Latest TweetsDisplay Your WordPress Site Statistics: Complete Guide digwp.com/2019/02/display-word…
Perishable Press

7G Firewall (Beta)

[ 7G Firewall (Beta) ] The beta version of 7G Firewall is here! It’s been a long time coming, and now you can help test the next incarnation of the nG Firewall (aka nG Blacklist). The 7G Firewall offers lightweight, server-level protection against a wide range of malicious requests, bad bots, automated attacks, spam, and many other types of threats and nonsense.

7G is a lightweight (only 12KB) strong firewall that provides site security and peace of mind. Plus, 7G is open source and 100% free for everyone :)

Contents

About 7G

Two unwritten laws of the Web: 1) Nothing is 100% secure, and 2) All websites are under pretty much 24/7 constant attack. Whether it’s just nuisance traffic like spam, or serious in-your-face DDoS attack, now is the time to strengthen site security and lock things down. 7G helps with this by protecting your site against many types of bad requests and attacks. It gives your site a super strong layer of protection at the server level. So bad requests are blocked without having to load up PHP, MySQL, and everything else.

I’ve seen many times sites just getting hammered with bad traffic.. then you add nG Firewall and watch the noise drop to zero. You free up all those server resources for the good traffic.

What’s the downside? Same as with any firewall, potential false positives. Fortunately for us, 7G is the seventh generation of a firewall/blacklist that comprises over a decade of research, testing, and development. 7G integrates the best features of all previous nG Firewalls and builds upon them. So the goal for 7G is zero false positives. Hence the purpose of the “beta” version is to fine-tune the firewall rules based on larger sample size.

Bottom line: 7G is an easy-to-use, cost-effective way to secure your site against malicious HTTP activity. It helps to protect against evil exploits, ill requests, and other nefarious garbage, such as XSS attacks, code injections, cache poisoning, response splitting, dual-header exploits, and more.

How It Works

The 7G Firewall is a powerful, well-optimized set of rewrite rules that checks all URI requests against a set of carefully constructed Apache/.htaccess directives. This happens quietly behind the scenes at the server level, which is optimal for performance because it avoids the need to load up PHP and MySQL just to block a bad request. This is one reason why securing at the server level is better than using a plugin or other PHP script.

7G improves performance by freeing up server resources.

And it’s super-easy to add 7G to your site. Just add the code to your site’s root .htaccess file and then sit back and relax while 7G works its magic. That’s the beauty of it: there is no configuration required. Security via simplicity: add the code and done. For more details, check out the Deployment section below.

Check out a live demo of 7G Firewall »

Once implemented, 7G scans every HTTP request made to your site. It compares key aspects of each request against a carefully formulated set of patterns and regular expressions (regex). So if someone or something triggers a match, they immediately are blocked silently behind the scenes (via 403 Forbidden response). So legitimate visitors can continue to surf your site with total confidence, while the bad guys are getting stomped by 7G.

Features

7G is a strong firewall that is lightweight and super fast. It strives for the optimal balance between security and performance, delivering significantly better protection than previous nG. Each iteration of nG builds upon previous versions, fortifying successful patterns, removing outdated patterns, and of course adding new patterns and rules based on current data. The result is a 7th-generation firewall that is cumulatively developed and extensively tested, based on code with a proven track record.

Here are some top features and goals of the 7G Firewall:

  • Security via simplicity
  • Extensive firewall protection
  • Fine-tuned to minimize false positives
  • Lightweight (only 12KB!), modular, flexible and fast
  • Completely plug-&-play with no configuration required
  • Improves security, reduces server load, and conserves resources
  • Git/SVN friendly (does not block svn/git files et al)
  • Open source, easy to use, and completely free
  • 100% compatible with WordPress
  • Better bad bot detection
  • Built-in logging! :)

7G protects against many types of attacks and threats, including:

  • Directory Traversal
  • HTTP Response Splitting
  • (XSS) Cross-Site Scripting
  • Cache Poisoning
  • Dual-Header Exploits
  • SQL/PHP/Code Injection
  • File Injection/Inclusion
  • Null Byte Injection
  • WordPress exploits such as revslider, timthumb, fckeditor, et al
  • Exploits such as c99shell, phpshell, remoteview, site copier, et al
  • PHP information leakage

Additionally, the 7G Firewall protects against a wide range of malicious requests, bad bots, spam, and other nonsense. Further, 7G uses Apache’s mod_rewrite, so it works on all types of HTTP request methods: GET, POST, PUT, DELETE, and all others. That means robust protection for your website.

Requirements

Here are the only requirements for 7G Firewall:

  • Apache server
  • mod_rewrite enabled
  • Access to .htaccess or config

If you are unsure about either of these requirements, ask your web host. If you are new to Apache and/or .htaccess, and want to learn more about it, I wrote an entire book on using .htaccess to secure and optimize your site. Also, here is a tutorial that explains how to create an .htaccess file on your local machine.

If your site does not meet the requirements, check out my WordPress plugins, BBQ: Block Bad Queries (free) and BBQ Pro (premium version). These plugins are blazing fast and integrate nG technology, providing strong firewall protection for your WordPress-powered site.

Download 7G Firewall

By downloading this file, you agree to the terms set forth in the Disclaimer. Download ZIP file contains two text files: 7G-Firewall.txt and changelog.txt.

Reminder: This is the beta version, not recommended for live/production sites.
7G Firewall (Beta) – Version 1.0 (4KB zip)

To implement 7G, follow the steps in the Deployment section, below.

License

As mentioned previously, the 7G Firewall is entirely open source and free for all to use. The only requirement is that the following credit lines are included wherever 7G is used (note that version and date infos will vary):

# 7G FIREWALL v1.0 20201212
# @ https://perishablepress.com/7g-firewall/

Other than that, it’s all yours!

Disclaimer

The 7G Firewall is provided “as-is”, with the intention of helping people protect their sites against bad requests and other malicious activity. The code is open and free to use and modify as long as the first two credit lines remain intact. By using this code you assume all risk and responsibility for anything that happens, whether good or bad. In short, use wisely, test thoroughly, don’t sue me.

Deployment

Quick summary: add the 7G code to your site’s root .htaccess file (or Apache config file) and test thoroughly. After proper testing, you’re all set: 7G Firewall protects your site silently with minimal footprint. A completely set-it-and-forget-it firewall solution. Here are the steps to add 7G to your site:

  1. Agree to the terms, download, and unzip 7G
  2. Make a backup of your current .htaccess file
  3. Copy all 7G code and add to your root .htaccess
  4. Save changes and upload to your server
  5. Test well (see next section)

Note: for best results, place 7G code before any existing mod_rewrite rules (e.g., WordPress Permalinks).

Testing & Feedback

This version of the nG Firewall is turn-key equipped for logging via PHP. Here is a complete tutorial on how to log blocked requests via PHP. Further troubleshooting tips available on the 6G Firewall homepage.

Also, if you discover any bugs, issues, or errors, report them directly via my contact form. As always, feel free to share feedback and ask any questions in the comment section. Please do not report bugs in the comment area, thanks :)

Notes & Infos

Here are some miscellaneous notes and tips about the 7G Firewall.

  • 7G is modular: each section can be removed/added as desired
  • It is fine to use multiple nG firewalls, but not recommended
  • 7G is designed to work flawlessly with WordPress and any other website
  • Please report any strings or user agents that should not be blocked
  • Always test well before going live and report any bugs or issues
  • Other notes will be added here..

Learn More..

To learn more about the theory and development of the 7G Firewall, check out my articles on building the 3G, 4G, 5G Blacklist, and related topics. The 6G Firewall homepage also contains lots of useful and relevant information. And if all that’s not enough, you can view all nG-related posts in the nG tag archive.

Show support

I spend countless hours developing the 7G Firewall. I share it freely and openly with the hope that it will help make the Web a safer place for everyone.

If you benefit from my work with 7G and would like to show support, consider buying one of my books, such as .htaccess made easy. You’ll get a complete guide to .htaccess, exclusive forum access, and a ton of awesome techniques for configuring, optimizing, and securing your site.

Of course, tweets, likes, links, and shares are super helpful and very much appreciated. Your generous support allows me to continue developing the 7G Firewall and other awesome resources for the community. Thank you kindly :)

Thank Yous

Thanks to everyone who shares feedback and helps beta test nG. Also thank you to everyone who supports Perishable Press with links and social shares. Additionally, I would like to thank the following sites for providing the free tools used during development. Please visit and bookmark these awesome resources:

Jeff Starr
About the Author Jeff Starr = Fullstack Developer. Book Author. Teacher. Human Being.
Archives
16 responses
  1. I’ve been using (and recommending) your firewalls for years! Thanks so much for your continued work, Jeff!

  2. ChriStef January 26, 2019 @ 11:40 pmReply ]

    Jeff, im so happy I found you. Thank you for your works and insides. About this firewall rules is really life saver…

    I have 6G firewall live. I just notice SQL injection attempts. My second layer of protection detect these. Alike =

    index.php?nid=251111111111111%22%20UNION%20SELECT%20CHAR%2845%2C120%2C49%2C45%2C81%2C45%29%2CCHAR%2845%2C120%2C50%2C45%2C81%2C45%29%2CCHAR%2845%2C120%2C51%2C45%2C81%2C45%29%2CCHAR%2845%2C120%2C52%2C45%2C81%2C45%29%2CCHAR%2845%2C120%2C53%2C45%2C81%2C45%29%2CCHAR%2845%2C120%2C54%2C45%2C81%2C45%29%2CCHAR%2845%2C120%2C55%2C45%2C81%2C45%29%2CCHAR%2845%2C120%2C56%2C45%2C81%2C45%29%2CCHAR%2845%2C120%2C57%2C45%2C81%2C45%29%2CCHAR%2845%2C120%2C49%2C48%2C45%2C81%2C45%29%2CCHAR%2845%2C120%2C49%2C49%2C45%2C81%2C45%29%2CCHAR%2845%2C120%2C49%2C50%2C45%2C81%2C45%29%2CCHAR%2845%2C120%2C49%2C51%2C45%2C81%2C45%29%2CCHAR%2845%2C120%2C49%2C52%2C45%2C81%2C45%29%2CCHAR%2845%2C120%2C49%2C53%2C45%2C81%2C45%29%2CCHAR%2845%2C120%2C49%2C54%2C45%2C81%2C45%29%2CCHAR%2845%2C120%2C49%2C55%2C45%2C81%2C45%29%2CCHAR%2845%2C120%2C49%2C56%2C45%2C81%2C45%29%2CCHAR%2845%2C120%2C49%2C57%2C45%2C81%2C45%29%2CCHAR%2845%2C120%2C50%2C48%2C45%2C81%2C45%29%2CCHAR%2845%2C120%2C50%2C49%2C45%2C81%2C45%29%2CCHAR%2845%2C120%2C50%2C50%2C45%2C81%2C45%29%2CCHAR%25%20%7Bclipped%7D

    I have 125 this type of attacks. If you want them to test please tell me I cant send them to you.

    I’m wandering if those types can be stopped by your rules?

  3. Hi, I’m upgrading to the new version, thanks for your hard work.

    P.S : did you benchmark loading time for an average website with the rules in .htaccess ? I’m wondering how many ms are necessary to pass through the rules on a standard hosting.

    • Jeff Starr

      Thanks Eroan, but no I have not benchmarked loading time for an average website. All of my free time went into creating it, I’ll leave the benchmarking to someone with more time.

  4. Jim S Smith January 28, 2019 @ 6:44 pmReply ]

    Hey, great news!

    I will be more than happy to check it out.

    I have also been busy researching and refining my own firewall rules. So, I may be looking to merging all the best features into one again.

    For VPS/Dedicated users, I have a very good idea on how to trap IP’s of bad hits via the “errordoc” directives, and some additional PHP. – Will detail this later, when I have some proven concepts running. :-)

    Great show!

    I’m sure there’s more good stuff to come.

    – Jim S.

  5. Hey Jeff, it’s amazing to see another version of your firewall being developed! This is some pretty advanced htaccess and regex wizardry, wow ;-)

    I’ve been using 6G firewall for my websites developed on WordPress and I’m happy to see it evolving.

    Thank you for your hard work, I really appreciate it.

  6. Awesome – will this (or part of this) make its way into your BBQ Pro / Blackhole plugins for WordPress?

  7. Hello Jeff, If I use 7g firewall I can uninstall blackhole plugin and bbq plugin? 7g firewall will do the same work without admin dashboard?

    • Jeff Starr

      Eventually, 7G and BBQ rules will be similar. But right now, as explained pretty clearly in the article, this is a beta version (as of Feb 2019). That basically means that 7G is still being tested, developed, fine-tuned and so forth. So it’s not ready for integration into my plugins at this point.

  8. Thank you Jeff! I tested 7G on my .htaccess no error message but when i write ?eval( at the end of my website nothing happen and my website is still accessible without problem. I uninstalled 7G from my .htaccess and added back BBQ and blackhole plugins and now when i write ?eval( everything is back to normal with the classic error 403 and i’m fine. I don’t know why with 7G .htaccess rule I don’t have any effect but with plugin yes. I will wait for plugin integration when beta is finish. I can’t afford at the moment the premium plugins BBQ and blackhole. I hope in the future I can test the premium version. Have a nice awesome day Jeff!

  9. Many thanks for this informative article.

    Thanks to you, many webmasters are protected from dangerous tools or robots. I use the “All In One WP Security & Firewall” plug-in on my WordPress site.

    Will your 7G Firewall be added to this plugin?

  10. Jeff Starr

    Just another reminder: Please report bugs via my contact form, as explained clearly in the article. Any bug reports left in the comments will be deleted. Thank you.

Drop a Comment  ]
RSS