User Guide for "HTTP Security Firewall" for Magento 2
This extension increases security of your Magento 2 shop with the help of:
- Security Checklist - Scans your website for security issues and provides instructions on how to fix them.
- Server Load - Tracks server performance and detects the website has slowed down.
- DOS Attack Detection - Monitors users, bots and hackers HTTP requests. Allows you to analyze who makes large amount of requests and to take actions against them.
- Black & White IP lists - Grants or denies access to website for specific IPs or IP ranges.
- Country Blocker - Grants or denies access to website for whole countries.
- Admin Login Logs - Tracks logins to the admin panel, detects brute-force attacks.
- Sends email and SMS notifications in case of emergency situation.
You can read more about this extension in this link.
1. Main menu
After installation you can find “HTTP Security Firewall” icon in the left menu, click on it to see the full list of features:
2. Security Checklist
This tool helps you to detect possible security issues by scanning the server and Magento 2 configuration and providing suggestions/instructions how to fix them. When you open Security Checklist page, it automatically begins scanning of Magento and the server and when it’s done you will see what needs to be improved. Afterwards Magento developer or administrator can check the discovered issues and take necessary steps to resolve them.
3. Server Load & DOS Detection
This feature is the most interesting one. It allows you to track server load in real time and analyze which visitors (IP addresses) make the biggest load on your server. So, in case you notice that the server works very slowly, you can see actual server load on this page:
Chart on the left shows the server load. You can select a period of time for this chart (actually for a whole page), so that the chart will show only the data for the specified period.
Server load is calculated from Linux/UNIX standard metric called “Load Average”. If you are not familiar with this metric you can simply use labels “Idle”, “Low”, “Normal”, ”High” and “Critical” to understand the current server load. If you are a technical person, you may want to read more about “Load Average”.
Chart on the right shows how much requests Magento 2 serves per each IP address (visitor) for a selected period of time. If the server load is “Normal”, it means everything is okay and you don’t need to analyze this chart. But if the load is High or even Critical you may want to look who makes the huge amount of requests and block it (temporary or permanently).
4. Black & White IP Lists
This feature allows you to block or grant access for some IP addresses (or range of IP addresses).
You can toggle between ”white” and “black” lists with “Open White List” button in the left top corner (see the above screenshot). So, you can easily switch to any list and add IP address by pressing “Add New IP” button.
For all blacklisted addresses access will be denied with error code 403, so these blacklisted visitors won’t be able to open your website or login to admin panel.
5. Country Blocker
If you don’t provide shipping into some countries, it is a good idea to block those countries to reduce server load, to avoid “bad” crawlers, hackers and other suspicious activities.
You can select one of the following approaches to block countries:
- By default all countries are allowed, so you can select which ones you want to block by moving them to the right side.
- Or block all countries by default, by clicking on “Block All” button. After it you can allow (move to left side) only those countries you serve (e.g. you do shipping there).
Which way to select is up to you and depends on your preferences and your shipping model.
Visitors from the blocked countries will get 403 error page.
Important: Well known search engines (like Google, Bing, Yahoo, etc..) won’t be blocked even if they come from the blocked countries.
6. Admin Login Logs
Firewall allows monitoring logins into the admin area. So you can see who was able to login and who had failed to login. On the screenshot you can see that somebody from Russian Federation tried to login 6 times and failed. Looks like brute-force attack. So it is better to block this person by IP address.
7. General Settings
You can specify main settings of “HTTP Security Firewall” here. Check settings description to find out more.
8. Email & SMS Notifications
This extension can notify you (or the developers) if server load reaches the highest point and website speed is slowing down. Also, notifications can be sent if brute-force attack on the admin panel has been detected.