Easy Web Firewall

Easy Web Firewall is a lightweight iptables-based firewall solution to mitigate problems resulting from hacked websites in shared virtual hosting servers. In such servers, vulnerable web applications are usually exploited by “hackers” to either:

  • Scan for additional vulnerabilities, both in the local server and remote ones.
  • Send spam mails through a cgi that avoids using the system mailer.

Since this actions do not directly prevent the server from operating normally, sysadmins do not usually notice that their server is infected until other servers start taking counter-measures against it. This is, their e-mails begin being rejected as comming from a spam source or their connections get blocked as vulnerability scanners.

Easy Web Firewall prevents these issues by easily allowing the system administrator to maintain a whitelist of allowed outgoing connections, using two different mechanisms:

First, EWF allows iptables blocking based on combinations of user, destination, and port. Hence, it blocks everything that is not whitelisted, promptly notifying the system administrator whenever this happens. Thereafter, sysadmins can quickly discover infected websites and take appropiate measures, or extend the whitelist if the connection attempt was legit. Additionally, since malicious connections are being blocked locally, the server’s reputation will remain intact. This is, it will not be suddently listed in any rbls or similar blacklists affecting the whole server’s user base.

Second, EWF also integrates with tinyproxy, to provide better detection of blocked remote websites. Because iptables is a low level firewall, it only knows about destination IP and port of the connections. However, when local websites try to open remote URLs, the administrator needs to know the actual URL to decide if that was a legit attempt, or one from a blocked website. Easy Web Firewall solves this issue by forcing local websites to make their HTTP(S) requests through a local tinyproxy installation. Thereafter, EWF combines the logs generated by iptables and tinyproxy to report both the local website that originated each blocked request, and its destination URL.

 

For Installation, Setup And Download In Here : 

https://github.com/kilburn/ew-firewall

Advertisements