6G Firewall

6G Firewall

The “6-G” firewall is actually just a set of web-server rules (originally published by Perishable Press) to filter out some well-known bad traffic before the requests hits the WordPress site. The idea with this type of “firewall” is that traffic requesting PHP/WordPress resources is expensive. It’s much cheaper and faster to weed them out at the webserver level before it gets that far.

One of the draw-backs of this type of firewall is that certain activities that are legitimate will get blocked. So we’ve provided a way to enable or disable portions of the rules.

To enable the entire rule set:

  • Go to WPCloud Deploy->Applications
  • Click on the site for which this action will apply
  • Click on the 6GWAF tab
  • Toggle the Enable or Disable ALL 6G Rules switch
  • Click the OK option on the confirmation popup

After a while the screen will refresh – if the operation is successful. If the operation fails, you’ll get a popup message.

You can see a full log of the operation under the SSH LOG screen.

After the full rule set is enabled, you can disable portions of the rules using the rest of the toggle buttons on the screen.

Notes & Issues

Easy Digital Downloads

Some “add-to-cart” URLS in Easy Digital Downloads will fail with the 6G Firewall enabled. In particular, direct urls with square brackets embedded in them. These URLs are usual constructed when you have products with multiple price options and you want to give the user a direct link to one of the price options. They look something like this:

https://simple-press.com/checkout?edd_action=add_to_cart&download_id=81486&edd_options[price_id]=1

You can see the square brackets at the end of the URL.

There are two ways to work around this:

  1. Turn off the REQUEST STRING rules portion of the 6G firewall. You can do this under the 6G WAF tab.
  2. If you would like to keep most of the REQUEST STRING rules you can edit the /etc/nginx/common/6g.conf file to make the following changes:

Search for this in the Request Strings section of the file.

"~*(~|`|<|>|:|;|\|s|{|}|[|]||)" 7;

Replace it with this:

"~*(~|`|<|>|:|;|\|s|{|}||)" 7;

Then, restart the nginx engine:

service nginx restart

Colons In The Request Strings

Sometimes, request strings might have colons in them. This will be blocked by default since it is an uncommon scenario. Here’s an example legitimate request string that will be blocked:

https://simple-press.com/?edd_action=get_version&license=4xasebadfasreasdfljerr&version=2.1.0&item_id=3916&author=Simple:Press

Notice at the end of the string the author is “simple:press” with a colon? This means that the entire request will be blocked, even though, in this case, it is a legitimate request.

There are two ways to work around this:

  1. Turn off the REQUEST STRING rules portion of the 6G firewall. You can do this under the 6G WAF tab.
  2. If you would like to keep most of the REQUEST STRING rules you can edit the /etc/nginx/common/6g.conf file to make the following changes:

Search for this in the Request Strings section of the file.

"~*(~|`|<|>|:|;|\|s|{|}|[|]||)" 7;

Replace it with this:

"~*(~|`|<|>|;|\|s|{|}|[|]||)" 7;

Then, restart the nginx engine:

service nginx restart

You will notice that the new specification string removes the “:” from the invalid characters list.

 

Share:













Share on LinkedIn