Skip to content

System Configuration

Jump to bottom
bitslip6 edited this page Feb 3, 2021 · 2 revisions

BitFire System Configuration

BitFire contains many configuration items to suit a large number of users and use cases. Here we go over each configuration item in detail.

Caching

BitFire avoids network and disk access. Instead it uses an in-memory caching system and supports several back-ends, SHMOP (compiled into PHP on 99% of installs), APC and [APCu] (https://www.php.net/manual/en/book.apcu.ph). We also support SHM from the [Semaphore] (https://www.php.net/manual/en/ref.sem.php) extension. The SHM cache mechanism doesn't always store values as long as we like and is not recommended for production use.

; only shmop or apcu are recommended 
cache_type = 'shmop'

Debugging

You can display the block reason for any failed request by enabling debug. This will display the parameter that was blocked along with the reason for the block in an HTML comment that can be viewed by selecting "view-source" on your web browser's console.

; show why request was blocked on block page
debug = true

HTML response code

You can select the HTTP response code to block your pages with. Typically a response code of 403 is used for access denied pages, but you may want to throw a would-be attacker off by replying with 500 (server error) to not give away that you are using a WAF. We recommend using 403, but you can adjust as necessary.

; block http response code
response_code = 403

Block Time

Some web requests are obviously from malicious attackers. When bots begin spamming your site or the attack is obviously designed to cause a denial of service we create an IP level block. This block is created by dropping a file that matches the request IP into the blocking directory. When a request is received it's IP is checked against the block IP file, this check is cached by the operating system and allows BitFire to block IP requests in < 0.01 milliseonds.

You can set the blocking time for 3 levels of attacks, high, medium and low. By default the block times are set to 600 seconds (10 minutes), 3600 seconds (60 minutes) and 86400 seconds (24 hours).

; short block time is 10 minutes
short_block_time = 600

; medium block time is 60 minutes
medium_block_time = 3600

; long block time is 24 hours
long_block_time = 86400

Source IP

For 99% of installs, we use the the actual source IP address: REMOTE_ADDR. If your server is fronted by cloud flair or another service you can pull the remote IP address from an HTTP request header. Usually this is X-FORWARDED-FOR, but you can also use the new HTTP standard FORWARDED.

; the HTTP header to read for the remote address.  supported: 
; FORWARDED (suport for by=();for=();etc), X-FORWARDED-FOR, REMOTE_ADDR, CUSTOM (like x-forwarded-for)
ip_header = 'REMOTE_ADDR'

Clone this wiki locally