Introduction

In the world of web security, having a robust firewall is crucial to protect your website from malicious attacks. The 7G Firewall is a lightweight yet powerful open-source Web Application Firewall (WAF) that can help safeguard your Nginx server.

In this tutorial, we will walk you through the process of implementing the 7G Firewall on your Nginx server, step by step. Before we begin, please note that this tutorial assumes you have a basic understanding of Nginx and its configuration files.

Note: The 7G Firewall is an open-source project developed by Jeff Starr. For more information, including the license and disclaimer, visit the 7G Firewall homepage.

Ruleset Analysis

The 7G Firewall is a robust, open-source firewall that provides high-level security for web applications. It is designed to protect against a wide range of common web-based attacks such as SQL injection, cross-site scripting (XSS), and remote file inclusion (RFI).

Let’s dive into some of the rules in the configuration file and analyze their significance:

• "~*([a-z0-9]{2000,})" 1; targets excessively long query strings. If a query string contains more than 2000 alphanumeric characters, it is considered suspicious and blocked. This helps prevent buffer overflow attacks.
• "~*(/|%2f)(:|%3a)(/|%2f)" 2; blocks any query string containing a pattern like /:/ or its URL-encoded equivalent. This pattern is commonly used in directory traversal attacks.
• "~*(ckfinder|fckeditor|fullclick)" 5; blocks requests containing the names of known vulnerable file manager scripts. These scripts can be exploited to upload and execute malicious files.
• "~*((.*)header:|(.*)set-cookie:(.*)=)" 7; helps prevent HTTP response splitting and HTTP header injection attacks by blocking requests that attempt to set HTTP headers.
• "~*(localhost|127(\.|%2e)0(\.|%2e)0(\.|%2e)1)" 8; blocks any query strings containing references to the localhost IP address. These could be attempts to exploit SSRF (Server Side Request Forgery) vulnerabilities.
• "~*(benchmark|char|exec|fopen|function|html)(.*)(\(|%28)(.*)(\)|%29)" 18; blocks requests that attempt to execute certain functions often used in code injection attacks.
• "~*(e|%65|%45)(v|%76|%56)(a|%61|%31)(l|%6c|%4c)(.*)(\(|%28)(.*)(\)|%29)" 20; targets the eval function, which is frequently used in malicious PHP code. It matches both the function name and its URL-encoded equivalents.
• "~*(<|%3c)(.*)(s|%73|%53)(c|%63|%43)(r|%72|%52)(i|%69|%49)(p|%70|%50)(t|%74|%54)(.*)(>|%3e)" 25; is designed to block any query strings that contain a <script> tag or its URL-encoded equivalent, preventing potential Cross-Site Scripting (XSS) attacks.
• "~*(;|<|>|\'|\"|\)|%0a|%0d|%22|%27|%3c|%3e|%00)(.*)(/\*|alter|base64|benchmark|cast|concat|convert|create|encode|declare|delete|drop|insert|md5|request|script|select|set|union|update)" 36; blocks any requests that contain SQL or script injection attempts. It matches a variety of harmful SQL keywords and special characters commonly used in such attacks.

Implementation Steps

Step 1: Add the Files

First, download the 7G Nginx Firewall ZIP file and extract it. You will find two files: 7g-firewall.conf and 7g.conf. Copy these files to the /nginx/conf.d/ directory on your server.

Step 2: Include the Firewall Rules

Open the main Nginx configuration file, usually located at /nginx/nginx.conf, and add the following line inside the http block:

include /etc/nginx/conf.d/7g-firewall.conf;

Ensure that the file path matches the directory structure on your server.

Step 3: Include the Conditional Logic

Next, open your local/site configuration file, typically found at /nginx/sites-enabled/example.com, and add the following line inside the server block:

include /etc/nginx/conf.d/7g.conf;

Again, verify that the file path is accurate for your server’s directory structure.

Test if there is any error in your Nginx configuration:

nginx -t

Step 4: Restart the Server

After making these changes, you need to restart your Nginx server for the new configuration to take effect.

sudo systemctl reload nginx

Step 5: Testing

With the 7G Firewall files included in your Nginx configuration and the server restarted, it’s time to perform thorough testing. Check that your website functions normally and verify that the 7G Firewall is correctly blocking malicious requests. You can use a tool like nginxdev.com to make test requests and compare server responses for various 7G queries.

Alternate Installation (Nginx 1.18+)

If you are using Nginx version 1.18 or higher, there’s an alternate installation method that simplifies the process. Follow these steps:

1. Add 7g-firewall.conf to /etc/nginx/conf.d.
2. Add 7g.conf to /etc/nginx/snippets.
3. Inside the server directive of your configuration file, add the line: include /etc/nginx/snippets/7g.conf;.

That’s it! This alternate method takes advantage of the snippets directory feature introduced in Nginx 1.18.

Conclusion

Implementing the 7G Firewall on your Nginx server is an effective way to enhance your website’s security.

Remember to thoroughly test your website after implementation to ensure everything is functioning correctly. Stay proactive in maintaining your website’s security, and enjoy the peace of mind that comes with a lightweight but robust firewall solution like the 7G Firewall.