I want to setup firewall for my site. I am very new to this concept. Can anyone help me about how can I get this done in my free hosting account? Thanks
We run firewalls on all our servers already. But that probably doesn’t answer your question.
What exactly are you trying to protect and how do you suppose a firewall relates to that?
1 Like
I am trying to make my website immune to sql injections. I had read some articles where it was stated that firewalls, if set up correctly, can help reduce the sql injection vulnarebility. So, that is what I am trying to do. Is there any other/better way to achieve this?
Ah, I see what you mean. What you’re referring to is typically called a Web Application Firewall. That’s a kind of firewall to protect, well, web applications. Mod Security is one of the most well known ones. The “web application” part is important, because normal firewalls protect networks, not applications.
A Web Application Firewall is an application which is integrated in the server. Some hosting providers offer it, but we don’t. But it has to be installed on the server level, and cannot be installed on an individual web hosting account.
If you insist on using a Web Application Firewall, you could use Cloudflare, who also offer a system like that.
And, admittedly, if you goal is to reduce SQL injection vulnerability, then it’s perfect. If the goal is to stop SQL injection vulnerability, then you should know that a WAF is a crutch to mitigate the dangers of bad code. So how to stop SQL injection vulnerability? Don’t run bad code!
For SQL injection, this is really simple: always use parameterized queries. Never put user input into SQL statements directly.
2 Likes
This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.