Testing NinjaFirewall without blocking your visitors.

by

NinTechNet


NinjaFirewall is a powerful web application firewall. When implemented in a production environment, it does not take more than a few hours before its log starts showing several blocked threats.
But because each site is different, it is possible that its default configuration may also wrongly block some legitimate visitors. To prevent this, it has a very helpful option: the Debugging Mode.
When this mode is enabled, NinjaFirewall will silently run in the background without blocking anyone, but it will keep writing all potential threats to the firewall log as usual.
We recommend to run it in Debugging Mode for at least 24 hours after installing it on a new site and then to keep an eye on the firewall log during that time. If you notice a false positive in the log, you can simply use NinjaFirewall Rules Editor to disable the security rule that was wrongly triggered.


Enabling NinjaFirewall's debug mode

In NinjaFirewall WP & WP+ Edition, it can be enabled from the NinjaFirewall > Firewall Options > Debugging mode menu:


In NinjaFirewall Pro & Pro+ Edition, it can be enabled from the Firewall > Options > Debug mode menu:


Checking the firewall log

The sample below show two threats (NULL byte attack and SQL injection attempt) written to the log while NinjaFirewall was in Debug Mode:

       DATE         INCIDENT  LEVEL     RULE     IP       REQUEST
17/Mar/15 00:21:24  #0000000  DEBUG_ON     2  172.16.0.1  GET /index.php - ASCII character 0x00 (NULL byte) - [REQUEST_URI = /?test=hack%00]
17/Mar/15 00:32:30  #0000000  DEBUG_ON   214  172.16.0.1  GET /sites/wordpress/index.php - SQL injection (alter/create/drop) - [GET:test = 1;DROP TABLE users]

In Debug Mode, the INCIDENT column will always display "#0000000" and the LEVEL one, "DEBUG_ON".
The ID of the built-in security rule that detected the threat is indicated in the corresponding RULE column. If a rule blocks legitimate visitors, enter that ID in the Rules Editor to disable it.




NinjaMonitoring

Website Monitoring
for just $4.99 per month.



NinjaFirewall

Web Application Firewall
for PHP and WordPress.



NinjaRecovery

Malware removal
and hacking recovery.

Table of contents