I was looking at the various security features of my host, which consist of the standard SSL, DNSSEC, and a firewall called ModSecurity. Then I thought about adding a firewall inside of UNA and remembered Ninja Firewall used in Wordpress. Well to make a long story short, they do have a version that can be added to any PHP site, where you install it in a recommended directory in your site (UNA installation) using its installation page to install it just like UNA has, and then add a script to your htaccess file to get it going.

There is a free Pro edition, that is powerful enough for anyone, along with other security features on your hosting platform.

NinTechNet is what you are looking for on the web. I cannot post the link with my current membership level.

  • 647
Comments
    • Note on installing the Ninja Pro Firewall into UNA.  The suggested use of the .htaccess file, and the php.ini file did not work for me, however, when I used the recommended Apache with CGI-FCGI and the suggested .user.ini file, then the firewall installed into UNA.

      It has a control panel that is made usable with the premium Ninja Pro+ Firewall, and it allows you to block entire countries from the control panel.  I can do this on my host, but it would provide a backup firewall inside UNA if used.

      With the Pro version (not Pro+) you have the Sensi firewall which alone is a good feature to have.

      • I want to comment further on the Ninja Firewall idea of use inside UNA. The quirks of operation with the Pro versus the Pro+ versions are as follows. The mere Pro version does not whitelist the IP address of the Admin, and hence, if the Admin is doing something like adding an injection into the platform, this can trigger a 404-page redirect when trying to access the Settings module in the Studio. To get around this, you will have to turn the firewall off by way of changing the extension on the file placed in the root directory to php.ini.txt or .user.ini.txt. or in this case, remove the firewall script from the .htaccess file until you are done working with the Settings module. In the Pro+ version the Admin IP address is whitelisted and hence you do not have to bother with this problem. Hence, if you are done developing the platform in terms of using the Settings module, then you can reinstall the firewall application.

        The license for this firewall is a GNU license, that says in the license that it can be copied and changed, contrary to the preamble.

        "To protect your rights, we need to prevent others from denying you

        these rights or asking you to surrender the rights. Therefore, you have

        certain responsibilities if you distribute copies of the software, or if

        you modify it: responsibilities to respect the freedom of others.

        For example, if you distribute copies of such a program, whether

        gratis or for a fee, you must pass on to the recipients the same

        freedoms that you received. You must make sure that they, too, receive

        or can get the source code. And you must show them these terms so they

        know their rights.

        Developers that use the GNU GPL protect your rights with two steps:

        (1) assert copyright on the software, and (2) offer you this License

        giving you legal permission to copy, distribute and/or modify it."

        Login or Join to comment.