Spring Sale! Save 30% on all books w/ code: PLANET24
Web Dev + WordPress + Security

7G Firewall

[ 7G Firewall (Beta) ] The 7G Firewall is here! 7G is now out of beta and ready for production sites. So you can benefit from the powerful protection of the latest nG Firewall (aka nG Blacklist).

The 7G Firewall offers lightweight, server-level protection against a wide range of malicious requests, bad bots, automated attacks, spam, and many other types of threats and nonsense.

7G is a lightweight (only 12KB) strong firewall that provides site security and peace of mind. Plus, 7G is open source and 100% free for everyone :)

Update! 8G Firewall (beta) now available!
Update! 7G has been forked by Tonk├╝nstler-on-the-Bund to use SetEnvIf instead of mod_rewrite. Learn more and download at GitHub.

Contents

About 7G

Two unwritten laws of the Web: 1) Nothing is 100% secure, and 2) All websites are under pretty much 24/7 constant attack. Whether it’s just nuisance traffic like spam, or serious in-your-face DDoS attack, now is the time to strengthen site security and lock things down. 7G helps with this by protecting your site against many types of bad requests and attacks. It gives your site a super strong layer of protection at the server level. So bad requests are blocked without having to load up PHP, MySQL, and everything else.

I’ve seen many times sites just getting hammered with bad traffic.. then you add nG Firewall and watch the noise drop to zero. You free up all those server resources for the good traffic.

What’s the downside? Same as with any firewall, potential false positives. Fortunately for us, 7G is the seventh generation of a firewall/blacklist that comprises over a decade of research, testing, and development. 7G integrates the best features of all previous nG Firewalls and builds upon them. So the goal for 7G is zero false positives. Hence the purpose of the “beta” version is to fine-tune the firewall rules based on larger sample size.

Bottom line: 7G is an easy-to-use, cost-effective way to secure your site against malicious HTTP activity. It helps to protect against evil exploits, ill requests, and other nefarious garbage, such as XSS attacks, code injections, cache poisoning, response splitting, dual-header exploits, and more.

Tip: 7G works on any Apache-powered website. WordPress not required!
Tip: 7G complements ModSecurity giving your site extra protection.

How It Works

The 7G Firewall is a powerful, well-optimized set of rewrite rules that checks all URI requests against a set of carefully constructed Apache/.htaccess or Nginx directives. This happens quietly behind the scenes at the server level, which is optimal for performance because it avoids the need to load up PHP and MySQL just to block a bad request. This is one reason why securing at the server level is better than using a plugin or other PHP script.

7G improves performance by freeing up server resources.

And it’s super-easy to add 7G to your site. Just add the code to your site’s root .htaccess file and then sit back and relax while 7G works its magic. That’s the beauty of it: there is no configuration required. Security via simplicity: add the code and done. For more details, check out the Deployment section below.

Check out a live demo of 7G Firewall »

Once implemented, 7G scans every HTTP request made to your site. It compares key aspects of each request against a carefully formulated set of patterns and regular expressions (regex). So if someone or something triggers a match, they immediately are blocked silently behind the scenes (via 403 Forbidden response). So legitimate visitors can continue to surf your site with total confidence, while the bad guys are getting stomped by 7G.

Features

7G is a strong firewall that is lightweight and super fast. It strives for the optimal balance between security and performance, delivering significantly better protection than previous nG. Each iteration of nG builds upon previous versions, fortifying successful patterns, removing outdated patterns, and of course adding new patterns and rules based on current data. The result is a 7th-generation firewall that is cumulatively developed and extensively tested, based on code with a proven track record.

Here are some top features and goals of the 7G Firewall:

  • Security via simplicity
  • Extensive firewall protection
  • Fine-tuned to minimize false positives
  • Lightweight (only 12KB!), modular, flexible and fast
  • Completely plug-&-play with no configuration required
  • Improves security, reduces server load, and conserves resources
  • Git/SVN friendly (does not block svn/git files et al)
  • Open source, easy to use, and completely free
  • 100% compatible with WordPress
  • Better bad bot detection
  • Built-in logging! :)

7G protects against many types of attacks and threats, including:

  • Directory Traversal
  • HTTP Response Splitting
  • (XSS) Cross-Site Scripting
  • Cache Poisoning
  • Dual-Header Exploits
  • SQL/PHP/Code Injection
  • File Injection/Inclusion
  • Null Byte Injection
  • WordPress exploits such as revslider, timthumb, fckeditor, et al
  • Exploits such as c99shell, phpshell, remoteview, site copier, et al
  • PHP information leakage

Additionally, the 7G Firewall protects against a wide range of malicious requests, bad bots, spam, and other nonsense. Further, 7G uses Apache’s mod_rewrite, so it works on all types of HTTP request methods: GET, POST, PUT, DELETE, and all others. That means robust protection for your website.

Requirements

Here are the only requirements for 7G Firewall:

  • Apache server
  • mod_rewrite enabled
  • Access to .htaccess or config
Not using Apache? Check out 7G for Nginx and 7G for Caddy Server.

If you are unsure about either of these requirements, ask your web host. If you are new to Apache and/or .htaccess, and want to learn more about it, I wrote an entire book on using .htaccess to secure and optimize your site. Also, here is a tutorial that explains how to create an .htaccess file on your local machine.

If your site does not meet the requirements, check out my WordPress plugins, BBQ: Block Bad Queries (free) and BBQ Pro (premium version). These plugins are blazing fast and integrate nG technology, providing strong firewall protection for your WordPress-powered site.

Download 7G Firewall

By downloading this file, you agree to the terms set forth in the License and Disclaimer. Also check out the 7G Changelog. To implement 7G, follow the steps in the Deployment section, below.

Download 7G FirewallVersion 1.6 ( 5.99 KB ZIP )
Note: To retain the Unix LF EOL characters (line breaks) in the 7G text file, it is recommended to use a program that supports them, such as Notepad++ (free for Windows) or TextEdit or BBEdit (free for Mac). The line breaks keep the code structured and readable, instead of a big jumbled mess.

License

As mentioned previously, the 7G Firewall is entirely open source and free for all to use. The only requirement is that the following credit lines are included wherever 7G is used (note that version and date infos will vary):

# 7G FIREWALL
# @ https://perishablepress.com/7g-firewall/

Other than that, it’s all yours!

Disclaimer

The 7G Firewall is provided “as-is”, with the intention of helping people protect their sites against bad requests and other malicious activity. The code is open and free to use and modify as long as the first two credit lines remain intact. By using this code you assume all risk and responsibility for anything that happens, whether good or bad. In short, use wisely, test thoroughly, don’t sue me.

Deployment

Quick summary: add the 7G code to your site’s root .htaccess file (or Apache config file) and test thoroughly. After proper testing, you’re all set: 7G Firewall protects your site silently with minimal footprint. A completely set-it-and-forget-it firewall solution. Here are the steps to add 7G to your site:

  1. Agree to the terms, download, and unzip 7G
  2. Make a backup of your current .htaccess file
  3. Copy all 7G code and add to your root .htaccess
  4. Save changes and upload to your server
  5. Test well (see next section)

Note: for best results, place 7G code before any existing mod_rewrite rules (e.g., WordPress Permalinks).

Testing & Feedback

This version of the nG Firewall is turn-key equipped for logging via PHP. Here is a complete tutorial on how to log blocked requests via PHP. Further troubleshooting tips available on the 6G Firewall homepage.

Also, if you discover any bugs, issues, or errors, report them directly via my contact form. As always, feel free to share feedback and ask any questions in the comment section. Please do not report bugs in the comment area, thanks :)

Notes & Infos

Here are some miscellaneous notes and tips about the 7G Firewall.

  • 7G is modular: each section can be removed/added as desired
  • It is fine to use multiple nG firewalls, but not recommended
  • 7G is designed to work flawlessly with WordPress and any other website
  • Please report any strings or user agents that should not be blocked
  • Always test well before going live and report any bugs or issues
  • Use Contao CMS? Check out the nG Apache Firewall for Contao
  • If using any sort of “thumb” plugin or script, remove the two lines that include (thumbs?(. One line is in User Agents and the other in Request URI.
  • Nice tutorial on Using 7G Firewall with OpenLiteSpeed
  • Other notes will be added here..

Enable phpMyAdmin

Depending on your setup, it may be necessary to make the following changes for phpMyAdmin to work. First, remove |request from the following line:

RewriteCond %{QUERY_STRING} (globals|mosconfig([a-z_]{1,22})|request)(=|\[) [NC,OR]

Then also remove (or comment out) this entire line:

RewriteCond %{QUERY_STRING} (_|%5f)(r|%72|%52)(e|%65|%45)(q|%71|%51)(u|%75|%55)(e|%65|%45)(s|%73|%53)(t|%74|%54)(=|\[|%[0-9A-Z]{2,}) [NC,OR]

With those changes in place, phpMyAdmin should work properly on most servers.

Enable s2Member

To enable the s2Member WordPress plugin, make the following changes. First, remove globals| from the following line:

RewriteCond %{QUERY_STRING} (globals|mosconfig([a-z_]{1,22})|request)(=|\[) [NC,OR]

Then also remove (or comment out) this entire line:

RewriteCond %{QUERY_STRING} (g|%67|%47)(l|%6c|%4c)(o|%6f|%4f)(b|%62|%42)(a|%61|%41)(l|%6c|%4c)(s|%73|%53)(=|[|%[0-9A-Z]{0,2}) [NC,OR]

With those changes in place, s2Member should work properly.

7G Addon: Want more 7G WAF protection, check out the free 7G Addon.

Learn More..

To learn more about the theory and development of the 7G Firewall, check out my articles on building the 3G, 4G, 5G Blacklist, and related topics. The 6G Firewall homepage also contains lots of useful and relevant information. And if all that’s not enough, you can view all nG-related posts in the nG tag archive.

Show support

I spend countless hours developing the 7G Firewall. I share it freely and openly with the hope that it will help make the Web a safer place for everyone.

If you benefit from my work with 7G and would like to show support, consider buying one of my books, such as .htaccess made easy. You’ll get a complete guide to .htaccess, exclusive forum access, and a ton of awesome techniques for configuring, optimizing, and securing your site.

Of course, tweets, likes, links, and shares are super helpful and very much appreciated. Your generous support allows me to continue developing the 7G Firewall and other awesome resources for the community. Thank you kindly :)

Support 7G Firewall: Donate via PayPal or your favorite cryptocurrency »

Thank You

Thanks to everyone who shares feedback and helps beta test nG. Also thank you to everyone who supports Perishable Press with links and social shares. Additionally, I would like to thank the following sites for providing the free tools used during development. Please visit and bookmark these awesome resources:

About the Author
Jeff Starr = Web Developer. Book Author. Secretly Important.
Wizard’s SQL for WordPress: Over 300+ recipes! Check the Demo »

151 responses to “7G Firewall”

  1. I run a vps which hosts multiple domains running on Apache. Any info where to find how to install this serverwide, and not only for one site in htaccess?

    Thanks a bunch!

  2. Sankalan 2023/07/16 8:48 amReply

    Will 7G work on LiteSpeed server?

  3. AnotherAndrew 2023/07/18 3:31 amReply

    Hi Jeff,

    Being hit, cpanel logs show:

    Mozilla/5.0 (compatible; AwarioBot/1.0; +https://awario.com/bots.html)

    Which part of this do I add to the firwall rules? Eg:

    RewriteCond %{HTTP_USER_AGENT} (acapbot|acoonbot|asterias|attackbot|AwarioBot|

    ?
    Thanks

  4. Hello, I tried this but some posts get 403 error.

    I found that disabling RewriteRule .* - [F,L] in # 7G:[REQUEST URI] the posts show again.

    How can I solve?

  5. THANK YOU! 7G Firewall is fantastic. Replaced Wordfence with 7G and we’ve seen vast improvement in website performance and stability on our VPS hosted site. In reviewing error/access logs, I am seeing a lot of errors from the PetalBot. I see that is already blocked in 7G, [USER AGENT] section. The access logs report:

    PetalBot;+https://webmaster.petalsearch.com/site/petalbot

    What more can we do to block that bot? Thanks again.

    • Jeff Starr 2023/07/20 10:01 am Reply

      Hey Ben, what is the status code for the petalbot requests as recorded in the error log?

      • I hope the following is what you need or contains what you need.

        [core:error] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace., referer: https://thesubtimes.com/advanced_ads/pierce-college/page/6

        Thank you.

      • And this is the line from the access log that I assume triggered the error…

        GET /advanced_ads/pierce-college/page/7 HTTP/1.1 500 5202 https://thesubtimes.com/advanced_ads/pierce-college/page/6 Mozilla/5.0 (Linux; Android 7.0;) AppleWebKit/537.36 (KHTML, like Gecko) Mobile Safari/537.36 (compatible; PetalBot;+https://webmaster.petalsearch.com/site/petalbot)
    • Jeff Starr 2023/07/20 9:09 pm Reply

      It looks like there is an error happening on the server. Notice in your error log entry, where it says 500.. that refers to a 500-level fatal error on the server. So best advice would be to investigate and try to resolve the issue, which from the looks of your feedback, is related to “Request exceeded the limit of 10 internal redirects”.

  6. Hello,

    I got a false positive for url:

    https://example.com/wp-admin/admin-ajax.php?action=wcpn_export&request=get_labels&offset=0&_wpnonce=859daeb90c&order_ids%5B%5D=428796&order_ids%5B%5D=428790

    I think its coming from the “%” inside the url? The developer wont fix this for us. We are not that important for them. How can I exclude this from the firewall?

    • Jeff Starr 2023/07/26 11:03 am Reply

      Hey Mike, it’s not the % (which is widely used in URLs), but rather two different strings included in the URL, request and offset. To remove the request string, replace this line:

      RewriteCond %{QUERY_STRING} (globals|mosconfig([a-z_]{1,22})|request)(=|\[) [NC,OR]

      ..with this:

      RewriteCond %{QUERY_STRING} (globals|mosconfig([a-z_]{1,22}))(=|\[) [NC,OR]

      And to remove the offset string, replace this line:

      RewriteCond %{QUERY_STRING} (;|<|>|\'|\"|\)|%0a|%0d|%22|%27|%3c|%3e|%00)(.*)(/\*|alter|base64|benchmark|cast|concat|convert|create|encode|declare|delete|drop|insert|md5|request|script|select|set|union|update) [NC]

      ..with this:

      RewriteCond %{QUERY_STRING} (;|<|>|\'|\"|\)|%0a|%0d|%22|%27|%3c|%3e|%00)(.*)(/\*|alter|base64|benchmark|cast|concat|convert|create|encode|declare|delete|drop|insert|md5|request|script|select|union|update) [NC]

      Save changes and test well, should resolve the false positive block.

      • This indeed solved the problem.
        I saw you have some books about htaccess.

        I have some interested in learning more about htaccess and the way to read / write it. Especially understanding your firewall. Is that book a good start for it?

      • Jeff Starr 2023/07/26 3:29 pm

        Glad to hear that solved it. For the book, yes there is a lot of related information, an entire chapter on security with information about a previous version of nG Firewall. Plus lots of other tips and tricks for controlling and optimizing traffic. Understanding the information in the book would give you great insight into firewalls and other Apache/.htaccess techniques.

  7. I added the 7G firewall rules on my different domains and subdomains. We have noticed that our LimeSurvey installs do not load any css or js when adding the 7G rules to the .htaccess. Any suggestion?

  8. Does it work to have both the 7G Firewall and the Wordfence Web application firewall in the same .htaccess file? If it does work, is there a preferred order? Thanks!

  9. Jeff, I was just wondering about the logic behind blocking image files with specific words in the filename? For instance “shelly.jpg” triggers “shell”.

    I can understand the case where PHP code is hidden in the file contents of a .jpg image, and a .htaccess override to execute .jpg files via PHP is in place.

    But in instances where you can’t override php execution of file extensions. Only file extensions with the .php extension can be executed via PHP, how does blocking other file types such as .jpg based on file name matching (shell) actually help?

    • Jeff Starr 2023/11/06 10:20 am Reply

      Hi Jordan,

      Blocking shell is to thwart malicious activity due to hacking, not image file names. Check this article for more information regarding shell. And yes that is one downside to blacklist-based blocking; it is inevitable that false positives will occur, like shelly.jpg for example will get blocked by the shell pattern in the firewall.

  10. First of all, thanks for this great 7g firewall, Jeff. I had an issue (403 error code- the connection to server has been lost.) with phpmyadmin, I did the recommendations to enable phpmyadmi as you said here (https://perishablepress.com/7g-firewall/), but issue still was remainig.
    And then i uncommented the lines starting with “7g_drop_bad_request” in 7g.conf, so the issue was resolved. you can take a look at it from here: https://drive.google.com/file/d/18Et1ubJfiKOsR03apdvfit1dorVWZGkH/view?usp=drive_link

    Is there any recommendation to do related to this issue?

    Have a good day

    • Jeff Starr 2024/02/12 3:19 pm Reply

      Hi Tarlan, glad to help. Not sure what might be happening in this specific case. Is there a way for you to share the file/image somewhere that doesn’t require a google account? That way I can take a look and try to provide accurate information asap, thanks.

  11. I am trying to find out a bit more about 7G before I install.

    I have a WordPress web site. Under the Notes and Infos, enabling phpMyAdmin is mentioned. How do I know whether this is working or wheher it needs to be enabled? If required, how would I do this (I have no knowledge of php)?

    Thanks,
    Fran├žois Sigouin

    • Jeff Starr 2024/04/12 1:57 pm Reply

      Basically if you visit your phpMyAdmin page and it is working, then 7G is not blocking it. Otherwise, if you add 7G and then suddenly can’t access phpMyAdmin, then you would need to do the “enable phpMyAdmin” thing.

  12. Recent versions of Ubuntu (and perhaps others) include AllowOverride None in Directory blocks for /, /var/www and a few others within the default /etc/apache2/apache2.conf file. This requires commenting-out or removing the Options -Indexes line near the top of 7g-firewall as it will cause a “not allowed here” error and your site will serve nothing but 500s.

    You should also consider editing /etc/apache2/apache2.conf (and restarting Apache) because the default enables Indexes on /var/www which is the opposite of what 7g-firewall is more prudently trying to do here.

Leave a reply

Name and email required. Email kept private. Basic markup allowed. Please wrap any small/single-line code snippets with <code> tags. Wrap any long/multi-line snippets with <pre><code> tags. For more info, check out the Comment Policy and Privacy Policy.

Subscribe to comments on this post

Welcome
Perishable Press is operated by Jeff Starr, a professional web developer and book author with two decades of experience. Here you will find posts about web development, WordPress, security, and more »
SAC Pro: Unlimited chats.
Thoughts
I live right next door to the absolute loudest car in town. And the owner loves to drive it.
8G Firewall now out of beta testing, ready for use on production sites.
It's all about that ad revenue baby.
Note to self: encrypting 500 GB of data on my iMac takes around 8 hours.
Getting back into things after a bit of a break. Currently 7° F outside. Chillz.
2024 is going to make 2020 look like a vacation. Prepare accordingly.
First snow of the year :)
Newsletter
Get news, updates, deals & tips via email.
Email kept private. Easy unsubscribe anytime.