littlebizzy / slickstack

Lightning-fast WordPress on Nginx
https://slickstack.io
GNU General Public License v3.0
643 stars 113 forks source link

Integration with Perishable Press (Jeff Star) ported 7G firewall #75

Open LCBO opened 4 years ago

LCBO commented 4 years ago

Hello, I suggest integrating SS with 7G firewall from PersihablePress. https://perishablepress.com/7g-firewall/ Right now is for Apache but there are some ports that might help: as those from Gridpane for 6G: https://github.com/thewzrd/nginx-configs

(modules, etc)

jessuppi commented 2 years ago

Thanks for the suggestion @LCBO

Jeff Star's tireless work and generosity over the years is incredible. It looks like he released an Nginx version of 7G firewall several months ago, with the the help of @JeffCleverley:

https://perishablepress.com/7g-firewall-nginx/ https://gitlab.gridpane.net/gp-public/nginx-configs

Cleverley was an early "observer" of SlickStack in fact, before GridPane launched... he friended me on social media, but at some point he decided he didn't like me and started trash-talking me, and blocked me when I asked him about it... from what I could gather, it was something politically motivated.

(I'm tagging him since I try to avoid talking about people behind their back.)

Why I mention this background:

I'm not against reviewing the ruleset that Cleverley ported to Nginx and implementing whatever we can (with credit to both of these guys in our config comments), but I wouldn't feel comfortable simply embedding it blindly, or promoting it to users which might lead them to download/install new versions of the ported 7G outside of ss-install processes.

There's no telling what drama or maliciousness might unfold if we start sending SlickStack users to GridPane's repos and telling them to install Cleverley's stuff (the joy of WordPress community).

On a more practical note, some of the security rules likely conflict with our existing rules.

For the record we've always supported Jeff's BBQ plugin: https://wordpress.org/plugins/block-bad-queries/

jessuppi commented 2 years ago

A few other relevant links here:

Ref: https://github.com/Boundless-Zone/7g-nginx-rules Ref: https://kb.linuxlove.xyz/nginx-7g.html

jessuppi commented 8 months ago

And another: https://wpsurfer.com/block-bad-queries/