The “7-G” firewall is actually just a set of web-server rules (published by Perishable Press) to filter out some well-known bad traffic before the requests hits the WordPress site. The idea with this type of “firewall” is that traffic requesting PHP/WordPress resources is expensive. It’s much cheaper and faster to weed them out at the webserver level before it gets that far.
The “7-G” firewall is an upgrade to the 6-G Firewall.
One of the draw-backs of this type of firewall is that certain activities that are legitimate will get blocked. So we’ve provided a way to enable or disable portions of the rules.
To enable the entire rule set:
After a while the screen will refresh – if the operation is successful. If the operation fails, you’ll get a popup message.
You can see a full log of the operation under the SSH LOG screen.
After the full rule set is enabled, you can disable portions of the rules using the rest of the toggle buttons on the screen.
The video below shows the 6G Firewall process – just replace the TAB shown with the 7G WAF Tab.
Some “add-to-cart” URLS in Easy Digital Downloads will fail with the 6G Firewall enabled. In particular, direct urls with square brackets embedded in them. These URLs are usual constructed when you have products with multiple price options and you want to give the user a direct link to one of the price options. They look something like this:
https://simple-press.com/checkout?edd_action=add_to_cart&download_id=81486&edd_options[price_id]=1
You can see the square brackets at the end of the URL.
There are two ways to work around this:
Search for this in the Request Strings section of the file.
"~*(~|`|<|>|:|;|\\|\s|\{|\}|\[|\]|\|)" 7;
Replace it with this:
"~*(~|`|<|>|:|;|\\|\s|\{|\}|\|)" 7;
Then, restart the nginx engine:
service nginx restart
Sometimes, request strings might have colons in them. This will be blocked by default since it is an uncommon scenario. Here’s an example legitimate request string that will be blocked:
https://simple-press.com/?edd_action=get_version&license=4xasebadfasreasdfljerr&version=2.1.0&item_id=3916&author=Simple:Press
Notice at the end of the string the author is “simple:press” with a colon? This means that the entire request will be blocked, even though, in this case, it is a legitimate request.
There are two ways to work around this:
Search for this in the Request Strings section of the file.
"~*(~|`|<|>|:|;|\\|\s|\{|\}|\[|\]|\|)" 7;
Replace it with this:
"~*(~|`|<|>|;|\\|\s|\{|\}|\[|\]|\|)" 7;
Then, restart the nginx engine:
service nginx restart
You will notice that the new specification string removes the “:” from the invalid characters list.
PHPMyAdmin will be blocked by the 7G Firewall. If it is turned on for a site you should turn off both the “QUERY STRING” and “REQUEST STRING” rules section before launching it. After you are finished you can turn those sections of the rules back on.