NinjaFirewall (Pro+ Edition)

Help & FAQ


How powerful is NinjaFirewall?

NinjaFirewall includes a very powerful filtering engine that can detect Web Application Firewall evasion techniques and obfuscation tactics used by hackers, as well as support and decode a large set of encodings. See our blog for a detailed description: An introduction to NinjaFirewall v3.0 filtering engine.

Do I need root privileges to install NinjaFirewall?

Unlike Web Application Firewalls such as ModSecurity, NinjaFirewall does not require any administrator privileges and is fully compatible with most shared hosting accounts.

Does it work with Nginx?

NinjaFirewall works with Nginx and others Unix-based HTTP servers like Apache and LiteSpeed as long as they support the auto_prepend_file PHP directive (either in PHP INI or .htaccess files).

Do I need to alter my PHP scripts?

You do not need to make any modifications to your scripts. NinjaFirewall hooks all requests before they reach your scripts. It will even work with encoded scripts (ionCube, ZendGuard, SourceGuardian etc).

Will NinjaFirewall detect the correct IP of my visitors if I am behind a CDN service like Cloudflare or Incapsula?

If you are using NinjaFirewall (Pro+ Edition), you can modify the source IP from the "Firewall > Access Control > Source IP" menu. If you are using NinjaFirewall (Pro Edition), you can use an optional configuration file to tell NinjaFirewall which IP to use. Please follow these steps.

Will it slow down my site?

Your visitors will not notice any difference with or without NinjaFirewall. The administration console shows benchmark statistics (the fastest, slowest and average time per request).

Is there a Microsoft Windows version?

NinjaFirewall works on Unix-like servers only. There is no Windows version and we do not expect to release any.

Can I add/write my own security rules?

You can use the optional .htninja configuration file for that purpose.

Can I migrate my site(s) with NinjaFirewall installed?

In order to migrate your site, you must follow these steps:

  1. Rename the PHP INI or .htaccess file that contains the NinjaFirewall auto_prepend_file directive.
  2. Migrate your site, including NinjaFirewall.
  3. Edit your PHP INI or .htaccess file and change the auto_prepend_file path to the firewall.php script so that it matches your new website document root/directory structure.
  4. Rename your PHP INI or .htaccess file to its original name.
  5. Log in to your NinjaFirewall admin dashboard, click on "Firewall > Policies", scroll down to the bottom of the page and click the "Save Changes" button. This operation will adjust your configuration to the new website document root.
  6. Check the "Summary > Overview" page to ensure there is no error or warning message.

How can I protect Joomla! with NinjaFirewall?

See our article : Securing a Joomla! installation with NinjaFirewall (Pro+).