Firewall Gateway in front of servers

valvps

valvps

Active member
Registered
Joined
Feb 17, 2017
Messages
72
Points
8
Hello:

Some recommendations to use a firewall in front of servers such as zimbra, cpanel, or any other server is linux or windows.


The idea is to have a web platform firewall and this control all the income before reaching the servers...
 
mobin

mobin

Well-known member
Registered
Joined
Jun 22, 2017
Messages
234
Points
28
If you are looking for Web Firewall, Barracuda may be a good choice.
 
KnownHost-DanielP

KnownHost-DanielP

Well-known member
Hosting Provider
Registered
Joined
Mar 1, 2018
Messages
121
Points
28
I think this honestly depends on the scale of your infrastructure.

A hardware based firewall can have its advantages, but at the end of the day, is still limited to your primary uplink capacity. So you need to look at it based on a risk / reward type scenario.

Determine what you want to block with the firewall. If it's just simply port blocking, use a software firewall on each server or IPTables. If you want to do active traffic filtering then you need to determine what you actually want to filter and the benefits of it. You won't stop a DDOS with a HW firewall, as most of those simply overload your bandwidth capacity anyways.

Most firewalls aren't really that intelligent so make sure also that you want a firewall and not something more like packet inspection and filtering based on that.
 
valvps

valvps

Active member
Registered
Joined
Feb 17, 2017
Messages
72
Points
8
Hello:

I need to protect different servers that provide different services.

I really liked https://sucuri.net/website-security-platform/

and I would like to know if it is possible to implement it, using tools such as clearos
or pfense.

This features:

XSS (Cross Site Scripting)
RCE (Remote Code Execution)
SQLi (SQL injection)
Layer 7 DDoS protection
Brute Force protection
Intrusion Detection System
Intrusion Prevention System
HTTP Flood protection
2FA, Captcha and Password protection
 
KnownHost-DanielP

KnownHost-DanielP

Well-known member
Hosting Provider
Registered
Joined
Mar 1, 2018
Messages
121
Points
28
Hmmm, you're going to pay a LOT of money to get all of that in one box..

The reason that sucuri can offer that is they do it the same way cloudflare does with a mix of various applications.

You can forget about having much DDoS protection local, unless it's a small attack you really need a large scrubbing service.

XSS (Cross Site Scripting)
RCE (Remote Code Execution)
SQLi (SQL injection)

Those three can be done with mod_security rules but vary greatly depending on the type of applications hosted.

Intrusion Detection System
Intrusion Prevention System

That's kinda broad, CSF can do a lot of this but it's all about your configuration. IDS also means monitoring the hell out of files for changes, getting alerted to them and taking action.

2FA, Captcha and Password protection

That's going to be either using cloudflare or some type of 3rd party service that proxies your websites.

You can probably roll your own for a lot of this, but you won't find this combination in any on-site hardware firewall that won't give you a heart attack for the price they want.
 
mobin

mobin

Well-known member
Registered
Joined
Jun 22, 2017
Messages
234
Points
28
Ok your requirement is changed from actual query. The front-end web firewalls like Sucuri, Barracuda, Incapsula, etc can wok very well and protect your websites good. But these solutions are more suitable for websites which you can control directly; something like you are website owner, developer who is managing websites, etc. But for shared hosting, these solutions will be ither expensive or difficult to manage as the way they are working. So in such case as Daniel suggested, you can relay in ModSecurity based WAF or any other simialr solution that you can afforfd [ its not just money but the effort to maintain it ]. Before implementing the solution, its better to try it and expeience how it can protect your websites/servers without interrupting the current functioning.
 
mobin

mobin

Well-known member
Registered
Joined
Jun 22, 2017
Messages
234
Points
28
Self-promotion is not allowed in this forum and here I am just answering your questions :) .


Is there any proof to check it? :- You can try our software for 15 days using the trial license and its totally free. A few reviews you can find in web too.

and this affects csf? :- We do not change any of your exisiting configurations. Our software provides CSF integration options and you can use it to manage some CSF configurations and use it to block web attacks. You can run with your own CSF configuration with no issues.

But we do not provide any kind of DDoS protection if that is one of your requirements....we dropped that feature because we really know any such attacks even at medium rate is not really able to mitigate at server level...so we cannot really guarantee the full protection if we add it as one of the features..instead we would like to work on some rate limiting in future.
 
You must log in or register to reply here.
Older Threads
HostBastic
£10 / Year > Performance Plans | 2 GB RAM | NVMe SSD | CloudLinux | DDoS Protection > -30% OFF
Replies
0
Views
5,491
HostBastic
rdpproviders
RDPproviders : Dedicated Server @ 64.99 Get 20% additional off
Replies
0
Views
1,506
rdpproviders
rdpproviders
how and what is best place to buy Cpanel
Replies
6
Views
2,451
easycomehost
cheapestwebhosting
CheapestWebHosting.net $0.1/month // Cheapest but Reliable // Fast 1Gbps
Replies
0
Views
1,287
cheapestwebhosting
LPTechs
Installing or uploading to Wordpress and getting a Memory limit error
Replies
1
Views
1,839
neckom
Newer Threads
X
Where to buy IPv4?
Replies
9
Views
3,920
VPSNest
neckom
Managed Windows VPS server hosting
Replies
0
Views
1,617
neckom
mobin
Best and cheap solution to secure your cPanel Server
Replies
0
Views
1,420
mobin
rdpproviders
[rdpproviders.com] VPS at very low price with 10% discount on all VPS plan
Replies
0
Views
1,365
rdpproviders
rdpproviders
RDPproviders.com - Admin,Encoding,Premium,Basic,Super Basic,1Gbit,2Gbit,10Gbit RDP
Replies
3
Views
2,051
rdpproviders
Latest Threads
cancan
Save an incredible 90% off! The Best HostPapa Deal so Far: Unlimited SSL, 50 GB NVMe, 24/7 support
Replies
0
Views
27
cancan
M
How to Choose the Best Web Hosting Provider for a New Website ??
Replies
0
Views
28
marcellosallas
J
Jtti: What are some common misconceptions about firewall rules?
Replies
0
Views
123
jtti
Mvv758
Hello
Replies
1
Views
79
AlbaHost
D
Help Needed with Setting Up Cloudflare R2 for Object Storage
Replies
0
Views
99
dilshanking
Recommended Threads
yahm2001
How to make sure that the reseller host is legit without knowing them personally?
Replies
17
Views
5,104
framzblogger91
Maxwell
Web hosting for Xenforo forum software?
Replies
8
Views
5,448
MrGravyCakes
V
Which Types of marketing you use now ?
Replies
14
Views
5,425
Alawi
Marc0
Which is best Mobile WP Themes ?
Replies
0
Views
3,227
Marc0
Emily Routledge
Does web hosting affect search results?
2
Replies
24
Views
8,230
jerryperes
Similar Threads
J
Jtti: What are some common misconceptions about firewall rules?
Replies
0
Views
123
jtti
HostSailor
How to allow/deny traffic by country in CSF firewall via WHM?
Replies
1
Views
1,263
dedihoster
David Beroff
How to setup this firewall with Cloudflare?
Replies
3
Views
1,978
Fusion Arc Hosting
Kaz Wolfe
How to upgrade ConfigServer Security & Firewall?
Replies
10
Views
3,707
UWH-David
superman2727
Sucuri Firewall
Replies
1
Views
1,423
mobin

Latest postsNew threads

Latest Hosting OffersNew Reviews

Popular Contributors - Past 30 Days

Sponsors

Tag Cloud

You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
  • cpanel
  • dedicated
  • free
  • hello
  • hosting
  • hosting services
  • marketing
  • offers
  • seo
  • server
  • services
  • vps
  • web
  • web hosting
  • website
  • wordpress
    • Top