BBQ Firewall is a lightweight, super-fast plugin that protects your site against a wide range of threats. BBQ checks all incoming traffic and quietly blocks bad requests containing nasty stuff like
base64_, and excessively long request-strings. This is a simple yet solid solution for sites that are unable to use a strong Apache/.htaccess firewall.
- About Customize Rules addon
- Remove rules from firewall (whitelist)
- Add rules to firewall (blacklist)
- Download addons
- More addons
About Customize Rules addon
BBQ is kept as lightweight as possible, so there are no options to configure the firewall rules. The default rules are context-neutral and work great on any WordPress setup. But there may be cases where you want to add or remove patterns from the firewall rules. So to give the plugin more flexibility, here are a couple of free addons that enable you to customize firewall patterns as desired.
Remove rules from firewall (whitelist)
If you’re running BBQ and discover that it’s blocking some legitimate URL, you can “whitelist” the offending pattern to restore access. Let’s look at an example. Let’s say that BBQ is blocking a page located at the following URL:
This URL is blocked by BBQ because of the colon
:, which is a reserved character.
To resolve the issue, we can install the BBQ whitelist plugin and remove the matching pattern from
$request_uri_array, which matches against the requested URI. To do so, open the plugin file and edit the “whitelist items” like so:
$bbq_whitelist_request_uri_items = array('\/http\:', '\:\/\/');
Here we have added two items to the whitelist array,
\:\/\/. Save, upload, and done. BBQ now will ignore the specified patterns and thus restore access to the URL. This solution can be used to resolve any false positive.
The previous example shows how to allow/whitelist the specified strings in the request URI. In this example, we want to allow instances of a string in all fields: request URI, query string, user agent, and referrer. To do it, open the whitelist plugin and replace the four empty variables near the top of the file with this:
$bbq_whitelist_request_uri_items = array('allow-some-string'); $bbq_whitelist_query_string_items = array('allow-some-string'); $bbq_whitelist_user_agent_items = array('allow-some-string'); $bbq_whitelist_referrer_items = array('allow-some-string'); $bbq_whitelist_post_items = array('allow-some-string');
allow-some-string with whatever string you want to allow. Save changes, upload and done.
Add rules to firewall (blacklist)
On the other side of the coin, let’s say that you have some string that you would like BBQ to block. For example, the infamous
fckeditor seems to be a perpetual target for malicious scanning and wannabe exploits. So let’s block once and for all by adding it to BBQ. To do it, first install the BBQ blacklist plugin. Then open the plugin file and edit the “blacklist items” like so:
$bbq_blacklist_request_uri_items = array('fckeditor'); $bbq_blacklist_query_string_items = array('fckeditor'); $bbq_blacklist_user_agent_items = array('fckeditor'); $bbq_blacklist_referrer_items = array('fckeditor'); $bbq_blacklist_post_items = array('fckeditor');
Here we have added the offending string to each of the four blacklist arrays, so we’re covered if the string appears in the request URL, query string, user agent, referrer, and/or POST data. Then save, upload, and done. BBQ now will block the pesky
fckeditor pattern whenever and wherever it’s found.
Here you may download the BBQ Block List (blacklist) and Allow List (whitelist). These are 100% free addons licensed via GPL version 2 or later.
Here are some available addons for BBQ Firewall (free version).
- BBQ Firewall – Count Blocked Requests
- BBQ Firewall – Customize Features
- BBQ Firewall – Customize Rules
- BBQ Firewall – Customize Rules GUI (Thanks to LyntServices)