Install Guide
Part 1 - System

Cory Marsh
Cory Marsh
Share:
  • ...
  • ...
Cory Marsh has over 20 years Internet security experience. He is a lead developer on the BitFire project and regularly releases PHP security and programming vidoes on BitFire's you tube channel.

BitFire is a robust security tool for any PHP-based web application. It has many configuration options suitable for a wide variety of servers, software systems, and CMS.


BitFire stores all configuration options in the file bitfire/config.ini file located in your BitFire install path.


After installing BitFire using the BitFire Install Guide, open the BitFire dashboard located at /bitfire on your website. The first time BitFire loads, it will attempt to detect and auto-configure system settings. This process requires the config filebitfire/config.inito be writeable by the web user.

* All file paths accept absolute filenames (paths beginning with "/"), or relative to the BitFire directory

DESCRIPTIONDEFAULT
bitfire_enabledtrue
Global setting to enable / disable the BitFire firewall.
allow_ip_blocktrue
Allow the firewall to block agressive IPs with immediate drop.
passworddefault
Password for the dashboard page. plain-text or sha1 format.
cache_typeshmop
Server side cache to use, auto-configured. Supported are shmop, apc, apcu and shm (shm is experimental). BitFire will use on average about 1000 keys and 100Kb of memory.
cookies_enabledtrue
Enable if your web site supports cookies. Some very agressive caches do not support cookies. auto-configured.
cache_bust_parameter""
If your server has very agressive caching, and you have problems with enableing browser_verify, set this to a short random name to enable cache busting.
report_filecache/alert.json
Name of the file to save alerts to. All features support alert mode. If a feature is flags a request and is in alert mode, the rquest will be logged here. (800 line rotating file)
block_filecache/block.json
Name of the file to save the actual blocked requests to. (800 line rotating file)
debug_file""
BitFire has extensive internal debugging and logging. Set this parameter to a filename to enable server-side debug logging.
debug_headerfalse
Turn on the BitFire debug log and include it in each response header. * This can expose some sensative information and should only be enabled for short periods.
browser_cookie_bitf
After bitfire validates a client or robot it sets an encrypted cookie to validate that same client. This is the cookie name.
dashboard_path/bitfire
The path to the bitfire dashboard.
encryption_key<UNIQUE>
A unique random encryption key, 24 character minimum.
secret<UNIQUE>
A unique random authentication key, 24 character minimum.
debugfalse
When enabled, a hidden HTML comment will be added to the block page showing the block reason.
response_code403
The HTTP response code for blocked pages
ip_headerREMOTE_ADDR
The HTTP header value to pull the IP address from. Supported headers: forwarded, x-forwarded-for, or custom
dns_servicelocalhost
The DNS resolution. Most servers should use localhost for fastest resolution, but DNS over HTTPS is supported by using the value: 1.1.1.1
short_block_time600
Number of seconds to ban an IP for a short block.
medium_block_time3600
Number of seconds to ban an IP for a medium block.
long_block_time86400
Number of seconds to ban an IP for a long block.
cache_ini_filestrue
If true, BitFire will attempt to parse the configuration file and write a PHP cached version of the file on every update. Requires bitfire/config.ini.php to be web writeable. Improves performance by ~.5ms
skip_local_botstrue
Some websites (like WordPress) make HTTP calls to themselves (notable wp-cron.php). When this is enabled these types of requests will be ignored by the firewall.
configuredfalse
If this value is false, BitFire will attempt to auto configure all system settings and then change this value to true. Requires bitfire/config.ini to be web writeable.





Security Guide

Find out the best tricks and tips to secure your website.

Cory Marsh
Cory Marsh
Share:
  • ...
  • ...
Cory Marsh has over 20 years Internet security experience. He is a lead developer on the BitFire project and regularly releases PHP security and programming vidoes on BitFire's you tube channel.

Get WebSite Security Notifications

From us to your inbox weekly.