To enhance the web security, I’ve done with firewall, fail2ban here which working well by Hestia itself. This makes network layer a bit safer.
Next level will be the application level, I am trying to do it with WAF. There are many options for this, Cloudflare, Mod_security (with OWASP rules set), and some other vendors online WAF (mostly paid), and 7G/8G firewall (7G Firewall for Nginx | Perishable Press)
Mod_Security → This is far too complicated for my tech level, and as research from web, it takes months to fine tune acceptable setup.
Cloudflare → This is all-in-one solution which also help for CDN, looks very perfect. However, my site occasionally require upload files larger than 100Mb, which is restricted by Cloudflare..
Other online WAF → Don’t want to pay for just my personal website. Maybe someone can suggest free reputable online WAF?
Final one is what I am trying now, 7G/8G firewall by https://perishablepress.com
→ This is easy to apply on Nginx level (as reading from someone posted earllier), just put the files to respective location and restart Nginx, then it works right away.
However, I find out 8G is very restrictive which blocked phpinfo, and my site keyboard shortcut (Ctrl+Enter to submit post) also blocked.
7G is working better and so far I didn’t face any issue with my website.
Just want to have your experience on how do you guys deploy WAF on your Hestia build? or just rely on network layer protection (fail2ban, firewall)?
Thanks
