Leaderboard

Hello ! 👋 I'm excited to share WireWall, a comprehensive security firewall module I've been developing for ProcessWire. After months of real-world testing on production sites (including blocking 99.98% of malicious traffic on my e-commerce platform), I'm ready to release it to the community. What is WireWall? WireWall is a ProcessWire-native security module that provides enterprise-grade protection with granular geographic and network-level blocking. Unlike traditional firewalls that only block by country, WireWall lets you block by city, region (state/province), VPN/Proxy/Tor, ASN, and more. Key Features Geographic Blocking: City-level blocking - Block specific cities worldwide (e.g., "Philadelphia", "Beijing", "Tokyo") Region blocking - Block entire states/provinces (e.g., "Pennsylvania", "California", "Tokyo Prefecture") Country blocking - Traditional country-level controls with whitelist/blacklist modes Network Protection: VPN/Proxy/Tor detection - Multi-API detection system with intelligent fallback Datacentre detection - Block AWS, Google Cloud, DigitalOcean, and other hosting providers ASN blocking - Block entire autonomous systems by ASN number Rate limiting - Per-IP rate limits with automatic temporary bans AI bot blocking - Automatically block GPTBot, ClaudeBot, and other AI scrapers Performance & Scalability: File-based cache - Scales to 1M+ IPs with zero database overhead Lightning-fast lookups - 0.5-2ms with MaxMind databases HTTP fallback - Works without MaxMind databases (though less performant) Smart caching - GeoIP cached for 30 days, VPN checks for 7 days Developer-Friendly: Priority-based system - 14 security layers evaluated in order JavaScript challenge - Detect and block headless browsers Comprehensive logging - Debug mode with detailed request information Cache management UI - Built-in interface to view stats and clear cache Triple admin protection - Logged-in users, IP whitelist, admin area bypass Real-World Results On my e-commerce site (LQRS.com), WireWall has been running for several months with impressive results: 99.98% blocking rate - Nearly all malicious traffic blocked Zero false positives - Legitimate customers unaffected Significant reduction in AWS/cloud-based automated attacks Complete elimination of VPN/proxy fraud attempts Installation cd /site/modules/ git clone https://github.com/mxmsmnv/WireWall.git Then in ProcessWire admin: Modules → Refresh Install WireWall Configure your blocking rules You're protected! How It Works - Priority System WireWall processes every request through 14 prioritised security layers: Admin Area → ALLOW (ProcessWire admin always accessible) IP Whitelist → ALLOW (manual whitelist bypass) Rate Limiting → BLOCK (excessive requests) IP Blacklist → BLOCK (permanent blocks) JavaScript Challenge → CHALLENGE (suspicious requests) VPN/Proxy/Tor → BLOCK (anonymous services) Datacentre Detection → BLOCK (cloud hosting) ASN Blocking → BLOCK (autonomous systems) Global Rules → BLOCK (known patterns) Country Blocking → BLOCK (country rules) City Blocking → BLOCK (city rules) Region Blocking → BLOCK (region rules) Country-specific Rules → BLOCK (custom rules) Default → ALLOW ✓ First match wins - once a rule triggers, evaluation stops. MaxMind Integration WireWall works best with MaxMind GeoLite2 databases (free): GeoLite2-Country.mmdb - Country detection GeoLite2-City.mmdb - City and region detection GeoLite2-ASN.mmdb - Network/ISP detection Without MaxMind, it falls back to ip-api.com HTTP API (slower, with rate limits). City and region blocking require the MaxMind City database. Download MaxMind databases from: https://dev.maxmind.com/geoip/geolite2-free-geolocation-data Technical Details ProcessWire: 3.0.200 or higher PHP: 8.1 or higher Optional: MaxMind GeoLite2 databases (Country, ASN, City) Optional: Composer (for MaxMind GeoIP2 library) Why Another Firewall Module? I needed something specifically for ProcessWire that: Scales efficiently - File-based cache handles millions of IPs without database bloat Provides granular control - City and region blocking isn't available in other solutions Works offline - MaxMind databases work without external API calls Integrates natively - Built specifically for ProcessWire's architecture Stays free - Open source, no premium tiers or upsells Other solutions like Wordfence (WordPress), Sucuri (paid service), and ModSecurity (server-level) either don't integrate well with ProcessWire or lack the geographic granularity needed for fraud prevention. Resources GitHub Repository: https://github.com/mxmsmnv/WireWall Documentation: Full README with installation, configuration, and troubleshooting Landing Page: https://wirewall.org Licence: MIT (free for commercial use) Quick Start TL;DR # Install cd site/modules && git clone https://github.com/mxmsmnv/WireWall.git # Activate in ProcessWire admin Modules → Install → WireWall # Configure - Enable module - Set blocking rules (cities/regions/countries) - Enable VPN detection - Configure rate limiting - Save # Monitor Setup → Logs → wirewall.txt I'm happy to answer any questions! Has anyone else been working on security solutions for ProcessWire? I'd love to hear about your approaches and challenges. Best regards, Maxim

@maximus i really would like to give this module a try! I am having slight problems with spam bot form submissions from time to time. But: I am using custom ajax endpoints via the RockFrontend Module: https://www.baumrock.com/en/processwire/modules/rockfrontend/docs/ajax/ Although I enabled the "Allow AJAX from trusted module" checkbox in the module settings, the ajax requests are getting blocked (status 403) when WireWall is active. Is there a way to add "trusted modules" manually?

Hi psy, If you are looking for a quick-but-reliable way to get CSV docs into PW pages, here's a snippet I've been using for years. It might not do as much as the official module, but it will get you up and going. <?php // Script to create pages from rows in a CSV file //Open CSV file. $fileHandle = fopen("replace-with-file-name.csv", "r"); //Iterate through CSV rows. // NOTE: if you have a header row, it will be used to create a page. while (($row = fgetcsv($fileHandle, 0, ",")) !== FALSE) { // Create a new ProcessWire page from each CSV row, using the row's array 0-based index matched with the correct fields. // Set up pages in the ProcessWire page tree. $np = new Page(); // create new page object $np->template = $templates->get(xx); // Set the template to use for created pages. $np->parent = $pages->get(xxxx); // Set the parent ID for created pages. // Turn output formatting off $np->of(false); // Set field values from the 0-based index of the CSV row. $np->title = $row[0]; $np->name = $row[0]; $np->field_name1 = $row[1]; $np->field_name2 = $row[2]; $np->field_name3 = $row[3]; // Save the page $np->save(); }

Good morning @da² Remove this line to show the badge, but anyway: it works properly on my side on single and multi file upload fields. You are right, I will check this!! BTW: You do not have to write the filesize like "524288000" -> you can write "500 MB" instead and it will be converted to "524288000" automatically. I have never tried it with such a high upload max size - please try it with a lower size (fe. set it to 50 MB) and take a look what happens). Another aspect could be that there are 2 different max size config settings: Max upload file size (the max size for an individual file) Max post size (the max size for all uploaded data via a POST request The validator only checks for the max file size, not the max post size. So for testing purposes please set the max file size to 50 MB, remove the showClearLink() and take a look what happens.