Quote:
Originally Posted by ScriptWorkz
I think firewall is more of a marketing term, it's supposed to be blanket protection for php scripts, etc.. but either way your right, it's still vulnerable to everything php is (as far as actual php exploits, not saying it's coded poorly and allows mysql injection, etc..). And also, if it's written in php, unless they've found some crazy voodoo shit, this code is being executed ontop of the script already being executed for anything it's protected, which could be an issue on high traffic sites (wish we could get an answer on overhead).
Either way, i agree, if you wanted to do this right, you should of wrote an apache module / php extension or something w/ a compiled language, this isn't something i feel should be scripted.
|
This isn't something to be run on a standard site such as a TGP or paysite. This is to protect common webapps such as wordpress, invision power board, vbulletin, joomla, which have widespread use and are often mass defaced or compromised. Custom rulesets are available for free in the members area for each application.
There is obviously a small amount of overhead, but unless you are pushing 25mb/s traffic all day you will not notice any impact.
Regarding PHP vulnerabilities, it has nothing to do with the script and is entirely PHP. If you are running the latest stable version of PHP and apply updates as they are released you will not have any problems. PHP is the issue, not the script, and saying that this script will not improve security is very misleading.