Web Application Firewall
No Joomla! website should be without a Web Application Firewall or WAF, especially if hosted in a shared server environment.
The WAF adds another line of defense between your website and the server firewall maintained by your hosting provider.
You will find a list of available WAF extensions in the Joomla! Extensions Directory.
What is a Web Application Firewall?
"A web application firewall is a special type of application firewall that applies specifically to web applications.
It is deployed in front of web applications and analyzes bi-directional web-based (HTTP) traffic - detecting and blocking anything malicious."
OWASP stands for Open Web Application Security Project.
A WAF is “a security solution on the web application level which - from a technical point of view - does not depend on the application itself.”
It is a firewall for HTTP applications which is deployed to protect a specific web application or set of web applications.
Specifically, a WAF applies a set of rules to an HTTP conversation.
These rules cover common attacks such as:
- cross-site scripting (XSS) and
- SQL injection.
Akeeba Admin Tools is our WAF of choice
Our preferred choice of WAF for the Joomla! CMS is Akeeba Admin Tools.
It adds another line of defense between your website and the server firewall maintained by your hosting provider.
"The Admin Tools WAF is designed to offer real-time protection against:
- the most common fingerprinting attacks, used by attackers to deduce information about your site in order to tailor an attack to it,
- and the most common attacks."
Useful Video Tutorials & Documentation
The developer acknowedges that configuring the Admin Tools WAF for your website's hosting environment can be challenging for some website administrators, but has recently produced a range of useful video resources to help Joomlers.
These provide a useful supplement to the longstanding comprehensive Admin Tools user guide.
Akeeba GeoIP Provider Plugin
If you choose to install the Admin Toolls WAF then we also recommend that you install the developer's GeoIP Provider Plugin.