Configuration Guide

Cory Marsh
Cory Marsh
Share:
Cory Marsh has over 20 years Internet security experience. He is a lead developer on the BitFire project and regularly releases PHP security and programming videos on BitFire's you tube channel.

BitFire is a robust security tool for any PHP-based web application. It has many configuration options suitable for a wide variety of servers, software systems, and CMS.


* All file paths must be absolute filenames (paths beginning with "/"), or relative to the BitFire directory

DESCRIPTION DEFAULT
bitfire_enabled true
Global setting to enable / disable the BitFire firewall. Set to false to prevent all firewall blocking.
allow_ip_block false
Allow the firewall to block agressive IPs with immediate drop. This will block all traffic from offending IPs for several hours.
security_headers_enabled true
When enabled, BitFire will send HTTP securirty headers to secure browser interactions.https://www.securityheaders.com
enforce_ssl_1year false
When enabled, this will instruct all connecting browsers to disallow any non-SSL connections. This will improve security but your site will be offline if your SSL certificate expires.
password default
Password for the dashboard page. plain-text or sha3-256 format.
cache_type shmop
Server side cache to use, auto-configured. Supported are shmop, apc and apcu. BitFire will use on average about 1000 keys and 100Kb of memory.
cookies_enabled true
Enable if your web site supports cookies. Some very agressive caches do not support cookies. auto-configured.
cache_bust_parameter ""
If your server has very agressive caching, and you have problems with enableing browser_verify, set this to a short random name to enable cache busting.
report_file cache/alert.json
Name of the file to save alerts to. All features support alert mode. If a feature is flags a request and is in alert mode, the rquest will be logged here. (800 line rotating file)
block_file cache/block.json
Name of the file to save the actual blocked requests to. (800 line rotating file)
debug_file ""
BitFire has extensive internal debugging and logging. Set this parameter to a filename to enable server-side debug logging.
debug_header false
Turn on the BitFire debug log and include it in each response header. * This can expose some sensative information and should only be enabled for short periods.
browser_cookie _bitf
After bitfire validates a client or robot it sets an encrypted cookie to validate that same client. This is the cookie name.
dashboard_path /bitfire
The path to the bitfire dashboard.
encryption_key <UNIQUE>
A unique random encryption key, 24 character minimum.
secret <UNIQUE>
A unique random authentication key, 24 character minimum.
debug false
When enabled, a hidden HTML comment will be added to the block page showing the block reason.
response_code 403
The HTTP response code for blocked pages
ip_header REMOTE_ADDR
The HTTP header value to pull the IP address from. Supported headers: forwarded, x-forwarded-for, or custom
dns_service localhost
The DNS resolution. Most servers should use localhost for fastest resolution, but DNS over HTTPS is supported by using the value: 1.1.1.1
short_block_time 600
Number of seconds to ban an IP for a short block.
medium_block_time 3600
Number of seconds to ban an IP for a medium block.
long_block_time 86400
Number of seconds to ban an IP for a long block.
cache_ini_files true
If true, BitFire will attempt to parse the configuration file and write a PHP cached version of the file on every update. Requires bitfire/config.ini.php to be web writeable. Improves performance by ~.5ms
skip_local_bots true
Some websites (like WordPress) make HTTP calls to themselves (notable wp-cron.php). When this is enabled these types of requests will be ignored by the firewall.
configured false
If this value is false, BitFire will attempt to auto configure all system settings and then change this value to true. Requires bitfire/config.ini to be web writeable.





Security Guide

Find out the best tricks and tips to secure your website.

Cory Marsh
Cory Marsh
Share:
Cory Marsh has over 20 years Internet security experience. He is a lead developer on the BitFire project and regularly releases PHP security and programming videos on BitFire's you tube channel.

Get WebSite Security Notifications

From us to your inbox weekly.