8G Firewall
After more than a year of beta testing, 8G Firewall is ready for use on production sites. So you can benefit from the powerful protection provided by the latest evolution of the nG Firewall (aka nG Blacklist). The 8G Firewall offers lightweight, server-level protection against a wide range of malicious requests, bad bots, automated attacks, spam, and many other types of threats and nonsense. 8G is a lightweight (only 17KB) strong firewall that provides site security and peace of mind. Plus, 8G is open source and 100% free for everyone :)
SetEnvIf instead of mod_rewrite. Learn more and download at GitHub.Contents
About 8G Firewall
The 8G Firewall is a carefully crafted set of security rules for Apache and Nginx servers. It can be applied via your site’s public root .htaccess file, or added via server configuration. Once added, 8G provides powerful server-level protection against a wide range of malicious requests, bad bots, automated attacks, spam, and many other types of threats and nonsense. It’s a lightweight (only 17KB) strong firewall that improves site security and peace of mind.
8G Firewall builds on 7G, optimizing scope with performance while minimizing false positives. Learn more about nG-series firewall, including 8G and all the details:
Reporting Bugs
As of version 1.3, 8G is out of beta and ready for production sites. Any bugs (false positives) may be reported via my contact form. Or if you have any questions or non-bug-related feedback, you are welcome to leave a comment on this post. Thank you :)
Download 8G Firewall
By downloading 8G, you agree to the terms set forth in the License and Disclaimer. You will find copy of the 8G changelog included in the zip download file. Check out the nG homepage for install steps and complete information.
License & Disclaimer
8G Firewall is open source and 100% free for all. The only requirement is that the following credit lines are included when using 8G (or any of its parts).
# 8G FIREWALL
# https://perishablepress.com/8g-firewall/Other than that, it’s all yours!
Disclaimer
The 8G Firewall is provided “as-is”, with the intention of helping people protect their sites against bad requests and other malicious activity. The code is open and free to use and modify as long as the first two credit lines remain intact. By using this code you assume all risk and responsibility for anything that happens. So use wisely, test thoroughly, and enjoy the benefits of my work :)
Show support
I spend countless hours developing the nG Firewall. I share it freely and openly with the hope that it will help make the Web a more secure place for everyone.
If you benefit from my work with nG Firewall and would like to show support, consider buying one of my books, such as .htaccess made easy. You’ll get a complete guide to .htaccess, exclusive forum access, and a ton of awesome techniques for configuring, optimizing, and securing your site.
Of course, tweets, likes, links, and shares are super helpful and very much appreciated. Your generous support allows me to continue developing the nG Firewall and other awesome resources for the community. Thank you kindly :)
8G Notes
Any 8G-related notes will be added/updated here..
- Only use 7G or 8G, not both
- 8G is modular: each section can be removed/added as desired
- 8G is designed to work flawlessly with WordPress or any other non-WP site
- 8G adds new “HTTP COOKIE” rules
- Please report any strings or user agents that should not be blocked
- Always test well before going live and report any bugs or issues
- Joomla sites: remove “administrator” from Request URI rules
- Other 8G-related notes will be added here..
132 responses to “8G Firewall”
Hi Jeff!
Thanks for your hard work! I use the firewall in my home-built CMS. Works like a charm.
Only thing: I had to remove
homefrom the list. It would make my navigation run into “403 forbidden” when going to the home page!Thanks and best regards!
chris
Thanks for reporting, Chris. I will look at removing or modifying the “home” pattern in the next update. Cheers!
I am seeing a lot of spam from bot called “nbot” and doesn’t seem to be covered in 7G. Does 8G block it?
Not yet but it’s on the list to add to the User Agent rules for the next update.
Jeff when do you think a update will be released? Love the 8G it seems to be working flawlessly and it speeds up the site as well. also improved GTMetrix
There are some pending changes but nothing super critical. Is there something specific you need help with, or needs updated?
Following part needs to be removed to prevent breaking design of the vBulletin 4 forum:
vbull(etin)?|I am unsure why it is there, what is wrong with it in order to be added. Can you remove it?
It is “there” because it is a highly targeted pattern/string in malicious URI requests. You can remove it (or any string) as needed, the firewall is meant to be customized.
Hello, I have submitted a contact form around 2-3 times (last time it was ~yesterday) in the past regarding non working 7G and 8G logging and never received a reply. If you have not received it, can you please link to your email or other contact?
Hey A, I got your email from yesterday, just super busy with work. Will try to get to it soon.
I wanted to note that the rule:
blocks a needed file download at:
https://example.com/download.php?id=1312so i have tweaked that rule. Btw. thank you for this nice firewall.
Its working very well, I dont see any error. Good job Jeff Starr.
Hello, i want to know how to install it on nginx server thanks. Appreciate your hard work !
I don’t have a guide specifically for 8G, but here is a guide for 7G on Nginx.
Just a small FYI. I found that this line was breaking the local insertion of some javascript in one of the CMS’ we use.
Figured out it was the “database” entry because the CMS had a sub-dir with the same name that held a bunch of related javascript files for the menu system.
Hey Jeff, thanks a ton for your work on the nG firewalls, they have been total life savers as it helps me sleep a little better at night!
I ran into an issue when using quotes on a search page, e.g.:
search?terms="exact+phrase"search?terms=%22exact+phrase%22Removing
|%22from the line%0a|%0d|%22|%27|%3c|%3e|%00fixed it for me, figured I’d mention this use case.Thanks for reporting, Ap. Quotes are considered unsafe characters when included in URLs. Best bet is just to remove the
|%22from 8G rules as you suggest.My application firewall keeps blocking lots of odd GET ‘Requests’ like this because they appear like cross site scripting attempts “/news/%3Cscript%20src=%22https://cdn.doubleverify.com/dvbm.js”. So I’d like to add “doubleverify” into the 8G Firewall rules to block them at the first instance, but where should I insert that?
You can add
cdn.doubleverify.comto the URI Request rules would do the trick.Would adding it into a line like this work?:
RewriteCond %{REQUEST_URI} (cdn.doubleverify.com|sym403|telerik|uddatasql|…
Looks correct, you may want to escape the dots to match literally, like
RewriteCond %{REQUEST_URI} (cdn\.doubleverify\.com|sym403|…. Note this will block any/all requests that include that particular string in the URI, so keep an eye on things to make sure no legit traffic is being blocked.