» Compatible with Joomla! 2.5 & 3.x
» Backend Password - Add an extra layer of security by typing in a password before logging in the administration!
» Blacklist - Block unwanted (single or multiple using wildcards *.*.*.*, CIDR notation and ranges) IP addresses.
» IPv6 support
» Whitelist - Bypass protections for selected IPs.
» Stop brute-force login attempts - Capture login attempts (as well as incorrect passwords).
» Malware database - Detects obfuscated, encoded as well as potentially dangerous files (eg. base64_encode, eval, gzinflate, preg_replace /e)
» Automatically drop dangerous files when they're uploaded - such as .php, .js, .exe, .com, .bat, .cmd
» Disable the creation of new Administrators
» Protects selected Administrators from any changes - including password change!
» Log all security events and send messages to specified email address(es)
» Powerful exception system - Disable protections based on User Agent, URL or component (regular expressions allowed).
» Database Check - Optimize & repair your database tables.
» Display CAPTCHA in the administration section after a predefined number of failed login attempts.
» Country blocking - Allows you to select which countries have access to your Joomla! website (also blocks anonymous proxies). Based on GeoIP Lite Country database.
» Local file inclusion (LFI)
» Remote file inclusion (RFI)
» SQL injection (SQLi)
» Denial of Service (DoS) - Block unwanted User Agents
» Automatic blacklist
» Actively scans POST and GET variables.
» Keeps an eye on sensitive Joomla! files and alerts you if they are changed.
» Check for the latest Joomla! & RSFirewall! versions.
» Provides suggestions on how to tighten your PHP & Joomla! configuration.
» Scan Joomla! core files for integrity.
» Scan files and folders for common permission errors.
» Scan files for common malware.
However I would like to underline an exceptional and professional support delivered by the developers from rsjoomla.com They are awesome!
Advantages: Protection against SQL injection, PHP, LFI and XSS injections and attacks in real time.
The analyzer site for twenty-four parameters that affect the safety of Joomla. Advanced System log. Protection of the administrative area site with a password and additional safety circuits. Blocking site of the changes. Analyzer database schema. Blocking access to the settings of the RSFirewall with a password. Black list of IP addresses that are denied access to the site. Allocation of access rights to the site administrators, and administrative area to the individual components. Basic protection against DoS attacks. Filtering files uploaded to the site. Protection from scanning the site for vulnerabilities. Protection of the Administrator account of any changes.
Disadvantages: not currently found.
Very good extension for the comprehensive protection of the site. Translated in the Russian language.
Support - very good. Questions decide quickly.
I use to protect the personal blog of weekly attacks.
Engaged in web technologies since March 2007. Use Joomla since December 2009.
The last ticket I had with them ended up not even being related to their Firewall component but I had thought it was. I couldn't access the backend Admin and the site was ready to go live the next day. They identified the problem and explained to me how to fix it. They really saved my butt.
It's highly flexible so I can lock a site down tight as a drum, or leave specific elements open for ease of access and ramp up their security in other areas instead. For more vulnerable sites with lots of plugins and users, the email notifications keep me advised of every threat in real time from the negligible to critical.
If you're in any doubt but run more than one website then just buy it, with a multiple license and the offers they make on Twitter it ends up being a few quid per year, per site, and it's a load off your mind :)
But, you will have to be very careful while doing the following
1. Using ACL option - make sure to allow full access to an administrator account before you click save after enabling this option. If not you will be locked out of your site.
2. fixing the problems via System Check. Contact support if you are not sure what you are doing. I lost access to WHMCS pages & its back-end and ability to install any Joomla extensions. Also make sure to backup php.ini before you apply the fix.
Only request to developer is to provide enough warning and detailed documentation about the cause of applying certain security options. I learnt it myself by making many mistakes.
Here is the issue: RSFirewall! has a system lockdown function; you can disable key aspects of Joomla that make your site harder to hack. This is a good thing. RSFirewall! has a master password function; you need to enter in a master password (if you create one) to change the component settings. This is also a good thing. However, when creating a master password, the characters you are entering are masked and there is no field to re-enter your password. So if you enable the system lockdown then mistype when you create a master password you won't know it until you go to log into the application. At which point you would not be able to do anything -- there isn't even the extra security questions to enable you to retrieve your master password -- you know like, "what is your favorite restaurant?" etc -- that you see on some banking sites.
I would love to see this issue resolved --either by having an option to unmask the password when you create it or a field to re-enter the password AND some sort of password retrieval option (security questions, email, something) in the unlikely event you forget your password or type in the wrong one.
If this one issue were fixed, I would give this application 5 stars -- it is great! Just with one MAJOR issue waiting to go awry.
This review is pointless and should be removed, because is totally wrong. There is an article in the documentation that explains how to clear the master password:
After the numerous excellent reviews I decided on RS Firewall and have not been disappointed
Already it has found what where gaping holes in my three sites ... and resolved the issues.
One little issue though, I am sure it is mentioned some where in the T & C's
I bough the multi site license assuming that I could protect my three sites, in fairness I can but I am only entitled to updates on one Domain, I have to pick which one ... that was a little disappointing and probably a little misleading with the term multi site license.
Otherwise ... I cant complain and I am very happy
Thanks for the review John.
For your information: a multi-site license allows you to install and update RSFirewall! on unlimited websites. You only have to register these websites on our website.
I've installed RSFirewall (the 5th RSJoomla extension on my site, by the way) only this morning, and had two critical issues that were solved in no time (less than an hour) by the support team! They are not only incredibly fast, but also very efficient! Highly recommended.
I fully back the claims of the others who have written what they have how good this module is.
We had a problem with what happened when we allowed the module to improve the rating by fixing issues found in our J1.5.23 sites, RSJoomla's support was excellent and was fixed in no time at all.
Well worth the urchase
Using it on 5 websites and couting.
I have some suggestions to keep it the best:
- Emergency shutdown button (see Admin Tools)
- Automatic IP banning for high alerts (adjustable)
- More extensive back-end access control
- Check for all vulnerable extensions, not just Jummi
- Maybe a passive scanner that scans ones a day all files (see Eyesite)
- Checking/adjusting default admin ID (not sure if it does).
- Checking/adjusting default database prefix
Don't get me wrong there are LOTS of possibilities with this excellent Firewall!
System Lockdown is also nice, don't forget to add a secure password to RSFirewall!
Can't say anything about the support, didn't need any yet (Good manual)
BUY this Firewall, your Joomla website deserves it!
From reading the previous reviews, I decided it was a good decision to use RSFirewall.
Just from installing it I can see it is a quality and well made component.
Very nicely done!
One recommendation to the author:
Maybe allow the dashboard to show more reporting and statistics about the component.
Number of malware found, etc - give some perspective on the whole thing and its performance.
This software has saved me tens, if not hundreds of hours or headaches, and is worth every penny. I won't build a Joomla site without it.