OPNsense Forum

English Forums => General Discussion => Topic started by: labsy on March 04, 2017, 11:29:24 am

Title: OPNSense for web servers
Post by: labsy on March 04, 2017, 11:29:24 am
Hi,

I am new here and I am looking for some answers before I go with OPNSense for my little web servers farm. My web servers host some small-business web sites, say 300 web sites and I would like to go with some better protection, mostly with those features:
- protect against known web server vulnerability attacks
- protect against SQL injection attacks
- against brute force
- XSS and similar hacking techniques

On the other hand, I would like to have data flow as fast as possible.

What do you say?
Would OPNSense do most of the job, or should I look for some other Open Source solution?
Title: Re: OPNSense for web servers
Post by: fabian on March 04, 2017, 12:32:52 pm
the nginx package is naxsi patched, so it can be used to block XSS and SQL injection.
However the only way to protect web servers serving dynamic content is using only secure software (software that is well maintained and the authors care a lot about security) and update it if needed asap or automatically. You may be able to do that in the IPS too if your servers cannot handle HTTPS.

You can limit the amount of connections per time to filter bad implemented brute force attacks on the firewall, however it is not aware of the content, nor does it track something in L7. You will have to do that on the servers and use some tool on it.

Protection agains vulnerable web servers -> IPS
Title: Re: OPNSense for web servers
Post by: mimugmail on May 05, 2017, 10:15:38 am
Wow, didn't know the nginx package has already naxsi in it :)

This is one thing I am/I was missing compared to commercial vendors!