vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB4 General Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=251)
-   -   Website Firewall (https://vborg.vbsupport.ru/showthread.php?t=320101)

chikuru 09-03-2015 09:42 AM
Website Firewall
 
Anyone using Website Application Firewall?
What are you using? Hows your experience?
What do you recommend?

Dave 09-03-2015 12:06 PM
What kind of firewall are we talking about?
To prevent bots? To prevent website attacks such as SQL injection and such? To prevent (D)DoS attacks?

I don't use any because I have made my own very basic filtering function in PHP for vBulletin that should prevent any 0day attacks. (D)DoS attacks can not be prevented with a WAF. But besides that there's always some way to bypass a WAF because it simply checks the request sent to the server for certain patterns or strings.

Cloudflare and Incapsula are good examples of DNS providers who also provide WAF and DDoS protection.

chikuru 09-03-2015 12:33 PM
Specifically sql injection, xss, and 0day attacks. Im currently using the free version of cloudflare

TheLastSuperman 09-03-2015 04:39 PM
Incapsula is good, I've been stopped dead in my tracks by it and I wasn't even trying anything dirty, I swear!

Always a good idea to check with your host, some offer very solid advice on matters such as this including what they can offer/do as I bet its not their first ddos rodeo :cool:.

Dave 09-03-2015 07:14 PM
Quote:
Originally Posted by chikuru (Post 2554188)
Specifically sql injection, xss, and 0day attacks. Im currently using the free version of cloudflare
The free version does not provide any WAF though, you'll have to buy one of the packages of which the cheapest one is $20/month. I recommend either Cloudflare or Incapsula.

bremereric 09-07-2015 05:43 PM
Not free, but I use a cloud proxy firewall from Sucuri. Had several hacks two weeks ago through the loophole in vb 4.1.3


All times are GMT. The time now is 05:25 AM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01012 seconds
  • Memory Usage 1,717KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (6)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete