CSF Firewall

[shoulders]

This is quite a good software package to have natively. I could not find a feature request for this, so here it is.

ConfigServer Security & Firewall (CSF) on KeyHelp - GUIDE: PART 1
viewtopic.php?f=11&t=9258

[shoulders]

and of course this would install ModSec

[andromeda]

First of all: You made a huge amount of features request, recently. No offence, but most of those features are not required by likely 95% of the KeyHelp users.

Regarding the specific request: KeyHelp is actually not a Firewall or WAF or so.

But you are of course welcome, to deploy it on your server.

Best

[shoulders]

First of all: You made a huge amount of features request, recently. No offence, but most of those features are not required by likely 95% of the KeyHelp users.

Regarding the specific request: KeyHelp is actually not a Firewall or WAF or so.

I think those features are required and if they were implemented and advertised KeyHelp would get a larger user base. There is a reason a lot of the other panels add these.

I have made quite a few feature requests which is true, which took me a while. KeyHelp is free to implement them or not. I have just advertised the issues I have found as a new user (done my bit). I could just be like a lurker, moan about the software and never do anything to change that.

Developers usually welcome feedback, and again it is up to them if that feedback shapes their project.

I understand this is a forum and I understand that issues and bug reports are better suited on a tracker.

[Blackmoon]

I think those features are required and if they were implemented and advertised KeyHelp would get a larger user base. There is a reason a lot of the other panels add these.

A web application firewall directly on the server makes no sense. The data packets must be filtered beforehand on the infrastructure. Otherwise, the KeyHelp server may be more busy with the WAF than with web hosting. It's basically the same discussion as DDoS Protection.

Anyone who is serious chooses the design so that the firewall and WAF are in front of the KeyHelp servers and are therefore completely protected.

[shoulders]

I think your argument is wrong

The fact there is a whole range of WAF software, including fail2ban which is part of KeyHelp means they must be useful. They should not be used on their own, for instance my wordpress sites all have wordfence on them (WAF) and on top of that I do packet inspection, blocklists on my router (a lot of them).

They all have their part to play.

[Blackmoon]

Fail2Ban is an software framework and belongs to Intrusion Prevention Software (IPS). Protects servers from brute-force attacks - not even more. This is achieved with the help of the local firewall.

An WAF helps you to protect your web applications for exploits (XSS, SQL Injection, etc). Whoch could have affect availability, security and consume hardware resources.

IPS and WAF are different worlds that currently complement each other but do not replace each other.