Web Application Firewalls with atom

[Matthew Bruton]

Do any admins reading this have experience installing a web application firewall on top of Atom?

I picked one called shadow daemon.

Got it installed, but when I tried to set up the php connectors I kept getting a 500 error.

Here's what I was doing https://shadowd.zecure.org/overview/php_connector/

I figure it is a lack of understanding of how atom is structured which is why I am reaching out here rather than anywhere else.

I'll keep plugging at it if no one knows, but any help would make my life a lot easier.

Thanks.

[Dan Gillean]

Hi Matthew, 

We have some very basic documentation on how to set up ufw with AtoM on this page: 

• https://www.accesstomemory.org/docs/latest/admin-manual/security/firewall/  
  

It may give you some ideas about what ports etc to allow even if you are using a different solution. 

Cheers, 

Dan Gillean, MAS, MLIS
AtoM Program Manager
Artefactual Systems, Inc.
604-527-2056

@accesstomemory

he / him

On Sat, Feb 8, 2020 at 5:41 PM Matthew Bruton <matthewb...@gmail.com> wrote:

Do any admins reading this have experience installing a web application firewall on top of Atom?

I picked one called shadow daemon.

Got it installed, but when I tried to set up the php connectors I kept getting a 500 error.

Here's what I was doing https://shadowd.zecure.org/overview/php_connector/

I figure it is a lack of understanding of how atom is structured which is why I am reaching out here rather than anyone else.

I'll keep plugging at it if no one knows, but any help would make my life a lot easier.

Thanks.

--
You received this message because you are subscribed to the Google Groups "AtoM Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ica-atom-user...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ica-atom-users/596056b7-5e2f-4fb3-a783-1ed15b52328b%40googlegroups.com.

[Matthew Bruton]

Thanks Dan,

I already have that installed along with another package called fail2ban, which I will post about at a later date.

What I was talking about was another layer on top of ufw, monitoring it's open ports, for web related suspicious activity. Cross scripting attacks, for example.

I'm going for only open source, which is more tricky. So any thoughts from anyone, even if they are only reading this message in two years time, would be received with gladness.