Introduction
In the world of web security, having a robust firewall is crucial to protect your website from malicious attacks. The 7G Firewall is a lightweight yet powerful open-source Web Application Firewall (WAF) that can help safeguard your Nginx server.
In this tutorial, we will walk you through the process of implementing the 7G Firewall on your Nginx server, step by step. Before we begin, please note that this tutorial assumes you have a basic understanding of Nginx and its configuration files.
Note: The 7G Firewall is an open-source project developed by Jeff Starr. For more information, including the license and disclaimer, visit the 7G Firewall homepage.
Ruleset Analysis
The 7G Firewall is a robust, open-source firewall that provides high-level security for web applications. It is designed to protect against a wide range of common web-based attacks such as SQL injection, cross-site scripting (XSS), and remote file inclusion (RFI).
Let’s dive into some of the rules in the configuration file and analyze their significance:
"~*([a-z0-9]{2000,})" 1;
targets excessively long query strings. If a query string contains more than 2000 alphanumeric characters, it is considered suspicious and blocked. This helps prevent buffer overflow attacks."~*(/|%2f)(:|%3a)(/|%2f)" 2;
blocks any query string containing a pattern like/:/
or its URL-encoded equivalent. This pattern is commonly used in directory traversal attacks."~*(ckfinder|fckeditor|fullclick)" 5;
blocks requests containing the names of known vulnerable file manager scripts. These scripts can be exploited to upload and execute malicious files."~*((.*)header:|(.*)set-cookie:(.*)=)" 7;
helps prevent HTTP response splitting and HTTP header injection attacks by blocking requests that attempt to set HTTP headers."~*(localhost|127(\.|%2e)0(\.|%2e)0(\.|%2e)1)" 8;
blocks any query strings containing references to the localhost IP address. These could be attempts to exploit SSRF (Server Side Request Forgery) vulnerabilities."~*(benchmark|char|exec|fopen|function|html)(.*)(\(|%28)(.*)(\)|%29)" 18;
blocks requests that attempt to execute certain functions often used in code injection attacks."~*(e|%65|%45)(v|%76|%56)(a|%61|%31)(l|%6c|%4c)(.*)(\(|%28)(.*)(\)|%29)" 20;
targets theeval
function, which is frequently used in malicious PHP code. It matches both the function name and its URL-encoded equivalents."~*(<|%3c)(.*)(s|%73|%53)(c|%63|%43)(r|%72|%52)(i|%69|%49)(p|%70|%50)(t|%74|%54)(.*)(>|%3e)" 25;
is designed to block any query strings that contain a<script>
tag or its URL-encoded equivalent, preventing potential Cross-Site Scripting (XSS) attacks."~*(;|<|>|\'|\"|\)|%0a|%0d|%22|%27|%3c|%3e|%00)(.*)(/\*|alter|base64|benchmark|cast|concat|convert|create|encode|declare|delete|drop|insert|md5|request|script|select|set|union|update)" 36;
blocks any requests that contain SQL or script injection attempts. It matches a variety of harmful SQL keywords and special characters commonly used in such attacks.
Implementation Steps
Step 1: Add the Files
First, download the 7G Nginx Firewall ZIP file and extract it. You will find two files: 7g-firewall.conf
and 7g.conf
. Copy these files to the /nginx/conf.d/
directory on your server.
Step 2: Include the Firewall Rules
Open the main Nginx configuration file, usually located at /nginx/nginx.conf
, and add the following line inside the http
block:
include /etc/nginx/conf.d/7g-firewall.conf;
Ensure that the file path matches the directory structure on your server.
Step 3: Include the Conditional Logic
Next, open your local/site configuration file, typically found at /nginx/sites-enabled/example.com
, and add the following line inside the server
block:
include /etc/nginx/conf.d/7g.conf;
Again, verify that the file path is accurate for your server’s directory structure.
Test if there is any error in your Nginx configuration:
nginx -t
Step 4: Restart the Server
After making these changes, you need to restart your Nginx server for the new configuration to take effect.
sudo systemctl reload nginx
Step 5: Testing
With the 7G Firewall files included in your Nginx configuration and the server restarted, it’s time to perform thorough testing. Check that your website functions normally and verify that the 7G Firewall is correctly blocking malicious requests. You can use a tool like nginxdev.com to make test requests and compare server responses for various 7G queries.
Alternate Installation (Nginx 1.18+)
If you are using Nginx version 1.18 or higher, there’s an alternate installation method that simplifies the process. Follow these steps:
- Add
7g-firewall.conf
to/etc/nginx/conf.d
. - Add
7g.conf
to/etc/nginx/snippets
. - Inside the
server
directive of your configuration file, add the line:include /etc/nginx/snippets/7g.conf;
.
That’s it! This alternate method takes advantage of the snippets
directory feature introduced in Nginx 1.18.
Conclusion
Implementing the 7G Firewall on your Nginx server is an effective way to enhance your website’s security.
Remember to thoroughly test your website after implementation to ensure everything is functioning correctly. Stay proactive in maintaining your website’s security, and enjoy the peace of mind that comes with a lightweight but robust firewall solution like the 7G Firewall.