Open LCBO opened 4 years ago
Thanks for the suggestion @LCBO
Jeff Star's tireless work and generosity over the years is incredible. It looks like he released an Nginx version of 7G firewall several months ago, with the the help of @JeffCleverley:
https://perishablepress.com/7g-firewall-nginx/ https://gitlab.gridpane.net/gp-public/nginx-configs
Cleverley was an early "observer" of SlickStack in fact, before GridPane launched... he friended me on social media, but at some point he decided he didn't like me and started trash-talking me, and blocked me when I asked him about it... from what I could gather, it was something politically motivated.
(I'm tagging him since I try to avoid talking about people behind their back.)
Why I mention this background:
I'm not against reviewing the ruleset that Cleverley ported to Nginx and implementing whatever we can (with credit to both of these guys in our config comments), but I wouldn't feel comfortable simply embedding it blindly, or promoting it to users which might lead them to download/install new versions of the ported 7G outside of ss-install
processes.
There's no telling what drama or maliciousness might unfold if we start sending SlickStack users to GridPane's repos and telling them to install Cleverley's stuff (the joy of WordPress community).
On a more practical note, some of the security rules likely conflict with our existing rules.
For the record we've always supported Jeff's BBQ plugin: https://wordpress.org/plugins/block-bad-queries/
A few other relevant links here:
Ref: https://github.com/Boundless-Zone/7g-nginx-rules Ref: https://kb.linuxlove.xyz/nginx-7g.html
And another: https://wpsurfer.com/block-bad-queries/
Hello, I suggest integrating SS with 7G firewall from PersihablePress. https://perishablepress.com/7g-firewall/ Right now is for Apache but there are some ports that might help: as those from Gridpane for 6G: https://github.com/thewzrd/nginx-configs
(modules, etc)