Spring Sale! Save 30% on all books w/ code: PLANET24
Web Dev + WordPress + Security

5G Firewall Beta

[ 5G (beta) ] Updating the 4G Blacklist, the new 5G Firewall is now open for beta testing. The new code is better than ever, providing wider protection with less code and fewer false positives. I’ve had much success with this new firewall, but more testing is needed to ensure maximum compatibility and minimal issues.

Update: Check out the new and improved 6G Firewall »

At this point, the code has been tested extensively with the following WordPress configurations:

  • Default WordPress installation (no plugins)
  • Current WordPress version 3.0.5 (running plugins1)
  • Older WordPress version 2.3.3 (running plugins2)

The 5G Firewall is the result of many months of meticulous request monitoring, analyses, and testing. With this code, my goal is an easy, plug-n-play security firewall that blocks the maximum volume of malicious requests with a minimum number of false positives. It’s also built with compatibility in mind. The 5G Firewall is fine-tuned3 to WordPress, but the directives are designed for general use and should help any site conserve bandwidth and server resources while protecting against malicious activity.

Beta Testers

Only test this code if you are familiar with .htaccess and comfortable with diagnosing and resolving potential issues. The 5G is currently running at Perishable Press and everything seems to be working great. But there are so many different configurations that beta testing is needed to help ensure maximum compatibility. Please leave any issues/resolutions in the comments section (remember to wrap code in <code> tags).

Disclaimer

The 5G Firewall is provided “as-is”, with the intention of helping site administrators protect their sites against bad requests and other malicious activity. The code is open and free to use and modify only if proper attribution is included (e.g., “5G FIREWALL from PerishablePress.com”. By using this code you assume all risk & responsibility for anything that happens, whether good or bad. In short, use wisely, test thoroughly, don’t sue me.

Learn more..

To learn more about the theory and development of the 5G Firewall, check out my article on constructing the 4G Blacklist. A search for “blacklist” in the sidebar should also return much related information.

5G Firewall Beta

# 5G FIREWALL from PerishablePress.com

# 5G:[QUERY STRINGS]
<ifModule mod_rewrite.c>
 RewriteEngine On
 RewriteBase /
 RewriteCond %{QUERY_STRING} (environ|localhost|mosconfig|scanner) [NC,OR]
 RewriteCond %{QUERY_STRING} (menu|mod|path|tag)\=\.?/? [NC,OR]
 RewriteCond %{QUERY_STRING} boot\.ini  [NC,OR]
 RewriteCond %{QUERY_STRING} echo.*kae  [NC,OR]
 RewriteCond %{QUERY_STRING} etc/passwd [NC,OR]
 RewriteCond %{QUERY_STRING} \=\\%27$   [NC,OR]
 RewriteCond %{QUERY_STRING} \=\\\'$    [NC,OR]
 RewriteCond %{QUERY_STRING} \.\./      [NC,OR]
 RewriteCond %{QUERY_STRING} \:         [NC,OR]
 RewriteCond %{QUERY_STRING} \[         [NC,OR]
 RewriteCond %{QUERY_STRING} \]         [NC]
 RewriteRule .* - [F]
</ifModule>

# 5G:[USER AGENTS]
<ifModule mod_setenvif.c>
 SetEnvIfNoCase User-Agent ^$ keep_out
 SetEnvIfNoCase User-Agent (casper|cmsworldmap|diavol|dotbot)   keep_out
 SetEnvIfNoCase User-Agent (flicky|ia_archiver|jakarta|kmccrew) keep_out
 SetEnvIfNoCase User-Agent (libwww|planetwork|pycurl|skygrid)   keep_out
 <limit GET POST PUT>
  Order Allow,Deny
  Allow from all
  Deny from env=keep_out
 </limit>
</ifModule>

# 5G:[REQUEST STRINGS]
<ifModule mod_alias.c>
 RedirectMatch 403 (https?|ftp|php)\://
 RedirectMatch 403 /(cgi|https?|ima|ucp)/
 RedirectMatch 403 (\=\\\'|\=\\%27|/\\\'/?|\)\.css\()$
 RedirectMatch 403 (\,|//|\)\+|/\,/|\{0\}|\(/\(|\.\.\.|\+\+\+|\|)
 RedirectMatch 403 \.(cgi|asp|aspx|cfg|dll|exe|jsp|mdb|sql|ini|rar)$
 RedirectMatch 403 /(contac|fpw|install|pingserver|register)\.php
 RedirectMatch 403 (base64|crossdomain|localhost|wwwroot)
 RedirectMatch 403 (eval\(|\_vti\_|\(null\)|echo.*kae)
 RedirectMatch 403 \.well\-known/host\-meta
 RedirectMatch 403 /function\.array\-rand
 RedirectMatch 403 \)\;\$\(this\)\.html\(
 RedirectMatch 403 proc/self/environ
 RedirectMatch 403 msnbot\.htm\)\.\_
 RedirectMatch 403 /ref\.outcontrol
 RedirectMatch 403 com\_cropimage
 RedirectMatch 403 indonesia\.htm
 RedirectMatch 403 \{\$itemURL\}
 RedirectMatch 403 function\(\)
 RedirectMatch 403 labels\.rdf
</ifModule>

1 Tested plugins for WP 3.0.5:

  • Akismet
  • All in One SEO Pack
  • BackWPup
  • Clean Options
  • Feed Count
  • Google XML Sitemaps
  • W3 Total Cache
  • WP-phpMyAdmin
  • Contextual Related Posts
  • Customizable Post Listings
  • Custom Query String Reloaded
  • Edit Author Slug
  • FeedStats
  • Google XML Sitemaps
  • Mass Mail
  • No category parents
  • Pierre’s Wordspew
  • Post Editor Buttons
  • Search Everything
  • Secure WordPress
  • Simple:Press Forum
  • TPC! Memory Usage
  • Use Google Libraries
  • Vote the Post
  • WordPress File Monitor
  • WordPress Ultimate Security
  • WP-phpMyAdmin
  • WP-Polls
  • WP-UserOnline
  • WP Favorite Posts
  • WP Hide Dashboard
  • WP Security Scan
  • WP Socializer
  • WPtouch

2 Tested plugins for WP 2.3.3:

  • AddMySite (AMS)
  • Akismet
  • All in One SEO Pack
  • Authenticate
  • Code Auto Escape
  • Compact Archives
  • Contact Coldform
  • Customizable Post Listings
  • Custom Query String Reloaded
  • Dagon Design Sitemap Generator
  • Display Post View Count (Top10)
  • Download Counter
  • Feedburner Feed Replacement
  • Feed Count
  • Full Text Feed
  • Google XML Sitemaps
  • KillNag
  • Plugins Used Plugin
  • Search Everything
  • Simple Recent Comments
  • Simple Tags
  • SimpleTwitter
  • Stealth Publish
  • Subscribe To Comments
  • Theme Switcher
  • the_excerpt Reloaded
  • Yet Another Related Posts Plugin

3 Test Environment:

  • Operating System: Linux
  • Server: Apache/2.2.3 (CentOS)
  • MYSQL Version: 5.0.77-log
  • PHP Version: 5.2.6

4 Example query strings for testing:

http://example.com/path/?../
http://example.com/path/?php://
http://example.com/path/?scanner
http://example.com/path/?boot.ini
http://example.com/path/?echo.*kae
http://example.com/path/?mosconfig
http://example.com/path/?etc/passwd
http://example.com/path/?path=./
http://example.com/path/?=\'
http://example.com/path/?=\%27
http://example.com/path/?environ
http://example.com/path/?menu=
http://example.com/path/?mod=
http://example.com/path/?tag=
http://example.com/path/?ftp:
http://example.com/path/?http:
http://example.com/path/?https:
http://example.com/path/?[
http://example.com/path/?]
http://example.com/path/?
About the Author
Jeff Starr = Fullstack Developer. Book Author. Teacher. Human Being.
Digging Into WordPress: Take your WordPress skills to the next level.

66 responses to “5G Firewall Beta”

  1. Possibility to make a nginx version?

  2. This is a great resource. Thanks for your work on it! One question I have is should I use both the 4G and 5G blacklist together or is that not recommended.

    • Good question. I recommend only the current version, 5G. Note that I am nearing completion of the beta version of 6G, to be announced soon :)

Comments are closed for this post. Something to add? Let me know.
Welcome
Perishable Press is operated by Jeff Starr, a professional web developer and book author with two decades of experience. Here you will find posts about web development, WordPress, security, and more »
USP Pro: Unlimited front-end forms for user-submitted posts and more.
Thoughts
I live right next door to the absolute loudest car in town. And the owner loves to drive it.
8G Firewall now out of beta testing, ready for use on production sites.
It's all about that ad revenue baby.
Note to self: encrypting 500 GB of data on my iMac takes around 8 hours.
Getting back into things after a bit of a break. Currently 7° F outside. Chillz.
2024 is going to make 2020 look like a vacation. Prepare accordingly.
First snow of the year :)
Newsletter
Get news, updates, deals & tips via email.
Email kept private. Easy unsubscribe anytime.