Magento Firewall for securing your e-commerce system.

Overview

MageFirewall

Magento Firewall for securing your e-commerce system. Tested to work with Magento 1.6 and above.

###Features

  • Neat Dashboard.
  • Alert / List about recently modified files which has potentially dangerous code.
  • Incorporates rules from NinjaFirewall to analyze / stop the attackers.
  • Scan your magento from internet for security issues on your magento.
  • Scans your magento installation from within and checks if you have unpatched security issues.
  • Has Whitelisting / Blacklisting.
  • Prevents bruteforcing on your admin credentials / adds attackers to black list.
  • Debug / Diagnostics / Ninja Firewall Consoles availabe.

More information & support available at http://www.magefirewall.com

Install

Shell

change directory to your magento directory

cd /path/to/magento
curl https://raw.githubusercontent.com/paimpozhil/MageFirewall/master/install.sh | sh
FTP

Download the https://github.com/paimpozhil/MageFirewall/archive/master.zip and extract the folder called MageFirewall-master.

Upload contents to the root folder of your Magento installation.

Support

Need support?

Please buy Installation / support from http://magefirewall.com

Beta

MageFirewall is in Beta, so please use carefully. You should test this extension in a testing / staging enivornment before pushing to a live site.

We accept no responsibility if this plugin causes any downtime to your store or locks you out from the Admin area. If you are concerned about errors that may occur we offer a paid support service.

Credits

Thanks to NinjaFirewall , We used rules/some code from their free/opensource version.

http://ninjafirewall.com/
Comments
  • Breaks login to the admin if someone has an IPV6 address

    Breaks login to the admin if someone has an IPV6 address

    We have a client that cannot use the admin from their corporate network due to it being IPV6. Had to disable it. Hope this helps someone out there because it took me forever to figure out why it worked everywhere else.

    opened by steve-ross 1
  • Our Namespace is bad

    Our Namespace is bad

    I think you have used the namespace as Mage and Wall as the app name

    Namespace Mage should be already used by the magento core..

    we should just use MageFire as the namespace and use Wall as the app name

    opened by paimpozhil 1
  • Use this kind of code to find the ip address of remote user

    Use this kind of code to find the ip address of remote user

    Hi All

    You should use this and not use the $_SERVER['REMOTE_ADDR'] directly;

    Store the $ip_address at one place at lib/firewall.php and it use it at all the code and not get it from the $_SERVER

    if(isset($_SERVER['HTTP_X_FORWARDED_FOR']) && $_SERVER['HTTP_X_FORWARDED_FOR'] != '') { $ip_address = $_SERVER['HTTP_X_FORWARDED_FOR']; } else { $ip_address = $_SERVER['REMOTE_ADDR']; }

    opened by paimpozhil 0
  • If i add the firewall to php autoprepend I get this..

    If i add the firewall to php autoprepend I get this..

    Fatal error: Uncaught exception 'PDOException' with message 'SQLSTATE[42S02]: Base table or view not found: 1146 Table 'magento.ncjgb_nf_options' doesn't exist' in /srv/magento/lib/Zend/Db/Statement/Pdo.php:228 Stack trace: #0 /srv/magento/lib/Zend/Db/Statement/Pdo.php(228): PDOStatement->execute(Array) #1 /srv/magento/lib/Varien/Db/Statement/Pdo/Mysql.php(110): Zend_Db_Statement_Pdo->_execute(Array) #2 /srv/magento/app/code/core/Zend/Db/Statement.php(291): Varien_Db_Statement_Pdo_Mysql->_execute(Array) #3 /srv/magento/lib/Zend/Db/Adapter/Abstract.php(480): Zend_Db_Statement->execute(Array) #4 /srv/magento/lib/Zend/Db/Adapter/Pdo/Abstract.php(238): Zend_Db_Adapter_Abstract->query('SELECT * FROM n...', Array) #5 /srv/magento/lib/Varien/Db/Adapter/Pdo/Mysql.php(428): Zend_Db_Adapter_Pdo_Abstract->query('SELECT * FROM n...', Array) #6 /srv/magento/lib/Zend/Db/Adapter/Abstract.php(737): Varien_Db_Adapter_Pdo_Mysql->query('SELECT * FROM n...', Array) #7 /srv/magento/lib/firewall/firewall.php(45): Zend_Db_Adapter_Abstract->fetc in /srv/magento/lib/Zend/Db/Statement/Pdo.php on line 234

    opened by paimpozhil 0
  • Dashboard

    Dashboard

    a) Create a Menu called "Dashboard" under that page show these under different links/areas.

    Add a toggle button to Turn the firewall on/off. when it is switched off..// firewall.php must NOT be active entirely...

    Check your MageFirewall configuration.. (check if lib/firewall/firewall.php is loaded and say yes /no )

    Check your server security overview from MageFirewall servers

    opened by paimpozhil 0
  • rule 0 how to disable

    rule 0 how to disable

    I have a lot of blocked by firewall connections with rule number 0. But there is no such rule. How to stop using rule 0. Other rules i can enable and disable but there it is not possible with rule 0 because this number not exist

    opened by sebadiginet 0
  • After Installing We are not able to login to Admin panel

    After Installing We are not able to login to Admin panel

    Hi,

    We have used this extension in our shop, We are able to install successfully, admin login panel loads. but login is not working. Is any specific things need to set up.

    Thanks Mohsin

    opened by atmohsin 0
  • Problem using some dutch city names

    Problem using some dutch city names

    Some dutch city names start with ' like 's-gravenhage or 's-Hertogenbosch When a customer uses these names in the checkout the firewall prevents the order from going thru and a error message is displayed.

    The firewall logs mentions this a leading quote error. Problem is that customers from cities starting with 's are unable to place an order thru magento.

    Sollution might be to allow 's-

    opened by bobmats 1
Releases(prealpha)
Owner
Paim pozhil
Paim pozhil
PHP lightweight in-app Web Application Firewall

ADEL-WAF PHP lightweight in-app Web Application Firewall. Features / Protections Against: Cross-site scripting (XSS) SQL injection (SQLI) Remote file

null 5 Dec 25, 2022
Magento-bulk - Bulk Import/Export helper scripts and CLI utilities for Magento Commerce

Magento Bulk Bulk operations for Magento. Configuration Copy config.php.sample to config.php and edit it. Product Attribute Management List All Attrib

Bippo Indonesia 23 Dec 20, 2022
Migration Tool for Magento Commerce (EE) to Magento OpenSource (CE)

Migration Tool for Magento Commerce to Magento OpenSource Also known as Magento Enterprise (EE) to Magento Community (CE). This migrating tool allows

OpenGento 38 Dec 28, 2022
Provides a foundation for developing with Magento Commerce in a Vagrant box

Provides a foundation for developing with Magento Commerce in a Vagrant box. The machine is based on CentOS 6.4. ==== List of installed software. Mage

Jason Evans 19 May 12, 2017
A Polymer e-commerce element for Magento 2

magento-collect Master branch | Develop branch --- | --- | --- | Note: this element is still in progress, watch it to follow the progress. This is lik

Bob van Luijt 16 Dec 7, 2019
A tool that allows to quickly export data from Magento 1 and Magento 2 store and import it back into Magento 2

Simple Import / Export tool A tool that allows to quickly export data from Magento 1 and Magento 2 store and import it back into Magento 2. Table data

EcomDev B.V. 51 Dec 5, 2022
Bundle providing Honeypot field for the Form Builder in Ibexa DXP Experience/Commerce (3.X)

IbexaHoneypot Bundle providing Honeypot field for the Form Builder in Ibexa DXP Experience/Commerce (3.X) What is Honey pot? A honey pot trap involves

null 1 Oct 14, 2021
Food theme for Commerce, intended for food delivery/pickup use cases

Food theme for Commerce ################################ WORK IN PROGRESS - NOT READY FOR USE ################################ This theme for Commerce

modmore | More for MODX 5 Feb 15, 2022
Open Source Data & Experience Management Platform (PIM, MDM, CDP, DAM, DXP/CMS & Digital Commerce)

Pimcore - Open Source Data & Experience Management Platform: PIM, MDM, CDP, DAM, DXP/CMS & Digital Commerce

Pimcore 2.7k Jan 4, 2023
Admidio is a free open source user management system for websites of organizations and groups. The system has a flexible role model so that it’s possible to reflect the structure and permissions of your organization.

Admidio Admidio is a free open source user management system for websites of organizations and groups. The system has a flexible role model so that it

Admidio 212 Dec 30, 2022
This Magento 2 extension integrates EasyTranslate into Magento 2.

EasyTranslate Magento 2 Connector This Magento 2 extension integrates EasyTranslate into Magento 2. Mind that you need to have an account with EasyTra

Easytranslate ApS 0 Oct 7, 2022
Magento-Functions - A Resource of Magento Functions

Magento-Functions A Resource of Magento Functions Table of Contents Category Product User Cart Checkout General Account [Working w/ URL's] (#urls) Cat

Bryan Littlefield 28 Apr 19, 2021
Magento - Magento Community Editions

Magento Community Edition /// THIS REPOSITORY IS DEPREACTED /// 1.9.4.1 will be the last version update. Please switch over to OpenMage! Either to the

FireGento e. V. 107 Oct 17, 2022
Magento-Vagrant-Puppet-Nginx - Installs magento and a nginx server

Magento-Vagrant-Puppet-Nginx Installs Magento MySQL PHP PHP-FPM Nginx n98-magerun Setup git submodule init git submodule update vagrant up Modify pupp

Christian Münch 61 Aug 10, 2022
Docker-magento - Docker image for Magento 1.6 to 1.9

Docker image for Magento 1.x This repo creates a Docker image for Magento 1.x. Please note The primary goal of this repo is to create Docker images fo

Fu Cheng 144 Nov 18, 2022