Spring Sale! Save 30% on all books w/ code: PLANET24
Web Dev + WordPress + Security

About nG Firewall

The nG Firewall is a carefully crafted set of security rules for Apache and Nginx servers. nG may be applied via your site’s public root .htaccess file, or added via server configuration file. Once added, 8G provides powerful server-level protection against a wide range of malicious requests, bad bots, automated attacks, spam, and many other types of threats and nonsense. It’s a lightweight yet super strong firewall that improves site security and peace of mind.

nG works on any website powered by Apache or Nginx. WordPress not required.
nG stands for “nth generation”. So 8G refers to the 8th-generation firewall.

Contents

About nG Firewall

Two unwritten laws of the Web: 1) Nothing is 100% secure, and 2) All websites are under pretty much 24/7 constant attack. Whether it’s just nuisance traffic like spam, or serious in-your-face DDoS attack, now is the time to strengthen site security and lock things down. nG helps with this by protecting your site against many types of bad requests and attacks. It gives your site a super strong layer of protection at the server level. So bad requests are blocked without having to load up PHP, MySQL, and everything else. Strong security without sacrificing performance.

I’ve seen many times sites just getting hammered with bad traffic.. then you add nG Firewall and watch the noise drop to zero. You free up all those server resources for the good traffic.

So what’s the downside? Well, same as with any firewall, potential false positives. Fortunately, nG comprises over a decade of research, testing, and development. It builds on the best features of previous nG Firewalls. Ultimately, the goal for nG Firewall is zero false positives.

Bottom line: nG is an easy-to-use, cost-effective way to secure your site against malicious HTTP activity. It helps to protect against evil exploits, ill requests, and other nefarious garbage, such as XSS attacks, code injections, cache poisoning, response splitting, dual-header exploits, and much more.

How It Works

The nG Firewall is a powerful, well-optimized set of mod_rewrite rules that checks all URI requests against a set of carefully constructed Apache/.htaccess or Nginx directives and regular expressions. This happens quietly behind the scenes at the server level, which is optimal for performance because it avoids the need to load up PHP and MySQL just to block a bad request. This is one reason why securing at the server level is better than using a plugin or other PHP script.

nG improves performance by freeing up server resources.

For Apache servers, nG Firewall is easy to implement. Just add the code to your site’s public root .htaccess file. Then sit back and relax while nG Firewall works its magic. That’s the beauty of it: there is no configuration required. Security via simplicity: add the code and done. For more details, check out the Deployment section below.

For Nginx servers, implementation is fairly involved and requires more steps. For example, here is a guide that shows how to set up 7G on Nginx.

Once implemented, nG scans every HTTP request made to your site. It compares key aspects of each request against a carefully formulated set of patterns and regular expressions (regex). So if someone or something triggers a match, they immediately are blocked (via 403 Forbidden response). So legitimate visitors can continue to surf your site with total confidence, while the bad guys are getting stomped by nG.

Features

nG Firewall is designed to be lightweight and super fast. It strives for the optimal balance between security and performance, delivering significantly better protection than previous nG firewalls. Each iteration of nG builds upon previous versions, fortifying successful patterns, removing outdated patterns, and of course adding new patterns and rules based on current data. The result is an nth-generation firewall that is cumulatively developed and extensively tested, based on code with a proven track record. Here are some top features and goals of nG Firewall:

  • Security via simplicity
  • Extensive firewall protection
  • Fine-tuned to minimize false positives
  • Lightweight, modular, flexible and fast
  • Completely plug-&-play with no configuration required
  • Improves security, reduces server load, conserves resources
  • Open source, easy to use, and completely free
  • WordPress not required: works on any website
  • 100% compatible with WordPress

nG protects against threats

nG protects against many types of attacks and threats, including:

  • Directory Traversal
  • HTTP Response Splitting
  • (XSS) Cross-Site Scripting
  • Cache Poisoning
  • Dual-Header Exploits
  • SQL/PHP/Code Injection
  • File Injection/Inclusion
  • Null Byte Injection
  • WordPress exploits like timthumb and fckeditor
  • PHP exploits like c99shell, rom2823, r3vn330, sux0r, et al
  • PHP information leakage

Additionally, nG Firewall protects against a wide range of malicious requests, bad bots, spam, and other nonsense. Further, nG uses Apache’s mod_rewrite, so it works on all types of HTTP request methods: GET, POST, PUT, DELETE, and all others. That means robust protection for your website.

Tip: nG complements ModSecurity giving your site extra protection.

Requirements

Here are the only requirements for 7G Firewall:

  • Apache server
  • mod_rewrite enabled
  • Access to .htaccess or config

If you are unsure about either of these requirements, ask your web host. If you are new to Apache and/or .htaccess, and want to learn more about it, I wrote an entire book on using .htaccess to secure and optimize your site. Also, here is a tutorial that explains how to create an .htaccess file on your local machine.

Not using Apache? Check out 7G for Nginx and 7G for Caddy Server.
If your site does not meet the requirements, check out my WordPress plugins, BBQ: Block Bad Queries (free) and BBQ Pro (premium version). These plugins are blazing fast and integrate nG technology, providing strong firewall protection for your WordPress-powered site.

Download 7G Firewall

By downloading any version of nG Firewall (e.g., 6G, 7G, 8G), you agree to the terms set forth in the License and Disclaimer. To implement nG, follow the steps in the Deployment section, below. To download any version of nG Firewall, visit the respective homepage:

Note: For earlier versions, nG was referred to as a “blacklist”. For 6G and beyond, it’s referred to as a “firewall”.

License

nG Firewall is open source and 100% free for all. The only requirement is that the following credit lines are included when using nG (or any of its parts). Note that the version number and URL will vary depending on the version of nG Firewall.

# 8G FIREWALL
# https://perishablepress.com/8g-firewall/

Other than that, it’s all yours!

Disclaimer

The nG Firewall is provided “as-is”, with the intention of helping people protect their sites against bad requests and other malicious activity. The code is open and free to use and modify as long as the first two credit lines remain intact. By using this code you assume all risk and responsibility for anything that happens. So use wisely, test thoroughly, and enjoy the benefits of my work :)

Deployment

Quick summary: for Apache servers, add the nG code to your site’s public root .htaccess file (or config file) and test thoroughly. After proper testing, you’re all set: nG Firewall protects your site silently with minimal footprint. A completely set-it-and-forget-it firewall solution. Here are more detailed steps to add nG to your site:

  1. Agree to the terms, download, and unzip nG
  2. Make a backup of your current .htaccess file
  3. Copy all nG code and add to public root .htaccess
  4. Save changes and upload to your server
  5. Test well (see next section)
Note: For best results, place nG code before any existing mod_rewrite rules (e.g., WordPress Permalinks).
Note: Using Nginx? Learn how to add nG to Nginx.

Testing & Feedback

Testing is great, reporting is even better. Why? Because when you report false positives and/or other issues, I can investigate and try to resolve ASAP. Testing and reporting ultimately improves the quality and effectiveness of the firewall, thereby benefitting all users. Your feedback is instrumental in development of nG Firewall.

If you’re going to be using and testing nG Firewall, you’re gonna want to tap into the power of logging. Logged request data provides great insight into what, where, when, and why things are happening on the server.

Since version 7G, the nG Firewall is turn-key equipped for logging via PHP. To set it up, follow this tutorial on how to log blocked requests with nG Firewall.

You can find similar log data in your site’s access and error logs. These log files are available on your server, ask your web host for help if needed. The data provided by nG logging or your site’s default logging provide the information needed to diagnose and debug false positives and so forth.

Further troubleshooting tips available on the 6G Firewall homepage.

Also, if you discover any bugs, issues, or errors, please report them directly via my contact form. As always, feel free to share feedback and ask any questions in the comment section. Please do not report bugs in the comment area, thanks :)

A huge THANK YOU to everyone who reports bugs and shares feedback for nG Firewall.

Learn More..

To learn more about the theory and development of nG Firewall, check out my articles on building the 3G, 4G, 5G Blacklist, and related topics. The 6G Firewall homepage also contains lots of useful and relevant information. And if all that’s not enough, you can view all nG-related posts in the nG tag archive.

Show support

I spend countless hours developing the nG Firewall. I share it freely and openly with the hope that it will help make the Web a more secure place for everyone.

If you benefit from my work with nG Firewall and would like to show support, consider buying one of my books, such as .htaccess made easy. You’ll get a complete guide to .htaccess, exclusive forum access, and a ton of awesome techniques for configuring, optimizing, and securing your site.

Of course, tweets, likes, links, and shares are super helpful and very much appreciated. Your generous support allows me to continue developing the nG Firewall and other awesome resources for the community. Thank you kindly :)

Support 8G Firewall: Donate via PayPal or your favorite digital coin »

Resources

Here are some related resources and information for nG Firewall.

Tools

I would like to thank the following sites for providing the free tools used during development. Please visit and bookmark these awesome resources:

Thank You

Thanks to everyone who shares feedback and helps test nG Firewall. Also thank you to everyone who supports my work here at Perishable Press with donations, links and social shares. Your support is valued and appreciated more than you know. Cheers!

About the Author
Jeff Starr = Web Developer. Security Specialist. WordPress Buff.
Wizard’s SQL for WordPress: Over 300+ recipes! Check the Demo »
Welcome
Perishable Press is operated by Jeff Starr, a professional web developer and book author with two decades of experience. Here you will find posts about web development, WordPress, security, and more »
Digging Into WordPress: Take your WordPress skills to the next level.
Thoughts
I live right next door to the absolute loudest car in town. And the owner loves to drive it.
8G Firewall now out of beta testing, ready for use on production sites.
It's all about that ad revenue baby.
Note to self: encrypting 500 GB of data on my iMac takes around 8 hours.
Getting back into things after a bit of a break. Currently 7° F outside. Chillz.
2024 is going to make 2020 look like a vacation. Prepare accordingly.
First snow of the year :)
Newsletter
Get news, updates, deals & tips via email.
Email kept private. Easy unsubscribe anytime.