OPNSense for web servers

[labsy]

Hi,

I am new here and I am looking for some answers before I go with OPNSense for my little web servers farm. My web servers host some small-business web sites, say 300 web sites and I would like to go with some better protection, mostly with those features:
- protect against known web server vulnerability attacks
- protect against SQL injection attacks
- against brute force
- XSS and similar hacking techniques

On the other hand, I would like to have data flow as fast as possible.

What do you say?
Would OPNSense do most of the job, or should I look for some other Open Source solution?

[fabian]

the nginx package is naxsi patched, so it can be used to block XSS and SQL injection.
However the only way to protect web servers serving dynamic content is using only secure software (software that is well maintained and the authors care a lot about security) and update it if needed asap or automatically. You may be able to do that in the IPS too if your servers cannot handle HTTPS.

You can limit the amount of connections per time to filter bad implemented brute force attacks on the firewall, however it is not aware of the content, nor does it track something in L7. You will have to do that on the servers and use some tool on it.

Protection agains vulnerable web servers -> IPS

[mimugmail]

Wow, didn't know the nginx package has already naxsi in it

This is one thing I am/I was missing compared to commercial vendors!