BitFire is a robust security tool for any PHP-based web application. It has many configuration options suitable for a wide variety of servers, software systems, and CMS.
BitFire stores all configuration options in the file bitfire/config.ini file located in your BitFire install path.
After installing BitFire using the BitFire Install Guide, open the BitFire dashboard located at /bitfire on your website. The first time BitFire loads, it will attempt to detect and auto-configure system settings. This process requires the config filebitfire/config.inito be writeable by the web user.
|Global setting to enable / disable the BitFire firewall.|
|Allow the firewall to block agressive IPs with immediate drop.|
|Password for the dashboard page. plain-text or sha1 format.|
|Server side cache to use, auto-configured. Supported are shmop, apc, apcu and shm (shm is experimental). BitFire will use on average about 1000 keys and 100Kb of memory.|
|Enable if your web site supports cookies. Some very agressive caches do not support cookies. auto-configured.|
|If your server has very agressive caching, and you have problems with enableing browser_verify, set this to a short random name to enable cache busting.|
|Name of the file to save alerts to. All features support alert mode. If a feature is flags a request and is in alert mode, the rquest will be logged here. (800 line rotating file)|
|Name of the file to save the actual blocked requests to. (800 line rotating file)|
|BitFire has extensive internal debugging and logging. Set this parameter to a filename to enable server-side debug logging.|
|Turn on the BitFire debug log and include it in each response header. * This can expose some sensative information and should only be enabled for short periods.|
|After bitfire validates a client or robot it sets an encrypted cookie to validate that same client. This is the cookie name.|
|The path to the bitfire dashboard.|
|A unique random encryption key, 24 character minimum.|
|A unique random authentication key, 24 character minimum.|
|When enabled, a hidden HTML comment will be added to the block page showing the block reason.|
|The HTTP response code for blocked pages|
|The HTTP header value to pull the IP address from. Supported headers: forwarded, x-forwarded-for, or custom|
|The DNS resolution. Most servers should use localhost for fastest resolution, but DNS over HTTPS is supported by using the value: 188.8.131.52|
|Number of seconds to ban an IP for a short block.|
|Number of seconds to ban an IP for a medium block.|
|Number of seconds to ban an IP for a long block.|
|If true, BitFire will attempt to parse the configuration file and write a PHP cached version of the file on every update. Requires bitfire/config.ini.php to be web writeable. Improves performance by ~.5ms|
|Some websites (like WordPress) make HTTP calls to themselves (notable wp-cron.php). When this is enabled these types of requests will be ignored by the firewall.|
|If this value is false, BitFire will attempt to auto configure all system settings and then change this value to true. Requires bitfire/config.ini to be web writeable.|
Find out the best tricks and tips to secure your website.