OPNsense Forum

Archive => 17.1 Legacy Series => Topic started by: labsy on June 27, 2017, 10:10:13 pm

Title: Protect websites from brute force password guessing
Post by: labsy on June 27, 2017, 10:10:13 pm

I use OPNSense as main firewall for my webhosting servers. NOT for browsing, as behind OPNSesne there's only a bunch of servers, hosting web sites, like Wordpress, Joomla, Magento and others.
Among 300+ websites there's a dozen of my own sites and I can see hundreds of Brute Force attacks and vulnerability scans from all over the world. I can fight and protect by installing some Wordpress or Joomla security plugins, but I would like to mitigate attacks before they reach website engine - I'd like to configure some protection on OPNSense firewall for incoming attacks.

I do have most of IPS rules active, but here's problem no.1:
If I put rule on ALERT, I need to know exact source IP to find the alert in IPS log. I cannot search for, say "1.2.3.*" or "brute force". Is there some other way to see IPS alerts?

Now problem no.2:
Is there some better plugin or protection method to fight against brute force, password guessing and other attacks at firewall level, without impacting performance too much?