aaWAF install tutorial

aaPanel_Kern

aaWAF working principle

aaWAF usage tutorial: aaWAF usage tutorial

aaWAF composed of three main components:

cloudwaf_nginx (referred as nginx) is used to inspect and filter malicious traffic and forward traffic to website server.
cloudwaf_mysql (referred as mysql) is used to store attack event logs.
CloudWaf is Console of aaWAF, which provides Console for users use.

How does work?

aaWAF work as reverse proxy. Website traffic first arrives at aaWAF. After being detected and filtered by aaWAF, it is then transferred to the website server that originally provided the service.

Example

Describe how to build aaWAF through simple example

Before using aaWAF

All user traffic flows directly to the server hosting the website

website domain：156.kern123.tk
Website server IP, website domain A record IP：192.168.66.152

As shown:

After using aaWAF

All user traffic first flows to aaWAF, which filters malicious traffic through and then sends normal traffic to the origin server (website server is also called the return-to-origin server here).

Protect website (website domain): 156.kern123.tk
aaWAF 、Protect website A record ip：192.168.66.156
Website server ip (Source address)：192.168.66.152

As shown:

Install method

Online install

Recommended use this install method

Use SSH tool login server and execute following command install:
*Note that ROOT permission is required to execute the command

After copy and past command, press Enter execute the install command.

URL=https://node.aapanel.com/cloudwaf_en/scripts/install_cloudwaf_en.sh && if [ -f /usr/bin/curl ];then curl -sSO "$URL" ;else wget -O install_cloudwaf_en.sh "$URL";fi;bash install_cloudwaf_en.sh

After install is complete, following is displayed

Login aaWAF Console

Console default port is 8379. If the server has security group or hardware firewall, please open port 8379.

After install is complete, Use browser access displayed address, enter username and password, Login aaWAF Console

Note: The browser prompts security questions, please trust it. This is caused by the browser not trusting the self-signed certificate.

After successful login, Use aaWAF

Offline install

Note: This option applies when server cannot connect to Internet
Docker must be installed manually during offline install, otherwise it cannot be installed
Before offline install, please ensure that the tar gzip curl netstat ss docker command exists on your server. Use this command to check whether it exists:
Packs=("curl" "tar" "gzip" "netstat" "ss" "docker" ); for pack in "${Packs[@]}"; do command -v "$pack" >/dev/null 2>&1 || echo -e "\033[31mError: $pack command does not exist\033[0m"; done

Please download install file according system architecture. Use command uname -m view architecture.

x86_64：

Offline install script: Download offline install script
Image file: Download image x86_64 file
Console program file: Download Console x86_64 file

After downloading file according different system architectures, Use xftp, winscp and other tools upload it to the server, place the downloaded file in the same path, and then execute the install command to install offline:

Note that root privileges are required execute command

bash install_cloudwaf_en.sh offline

After install is complete, Login steps are the same as online. Example: x86_64 architecture

aaWAF usage tutorial: aaWAF usage tutorial

If cannot solve it or have problems during use, please Start a Discussion in the forum.

toucheva

I would like to explain the WAF installation in detail, but I don't understand the Docker steps.
Thank you very much.

aaPanel_Kern

It is recommended to use the installation script for installation.

toucheva

I tried installing and it's like this.

aaPanel_Kern

toucheva
WAF need use port 80 443 33060. There are already services ports in the system, cannot be installed.
Recommended use a new system

toucheva

aaPanel_Kern
i get it

very very good

horasjey

aaPanel_Kern
Does that mean it can't be combined with Aapanel?

Jhonata

para min está dando esse erro oque pode ser ?

aaPanel_Kern

Jhonata
Hi, can you give us your aapanel information? The server makes a snapshot backup first, if possible, please send it to kern@aapanel.com.
It is recommended to fill in the following
Post link:
SSH IP address, account password and port:
aapanel login link address and account password:

No post link will not be able to know which user's information is, and the problem will not be processed

aaPanel_Kern

Jhonata
Hello, are you using a container system to install it? How does it work?

Jhonata

aaPanel_Kern ola tudo bem ? isso uso lxc no proxmox consegue me ajudar?

Jhonata

aaPanel_Kern consegui fazer funcionar, porem como sincronizo meus sites do aapanel com o aawaf?

Stealth

Work worldmap for others?

aaPanel_Kern

It is recommended to use a virtual machine, as LXC containers are not fully compatible.
At the same time, aawaf uses a reverse proxy, please refer to the usage tutorial.
https://www.aapanel.com/forum/d/18726-aapanel-waf-usage-tutorial

Jhonata

aaP_edardian

aawaf system requirement?

aaPanel_Kern

Hello, it is recommended to have the same configuration as the website server. Aawaf mainly uses the CPU.

aaP_edardian

aaPanel_Kern

Hello, the port cannot be used if it is occupied.

horasjey

haris

can aaWAF handle DDOS? if i use this as waf to handle multiple websites, then if this waf server being ddos, all the websites behind it will go down as well?

aaPanel_Kern

Hello, none of the software can handle DDos. You need a server or network provider to purchase services to handle DDos.
Software can handle CC sql injection and more
Yes, this is the website entrance. If aawaf does not work, the website cannot be accessed.

haris

aaPanel_Kern
can you suggest me a few use case for this aaWAF? how can i setup this along with load balancer?
LB > WAF > Multiple Servers
or
LB > WAF1 > Server1 and so on, dedicated WAF for each server.

aaPanel_Kern

All are ok. If there is only one server for Aawaf, it is recommended that you increase the bandwidth and hardware configuration.

haris