizing the 7G WAF Ruleset Per Site Part 5. Creating Whitelist Rules Part 6. Creating Additional Deny Rules Introduction The GridPane OpenLiteSpeed stack incorporates the 7G Web Application Firewall (the predecessor, 6G, […]