PARC Network — Managed Hosting Architecture for your Magento / Mage-OS shop! on Managed Magento Hosting — by shop owners, for shop owners

Firewall for Magento — network hardening with OPNsense

Mon, 01 Jan 0001 00:00:00 +0000

While the WAF inspects HTTP traffic at the application layer, the firewall works one level deeper: it decides at the network level which traffic is allowed to flow at all. At PARC, OPNsense handles this.

Network firewall vs. WAF

The two layers complement each other but don’t replace each other:

WAF (SafeLine) — Layer 7, understands HTTP, blocks injection, XSS, bots.
Firewall (OPNsense) — Layer 3/4, filters packets by source, destination, port and protocol. What isn’t let through here never reaches the higher layers in the first place.

Why OPNsense

OPNsense is an open-source firewall built on FreeBSD — fitting seamlessly into our line:

Legal Notice

Mon, 01 Jan 0001 00:00:00 +0000

PARC Network GmbH & Co. KG
Am Weidengraben 27
97297 Waldbüttelbrunn, Germany

Phone: +49 (0) 931 / 970 913 31
Email: hallo@parc-network.com

VAT identification number according to § 27a German VAT Act (UStG): DE292075424

Notice according to § 36 VSBG (Consumer Dispute Resolution Act): We are neither willing nor obliged to participate in dispute resolution proceedings before a consumer arbitration board.

PARC Security — open-source module for Magento protection

Mon, 01 Jan 0001 00:00:00 +0000

PARC Security is our own open-source module. It complements the WAF and the firewall with a Magento-aware layer: curated blacklists, IP groups and rules that keep known attackers, bots and scrapers out — right in the context of the shop.

View the module on GitHub

What the module does

PARC Security sits between the pure network/WAF layer and the Magento application. While WAF and firewall work generically, PARC Security knows the Magento context — which routes are sensitive, which bots are legitimate (e.g. Google) and which aren’t.

Privacy Policy

Mon, 01 Jan 0001 00:00:00 +0000

As the data controller under the GDPR, we inform you below about the processing of personal data when visiting this website.

1. Data Controller

The controller responsible for the processing of personal data is PARC Network GmbH & Co. KG. You can find the name and contact details of the controller in our Legal Notice.

WAF for Magento — SafeLine as the Web Application Firewall

Mon, 01 Jan 0001 00:00:00 +0000

A Web Application Firewall (WAF) filters HTTP traffic before it ever reaches Magento. At PARC, SafeLine handles this — the first active line of defence in front of every shop, even before Varnish and Nginx.

What a WAF does — and what it doesn’t

A WAF operates at the application layer (Layer 7). It understands HTTP requests and detects attack patterns a classic network firewall can’t see:

SQL injection and cross-site scripting (XSS) in forms, URL parameters and headers
Known Magento exploits — many attacks target specific, patched CVEs. The WAF blocks the attack patterns even if a patch is occasionally applied with delay
Credential stuffing & brute force on login and admin routes
Bad bots & scrapers that harvest catalog data or generate load

To be honest: a WAF is not a replacement for patches. It’s an additional layer that buys time and absorbs broad attack waves — the actual vulnerabilities still need patching.