RSFirewall Configuration

The RSFirewall! Configuration panel is composed out of the following elements:

 
Country Blocking
  • Using this feature you can block all IPs that appear to be coming from specific countries. A country checkbox list will be shown for you to allow/disallow access.
  • The country blocking feature will not work unless you install a "GeoIP.dat" package, for a step by step tutorial regarding obtaining GeoIP.dat, please click here.
 
Backend Password

Prevents unwanted access to your Joomla! installation by setting up an additional backend password.

  • Enable: Yes / No - set to Yes in order to enable this feature
  • Type password: Type in the desired password
  • Retype password: Retype the desired password for verification
Watch the video tutorial

Ep.10 - How to add a Joomla! additional back-end password with RSFirewall!

 
System Check

Here you can find some some configurable options for the System Check:

  • Number of files/folders to check in a cycle: This is the number of files/folders to check in one cycle. If you set a higher value there's a good chance you will run out of memory and the System Check will not finish. Please use a lower value if you are experiencing issues. The default value is 300.
  • Ignore files and folders: During the System Check these folders and/or files will be ignored. Warning! If you select a folder, all its files and subfolders will be ignored as well. Files and folders can be added in the ignore list by clicking on the Open File Manager button which will open a modal in which you can browse through your website's file system.
  • Enable Logging: Set to Yes to enable debugging the System Check. The output will be added to Joomla!'s log folder, in the rsfirewall.log file.
  • File Permissions: Defaulted to 644 but you can change this value should your server require other permissions. RSFirewall! will check your files for the permissions set here when running the System Check.
  • Folder Permissions: Defaulted to 755 but you can change this value should your server require other permissions. RSFirewall! will check your folders for the permissions set here when running the System Check.
  • Pause between requests (seconds): you can set up an interval, in seconds, between requests that are sent to the server when the System Check is being performed. This is useful if your hosting provider's server is too sensitive about these requests and regards you as an attacker.
  • Google Safe Browsing API Key: RSFirewall! checks your website against Google's constantly updated lists of suspected phishing, malware, and unwanted sofrware pages. Generating this API key can be done as instructed here.
 
Active Scanner

Provides a configuration tool for the RSFirewall! Active scanner which actively protects your Joomla! website, offering the following configurable options:

  • Enable / Disable Active Scanner
  • Enable Active Scanner in the administrator(backend) section: this is useful if you don't trust people that have access to your administration.
  • Log all blocked attempts: Set to Yes in order to log all blocked attempts. Use this option to identify false alerts on your website. Turn it off once you are done to make sure that automated attempts don't fill up your logs.
  • Remove the generator meta tag from your template
  • Convert email addresses from plain text to images
  • Check core Joomla! files integrity
  • Monitor the configured list of files for changes
  • Grab IP from Proxy Headers: some servers are behind a proxy or firewall and will not provide the correct IP. If this is your case, contact the proxy provider and ask them through what header are they sending the real IP. Otherwise just leave these all checked by default and RSFirewall! will attempt to grab the IP by looking through all of them.
 
PHP Protections:
  • Local file inclusion - disallows directory traversal techniques that might allow an attacker to read sensitive files by exploiting poorly coded extensions.
  • Remote file inclusion - disallows attackers to download an run malicious scripts by exploiting poorly coded extensions
  • Enable protections for - Form data (POST) enables filtering for information submitted through forms (eg. article editing, user registration etc). While URL data (GET) enables filtering for variables that are located in the URL (eg. http://www.yoursite.com/index.php?option=com_test&parameter1=value1)
SQL Protections:
  • Enable protections for - Form data (POST) enables filtering for information submitted through forms (eg. article editing, user registration etc). While URL data (GET) enables filtering for variables that are located in the URL (eg. http://www.yoursite.com/index.php?option=com_test&parameter1=value1)
 
JS Protections:
  • Filter Javascript - by setting this to Yes, the Javascript will be filtered instead of the connection being dropped.
  • Enable protections for - Form data (POST) enables filtering for information submitted through forms (eg. article editing, user registration etc). While URL data (GET) enables filtering for variables that are located in the URL (eg. http://www.yoursite.com/index.php?option=com_test&parameter1=value1).
 
Denial of Service:
  • Protect against DoS(Denial of Service) attacks for User Agents (perl, cURL, Java or empty User Agents)
  • Protect forms from abusive IPs - checks if IPs of form submitters exist in the Spamhaus XBL and SBL lists.
  • Deny access to the following referers - Referers are visitors coming from another website(domain). You can block multiple domains by specifying them each on a new line. You can also use wildcards, such as *.domain.com which will block any request coming from all subdomains of domain.com(e.g www.domain.com, images.domain.com etc.).
 
Automatic Blacklisting:
  • Automatic blacklisting: if repeated threats are detected with the same IP address, this will automatically be added to the Blacklist area
  • Automatic blacklisting for /administrator login: with this option enabled, failed backend logins will lead to an automatic ban. This option is independent from the CAPTCHA configurable below.
  • # of attempts: this is the minimum number of attempts before the attacker will be added to the blacklist and banned from your website.
 
CAPTCHA:
  • Activate CAPTCHA after this number of failed login attempts: you will need to specify threshold limit
 
Backend login:
  • Capture backend login attempts or/and store the password attempts
 
Uploads:
  • Filter uploads by deleting the file(s) instead of the connection being dropped.
  • Verify if uploaded files have multiple extensions
  • Verify uploaded files for known malware patterns
  • Don't upload files with the configured list of banned extensions
 
Lockdown:
  • Protect users from any changes - this will create a snapshot of the selected users. If any changes will happen to any of them, it will get reverted back immediately. If you want to update your snapshot, you will have to deselect all the users, press Apply and then select the users again and finally Save the configuration.
  • Disable access to the Joomla! installer - by setting this to Yes, the Joomla! installer will no longer be accessible.
  • Disable the creation of new Administrators - by setting this to yes, new users that can login in the /administrator section will be deleted as soon as they are created. Keep in mind that new users (such as the ones added to the Registered user group) will not be affected, unless you are trying to add Super Administrator rights to them (in this case, they will be deleted as well).
 
Logging utility
  • Logs any events that trigger RSFirewall! so that you can review them. The logging utility also offers the possibility to send out an email if a security event is recorded that has a security level higher then a preconfigured value (low, medium, high, critical).
  • To keep the database fresh and prevent if from overloading, a days to keep log history option was added, log entries older then the number of days you set, will be automatically deleted.
  • To limit the potential high number of emails (each event / attempt) can potentially generate an email, a maximum number limit of sent emails per hour option has been added. If the limit is reached, no more emails will be generated.
  • Here you can also set how many RSFirewall! related events to show in the System Overview by adding a number in the events to show field.
  • You can set the preferred WhoIs service for both IPv4 and IPv6. Up until this point, http://whois.domaintools.com/ was used by default. You can use the {ip} placeholder to transmit the IP directly though the URL.
 
Import

RSFirewall! allows exporting all the configuration settings in order to migrate them on another RSFirewall! installation. The export button is available at the top of the "Firewall Configuration" tab and when is pressed it will generate a configuration.json file which can later be imported using the "Import" tab.

 
Updates
  • Here you need to enter the license code in order to receive update. The license code is generated after you have registered a domain.
 
Permissions
  • Allows you to gain more control over what your backend users can edit or manage within RSFirewall!.
 
Note:
  • If, for example you have configured RSFirewall! to send email notifications to 3 email addresses, the email counter will be incremented by 3, as each event will generate three emails in this case.
  • The more options you have enabled the more protection is offered by the RSFirewall! component however note that these options may affect the overall performance of your site.

4 persons found this article helpful.


Was this article helpful?

Yes No
Sorry about that