Fall Sale! Code FALL2024 takes 25% OFF our Pro Plugins & Books »
Web Dev + WordPress + Security

8G Firewall

After more than a year of beta testing, 8G Firewall is ready for use on production sites. So you can benefit from the powerful protection provided by the latest evolution of the nG Firewall (aka nG Blacklist). The 8G Firewall offers lightweight, server-level protection against a wide range of malicious requests, bad bots, automated attacks, spam, and many other types of threats and nonsense. 8G is a lightweight (only 17KB) strong firewall that provides site security and peace of mind. Plus, 8G is open source and 100% free for everyone :)

Update: 8G Firewall is out of beta as of version 1.3, now available for download. A huge thank you to all beta testers :)
Update: 8G has been forked by Tonkünstler-on-the-Bund to use SetEnvIf instead of mod_rewrite. Learn more and download at GitHub.

Contents

About 8G Firewall

The 8G Firewall is a carefully crafted set of security rules for Apache and Nginx servers. It can be applied via your site’s public root .htaccess file, or added via server configuration. Once added, 8G provides powerful server-level protection against a wide range of malicious requests, bad bots, automated attacks, spam, and many other types of threats and nonsense. It’s a lightweight (only 17KB) strong firewall that improves site security and peace of mind.

8G Firewall builds on 7G, optimizing scope with performance while minimizing false positives. Learn more about nG-series firewall, including 8G and all the details:

Support 8G Firewall: Donate via PayPal or your favorite digital coin »

Reporting Bugs

As of version 1.3, 8G is out of beta and ready for production sites. Any bugs (false positives) may be reported via my contact form. Or if you have any questions or non-bug-related feedback, you are welcome to leave a comment on this post. Thank you :)

nG Logging: Just FYI, 7G and 8G Firewall support logging of each request, matching patterns, and more. Learn how to enable logging with nG Firewall.

Download 8G Firewall

By downloading 8G, you agree to the terms set forth in the License and Disclaimer. You will find copy of the 8G changelog included in the zip download file. Check out the nG homepage for install steps and complete information.

Download 8G FirewallVersion 1.3 ( 7.13 KB ZIP )
Note: To retain the Unix LF EOL characters (line breaks) in the 8G text file, it is recommended to use a program that supports them, such as Notepad++ (free for Windows) or TextEdit or BBEdit (free for Mac). The line breaks keep the code structured and readable, instead of a big jumbled mess.

License & Disclaimer

8G Firewall is open source and 100% free for all. The only requirement is that the following credit lines are included when using 8G (or any of its parts).

# 8G FIREWALL
# https://perishablepress.com/8g-firewall/

Other than that, it’s all yours!

Disclaimer

The 8G Firewall is provided “as-is”, with the intention of helping people protect their sites against bad requests and other malicious activity. The code is open and free to use and modify as long as the first two credit lines remain intact. By using this code you assume all risk and responsibility for anything that happens. So use wisely, test thoroughly, and enjoy the benefits of my work :)

Show support

I spend countless hours developing the nG Firewall. I share it freely and openly with the hope that it will help make the Web a more secure place for everyone.

If you benefit from my work with nG Firewall and would like to show support, consider buying one of my books, such as .htaccess made easy. You’ll get a complete guide to .htaccess, exclusive forum access, and a ton of awesome techniques for configuring, optimizing, and securing your site.

Of course, tweets, likes, links, and shares are super helpful and very much appreciated. Your generous support allows me to continue developing the nG Firewall and other awesome resources for the community. Thank you kindly :)

Support 8G Firewall: Donate via PayPal, Stripe, or your favorite digital coin »

8G Notes

Any 8G-related notes will be added/updated here..

  • Only use 7G or 8G, not both
  • 8G is modular: each section can be removed/added as desired
  • 8G is designed to work flawlessly with WordPress or any other non-WP site
  • 8G adds new “HTTP COOKIE” rules
  • Please report any strings or user agents that should not be blocked
  • Always test well before going live and report any bugs or issues
  • Joomla sites: remove “administrator” from Request URI rules
  • Other 8G-related notes will be added here..

About the Author
Jeff Starr = Web Developer. Security Specialist. WordPress Buff.
The Tao of WordPress: Master the art of WordPress.

130 responses to “8G Firewall”

  1. Hi Jeff,
    I’m still on 6G ☺

    WordPress is installed in a subdirectory http://www.mydomain.com/blog

    The main domain just redirects to a page in the blog:
    http://www.mydomain.com redirects to >>> http://www.mydomain.com/blog/page1234

    How should I add the 8G code?!
    should the “QUERY STRING” rules still be added to the WordPress subdirectory .htaccess, and everything else to the root .htaccess ?!

    Thanks for the great work.

    • Jeff Starr 2024/04/08 7:49 pm Reply

      Hi Rafael, it really depends on what all you’ve got going on site. Best advice is to just do some basic testing. First place the Query String rules at the beginning of the file and then test. If it works then great, if not then try at the end of the file, etc. Then do the same thing with the remainder of the nG rules should help get you there.

  2. Kelvin Ong 2024/04/09 2:03 amReply

    Hi Jeff,

    How is 8G on OpenLiteSpeed?

    Thank you.

  3. phpbb3 v 3.3.11
    Apache Version 2.4.59
    PHP Version 7.4.33

    [Fri Apr 19 13:04:01.478456 2024] [core:alert] [pid 1463183:tid 22777755326208] [remote 94.64.xxx.xx:54964] /home/xxxxxxx/public_html/phpBB3/.htaccess: RewriteCond: cannot compile regular expression '(checkpriv|cheesebot|cherrypick|chinaclaw|choppy|clshttp|cmsworld|copernic|copyrightcheck|cosmos|cr'

    I comment out this line.

  4. Thanks for your work on this. I’m evaluating it for potential use on a set of smaller Drupal 10 sites.

    I’m curious if you have a public git repository for this project so folks can better automate the library into their CI workflows and projects, to get easy version number support at unique URLs for automated download, and to be able to pin version numbers in their build scripts, and to get public diff functionality and issue queues.

  5. Many thanks for the great job.
    I added 8G to htaccess and it blocks all unwanted bots beautifully.
    However, I am receiving reports from users that they cannot access the forum via Tapatalk. How to unlock it? Which rule is responsible for this?

    • Jeff Starr 2024/05/01 1:46 am Reply

      Just need the URL(s) getting blocked and I would be glad to take a look.

      • In the logs it looks like this:

        176.221.123.3 - - [01/May/2024:08:00:15 +0200] "POST /forum/mobiquo/mobiquo.php?method=get_config HTTP/2" 403 1242 "-" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.86 Safari/537.36 Tapatalk/8.9.8.F"
        46.187.197.179 - - [01/May/2024:08:07:49 +0200] "POST /forum/mobiquo/mobiquo.php?method=get_config HTTP/2" 403 1242 "-" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.86 Safari/537.36 Tapatalk/8.9.2.F"

        I disabled the entire [QUERY STRING] section and Tapatalk became active:

        37.225.17.138 - - [01/May/2024:12:30:52 +0200] "POST /forum/mobiquo/mobiquo.php?method=sign_in HTTP/2" 200 1041 "-" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.86 Safari/537.36 Tapatalk/8.9.8.F"

        Maybe there is no need to disable the entire section and only a specific rule (set of rules) is enough. ?

      • Well Tapatalk is not blocked in 8G Firewall. But mobiquo is blocked in the REQUEST URI rules. To unblock it, locate this string: mobiquo|muiebl; and replace it with just muiebl should do the trick.

  6. Hi Jeff! I’ve been using 7G but I’m now implementing the new 8G 1.3. Recently, my site has been hammered with a rogue bot that’s daily making around 100 or so requests over a half minute interval, all for the same page. The full line in my log file is:
    2024-05-01 00:26:39 42.202.17.88 /contact.php Go-http-client/1.1

    I’m guessing that the go-http-client is an off the shelf bot used by any number of script kiddies scraping the web. Would I just add Go-http-client to the HTTP_USER_AGENT list?

    Thanks for being on our side!

    • Jeff Starr 2024/05/01 1:51 am Reply

      Hi Mark, yes you can add this as the first line in the USER AGENT section:

      RewriteCond %{HTTP_USER_AGENT} (go-http-client) [NC,OR]

      Then later you can add any other user agents like this:

      RewriteCond %{HTTP_USER_AGENT} (go-http-client|some other user agent) [NC,OR]

      Multiple user agents are separated by a vertical bar, |.

  7. I had a webp image (shell_energy-png.webp) on my site that refused to load with the 8G firewall. Tracked the problem down to this line:

    RewriteCond %{REQUEST_URI} (/)((c99|php|web)?shell|crossdomain|fileditor|locus7|nstview|php(get|remoteview|writer)|r57|remview|sshphp|storm7|webadmin)(.*)(\.|%2e|\(|%28) [NC,OR]

    I know “shell” is a rather common networking term, but it’s worth remembering that it’s also the name of a global mega corp and lots of other businesses :).

    • Jeff Starr 2024/05/03 11:57 am Reply

      Yeah somehow I totally forgot about Shell oil company lol. Feel free to remove any offending pattern(s) as you see fit.

  8. Do I just remove this bit Jeff – “(c99|php|web)?shell|” – or only “shell|”?

  9. Admirable idea, effort, and result! I highly recommend this.

  10. this line actually causes Elementor to not save

    # RewriteCond %{REQUEST_URI} (/)((wp-?)?install(ation)?|wp(3|4|5|6)|wpfootes|wpzip|ws0|wsdl|wso(\w)?|www|(uploads|wp-admin)?xleet(-shell)?|xmlsrpc|xup|xxu|xxx|zibi|zipy)(\.php) [NC,OR]
  11. I just downloaded the 8G firewall zip. When checking the 8G-Firewall.txt, I noticed that the last opening did not have a closing

    Is this intentional? If not, “hey, I might have found a bug!” :D

    (I’m pretty sure your target audience would already know how to fix it)

    • Jeff Starr 2024/05/23 1:00 am Reply

      There are no issues that I can see. Can you let me know what you mean by “the last opening did not have a closing”. Apparently angle brackets were removed from your comment, so I am not sure. I *think* you are referring to the IfModule tags..?

  12. Hi Jeff, awesome idea – it would be amazing if there was an option to remove the catch-all handling of wordpress, e.g. by default WP handles all incoming requests, which is stupid and abuses all server resources (e.g. when hit by bots scanning 1000s of non-existing urls). Would you know of a way to use 8g perhaps to achieve this? Cheers

    • Jeff Starr 2024/06/03 12:05 pm Reply

      Hi Tom,

      The server handles all incoming requests. That’s why 8G Firewall is so effective at blocking bad requests and conserving server resources. It denies bad requests at the server level, so expensive things like the database, PHP, images, scripts and other assets don’t have to be loaded. I hope this is clear: WordPress does not “handle all incoming requests”; the server does.

Leave a reply

Name and email required. Email kept private. Basic markup allowed. Please wrap any small/single-line code snippets with <code> tags. Wrap any long/multi-line snippets with <pre><code> tags. For more info, check out the Comment Policy and Privacy Policy.

Subscribe to comments on this post

Welcome
Perishable Press is operated by Jeff Starr, a professional web developer and book author with two decades of experience. Here you will find posts about web development, WordPress, security, and more »
The Tao of WordPress: Master the art of WordPress.
Thoughts
Went out walking today and soaked up some sunshine. It felt good.
I have an original box/packaging for 2010 iMac if anyone wants it free let me know.
Always ask AI to cite its sources.
All free plugins updated and ready for WP 6.6 dropping next week. Pro plugin updates in the works also complete :)
99% of video thumbnail/previews are pure cringe. Goofy faces = Clickbait.
RIP ICQ
Crazy that we’re almost halfway thru 2024.
Newsletter
Get news, updates, deals & tips via email.
Email kept private. Easy unsubscribe anytime.