WAF

Mitigating DDOS attacks, easily creating custom rules, protecting your website and reducing the risk of malicious attacks and data leakage

Overview

• Today request : Display the total number of requests today

• Malicious request : Displays the number of intercepted malicious requests

• Traffic filtering request chart : Graph showing all traffic requests and filtered requests

• Real-time QPS : Displays the number of requests per second

• Block type (today) : Displays the types of malicious requests intercepted today

• Interception map (today) : Displays the IP address of intercepted malicious requests, number of attacks, IP attribution and create a map display

• Number of isolated Trojans : Displays intercepted malicious requests by isolated

• Unprotected website : Displays unprotected websites

• Possibly incorrect CC protection rule : Displays CC rules that may be incorrect

• Today's Block report : Click to view today’s interception report

WebSite

• Intercept access from known malicious IPs of aaPanel : Enable or disable blocking of known malicious IPs based on aaPanel

• Site/Modify : Display the name of the website. Click to manage the protection management of a single site.

• Total interceptions : Displays the total number of malicious requests intercepted by this site. Click to view the interception details type.

• Fake spider : When enabled, requests from fake search engines will be intercepted.

• Using CDN : If the website uses CDN (reverse proxy, Cloudflare etc.), please enable it.

• Intelligent cc defense : Automatically adjust blocking rules based on website load conditions and historical access conditions.

• CC defense : Enable or disable CC defense. It is not recommended to disable it. After disabling it, a large number of malicious access requests will not be intercepted.

• Status : Turn website protection on or off

• Log : View the interception log of this website and view the interception details. Add mistakenly intercepted requests to White URL

Blockade

• Interception record : View and manage all interception records. Based on the interception details, Can add them to the IP blacklist or URL whitelist.

• IP blocking record : View and manage the IP addresses intercepted by WAF. According to the interception details, can White URL, Block IP, Unblock IP

• Rule hit record : View the rule records of IP address hits

Black/White list

• IP whitelist : Add IP to the whitelist. IPs added to this list will not be blocked. This is the highest priority rule.

• IP blacklist : Add IP to the blacklist. IPs added to this list will block all requests.

• UA whitelist : Add UA to the whitelist. User-Agent added to this list will not be intercepted.

• UA blacklist : Add UA to the blacklist. User-Agent added to this list will intercept all requests.

• URL whitelist : Add URLs to the whitelist. URLs added to this list will not be blocked.

• URL blacklist : Add URL to the blacklist. URLs added to this list will intercept all requests.

Region

• Add Region Restriction : Add a region to intercept or allow access requests

Custom rules

• Add custom interception

Add custom interception rules to intercept or allow access requests based on the following rules:

1. Client lP address
2. Country
3. IP range
4. Method
5. URl(Without parameters)
6. URl(With parameters)
7. URl parameter name
8. URl param
9. Request header
10. User Agent
11. Referer
12. Request header name

Attack Map

An attack map based on IP geographical location statistics

Report

• IP Report : View and manage IP interception. Can permanently block or release this IP according to the access details of the IP.

• URI Report : View and manage URI interception. Can permanently block or release this URI according to the access details of the URI.

• Search : Search the interception log of the website, Can search IP, URI, URL, Time

Global

Manage the global configuration of WAF. Please see the instructions for modification.

Inheritance: The global setting will automatically inherit the default value in the site configuration

Priority: IP whitelist > IP blacklist > UA whitelist > UA blacklist > URL keyword interception > URL CC defense > URL whitelist > URL blacklist > Non-browser > User-Agent > CC defense > Cookie > URI filter > URL parameter > POST > Website custom defense

• Simulated attack : Simulate attack to check whether WAF is effective

• Export : Export WAF configuration

• Import : Import WAF configuration

• Restore default config : Will restore the default configuration of WAF and delete all configurations added by users.

• CC defense : Defense against CC attacks, please adjust the specific defense parameters in the site configuration

• Request defense : Malicious request blocking threshold.

• Static file protection : CC protection by default will not protect: JS, CSS, GiF, JPG, JPEG, PNG, these static files, if it is not brushed image traffic is not recommended to always open.

• Malicious IP Sharing Program : Join the Malicious IP Sharing Program to gain access to the "Fortress Malicious IP Library"

• URL CC defense : URL defense CC rule, priority is higher than URL whitelist

• URL enhancement mode : Setting up a URL validation rule independently

• Machine verification whitelist : Use when you need to not validate certain pages when enabling human authentication

• Non-browser interception : Can defend against crawler attacks and non-browser access. Currently, it will be applied to all websites. If the website has CDN enabled, it is recommended not to enable it (there is a cache false alarm)

• HTTP request filtering : HTTP request type filtering/request header filtering/semantic analysis switch

• URL request type interception : Set URL interception request type separately

• API interface defense : When some interfaces are in the whitelist, one of them needs to be used under CC defense

• Spider pond : By default, all major search engine spiders are allowed to crawl

• SQL injection defense : Detect malicious SQL statements and prevent malicious tampering of the database due to SQL injection

  Note: If the content published on your website contains SQL statements (such as database-related tutorial articles), enabling this defense may cause the publication of related content to be blocked

• XSS Defense : Detect XSS syntax to prevent web pages from being maliciously tampered with, user information leaked, and permissions stolen

  Note: If the content published on your website contains tutorials on malicious use of javascript, enabling this defense may result in the publication of related content being blocked

• Command Execution Interception : Determine and block the execution of potentially dangerous commands through the syntax model, effectively preventing hackers from invading the server through the website

• Weak password defense : Real-time detection of weak password login and interception

• Sensitive information detection : Intercept sensitive information in error messages, including SQL errors, PHP errors, etc.

• Malicious file upload defense : Detect malicious file uploads, prevent Trojans from being uploaded, and prevent server permissions from being lost

  Note: If you upload a file with the keyword php in the file name, enabling this defense may result in the IP being blocked

• Malicious Download Defense : Detect malicious downloads and prevent backup files, source code, and other critical data from being downloaded

  Note: If you need to download backup files from a website, and if the compressed file contains the website name, enabling this defense may cause the download file to be intercepted. You can download it through the panel

• Custom rule interception : Detect php code execution, detect directory detection, detect SSRF detection, and custom detection

  Note: The current rules can be edited, and the default is that both GET/POST request methods will take effect.

• Malicious crawler defense : Detect malicious crawlers and prevent malicious crawlers from accessing the website

  Note: If your website needs to be included in the search engine, be sure not to add the search engine features

• Malicious Cookie Defense : Detect whether the cookie contains malicious code, SQL injection, XSS attack

• Malicious Scanner Defense: Detect malicious scanners, prevent all kinds of scanners, Trojan connection tools, and access to the website.

  Note: If your website is undergoing security testing, it may be blocked.

• Directory Scan Defense : Prevent directory/file scanning, and perform statistical interception through the 404 status code of the access.

  Note: If your webpage has many 404 images, it may cause access to be blocked

• Trojan detection : Webshell inspection is performed through real-time access files. The results are on the isolation box page. It is recommended not to turn off this function.

  Note: If your normal files are pulled into the isolation box, please add white in the isolation box.

• Logging : The default firewall only records HTTP intercepted data packets within 1M. If you need to record larger data packets, turn on this function.

• Sensitive text replacement : Replace the set sensitive text. If the Baota website acceleration is installed, this function will be invalid.

• URL keyword interception : Intercept keywords from URL

• Banned words : Banned words or phrases in text

Feedback or Suggestions

If you encounter problems or suggestions during use, please contact us through the following methods:

• (Please describe in detail or provide screenshots)

1. Forum: https://www.aapanel.com/forum
2. Email: [email protected]