7G update from version1.2 to 1.4 request.
Ticket:
https://gridpane.freshdesk.com/a/tickets/20630
Request:
One of our clients (Angel) contacted us regarding our 7G firewall still being in 1.2 version and causing issues on the bad_referrer_3 list with the word "ambien" which in turn blocking multiple urls.
Client's Verbatim:
Hi, 7g Firewall is still on 1.2 version. Latest 1.4 fix this problem. The problem is the word "ambien" on the bad_referrer_3 list. https://perishablepress.com/downloads/7G-Changelog.txt It was removed because it a commong word in spanish "tambien" and it is blocking so many urls. Can you please update 7g to the latest version on Gridpane? This affects all servers and sites. Thanks
Note:
Currently, Jeff's recommendation as a workaround was to create a whitelist for the affected rule and replace it with an adapted rule like so:
Create this file:
/etc/nginx/extra.d/remove-ambien3-custom4-7g-bad-referer-context.conf
In that file add the following:
~*(blue\spill|cialis|cocaine|ejaculat|erectile|erections|hoodia|huronriveracres|impotence|levitra|libido|lipitor|phentermin|pro[sz]ac|sandyauer|tramadol|troyhamby|ultram|unicauca|valium|viagra|vicodin|xanax|ypxaieo) 4;
Creating a new rule 4 based on rule 3, but excluding the problem work ambien
Then create this file:
/etc/nginx/extra.d/whiteliste-ambien3-bad-referer-whitelist-7g-context.conf
In that file add the following:
set $exclusion_rule_match "";
if ($bad_referer_7g) {
set $exclusion_rule_match 3;
}
if ($bad_referer_7g = $exclusion_rule_match) {
set $7g_drop_bad_referer 0;
}
That will whitelist any hits on the rule 3, server wide for all sites.