How to use aaWAF

This tutorial skips the construction of the source website. By default, your website can be accessed normally before using aaWAF.

Before using aaWAF

Website architecture before using aaWAF:
Users access the website server directly
As shown in the figure: User --> Website server

Website domain and A record information:

  • website domain: 156.kern123.tk
  • website domain A record ip:192.168.66.152

After using aaWAF

Website architecture after using aaWAF:
User access aaWAF and then forwarded to website server
Add a new server ip:192.168.66.156
As shown in the figure: User --> aaWAF --> Website server

  • Protect website and website domain: 156.kern123.tk
  • aaWAF, Protect website A record IP:192.168.66.156
  • Website server ip (Source address):192.168.66.152

Install aaWAF

aaWAF install tutorial:install aaWAF

I’ll skip the install here.

After the install is complete, login aaWAF and add protected website

Add protected website

Website --> Add Website

  • Protected domain: 156.kern123.tk
  • Source address:192.168.66.152
    • The website of the website server does not have an ssl certificate setup, so use http
    • It can be used if an SSL certificate is setup https
    • If the website uses Forced HTTPS, please use https and deploy an SSL certificate, otherwise it will prompt you with too many redirects.

Tip: Enter according to your actual situation, Check domain may not be accurate

Add protected website is complete

Modify A record IP of the website domain name to IP of the aaWAF server. Please go to the domain name vendor modify the A record.

Modify from 192.168.66.152 to 192.168.66.156

Tip: Modify domain A record will take 1 to 10 minutes (or more) to take effect.

From 192.168.66.152

Modify to 192.168.66.156

How check whether A record is valid:

For Windows systems, can use Win+R or click the "Start" button in the lower left corner open the "Start" menu, open "Run", enter cmd and press Enter.

At the command prompt enter nslookup domain

Test aaWAF

After A record of domain takes effect

Test whether aaWAF is used successfully

  • Browser accesses domain

    Use browser access website domain name: 
        http://156.kern123.tk
    Successfully accessed the website:

  • Test whether the protection is effective?

    Use browser access malicious link: 
        http://156.kern123.tk/?id=/etc/passwd
    Protection takes effect:

View access data from aaWAF

  1. Overview
    Requests todayMalicious requests increased by 1

  2. Website --> 156.kern123.tk
    Today Requests/Block increased by 1

Tutorial summary

  • Increase:

    1. Add server install aaWAF
    2. Add protected website in aaWAF

  • Modify:

    1. Modify A record IP of the website domain to aaWAF IP

  • Unchanged:

    1. Website server configuration remains unchanged
    2. Domain name the user visits remains unchanged

If cannot solve it or have problems during use, please Start a Discussion in the forum.

22 days later

Hello, it is not recommended to install on the same server. Generally, port 80 443 is already used when aapaenl is installed.
Can be used with Cloudflare at the same time. Please enable CDN when using it.

aaP_abdillah_pandu0

    How to change the language of aaWAF, after FIX the language became Chinese. And how to change the panel time?

      7 days later

      Can the source be directed to a Docker container?

      Hello,

      We was successfully install aaWAF Free in offline mode. Now we want to restrict working area just to one region (not China), are system have requirement to full access to internet area? May be system have some syncing process or they do license checking?

      Thank you

      Hello, aawaf does not rely on the Internet, it uses the built-in IP library

      is aapanel and aawaf totaly different ?

      can I use Aapanel and Aawaf on the same server?

      currently, i am using Aapanel, did I required to use aawaf?

      I am a student, i am not an expert in it please guide me in detail. I am confused.

        Hello,

        Thank You for previous response to my question. If I may ask a few more questions:

        1. Current english version of aaWAF is 1.0, chinese version already 2.8 or 2.9, have You plan publish a new version of english realese?

        2. Map in version 1.0 not working, is it way to fix this mannualy without waiting update?

        3. And my last question regarding IP blacklist, via Web UI we have opurtunity to import list of IPs or subnets, but we want to automate this process. Are this blacklist stored in DB? Can we work with the database ourselves and import the necessary data into it directly?

        Thank You

        Also we see that waf system all time send some data to IP 42.157.129.47 and take long time connections with this IPs - 123.183.224.10 and 58.221.23.182. Will be nice just from security point of view to understand the nature of these connections. Thank You!

          Hello, there is currently no information to publish
          The map is a known issue that has been recorded and needs to be fixed.
          Blacklists can only be imported via the Web UI
          The program will communicate with the server regularly every day and only collect the number of program activations.

          123.183.224.10 and 58.221.23.182 are not our services. I’m not sure where the IP addresses are.

          Mrqz

            Dear @aaPanel_Kern what are You mean under “program activations”? If access to 42.157.129.47 restricted by firewall, this will not affect to the correct work of the program?

            And just for informaton I discovered that server must have preinstalled “ipset”! Command that checks pre-installed dependencies, which are mentioned in installation tutorial not check are this tool installed or not.

            Connect with us: 📨 Telegram 💬 Discord Email: support@aapanel.com