Summary of Nginx WAF false positives or bug submissions

aaPanel_Jose

A summary page for submissions of WAF false positives or bugs encountered during use.
If you encounter false positives or bugs, please reply in the following post

The response format is as follows:

Email: xxxxxxxxx
Error screenshot
Specific open source projects

If it is not an open source project, please specify which rule

jazz1611

aaPanel_Jose
hello, have bug in UI. please look screenshot and fix it soon

idflorin

idflorin@altmails.com

Drupal 8/9
full URL https://www.graybookmarks.com/admin/reports/auditfiles/managednotused ; this URL is active just for the Audit Files module.
proposed fix: add /admin/reports/auditfiles/* to Manage URL whitelist
I also use these in Manage URL whitelist

/ads.txt
/sitemap.xml
/robots.txt
/rss.xml
^/\.well-known/

aaP_mail.webmaster.my

Email : mail.webmaster.my@gmail.com
My own script
I haven't made any changes to any of Nginx WAF Rules. I just installed it and when I try to open my website, I get either 502 or 520 errors(by cloudflare)
When I check the nginx error log I see this:
2021/03/14 15:04:59 [error] 84975#0: *91 failed to load external Lua file "/www/server/btwaf/header.lua": cannot open /www/server/btwaf/header.lua: No such file or directory while reading response header from upstream, client: 141.101.xx.xx, server: mydomainnamehere, request: "GET / HTTP/1.1", upstream: "fastcgi://unix:/tmp/php-cgi-80.sock:", host: "mydomainnamehere"
Please help me

aapanel_sniper

@aaP_mail.webmaster.my#18893
Thank you all for your support. The problem has been resolved, users who encounter problems later, please reinstall nginx waf.
Refer to it:

https://www.aapanel.com/forum/d/3498-nginx-waf-520-headerlua-problem

aaP_zhibowang74

电子邮件：1152420107@qq.com
错误截图

特定的开源项目 v2board

aapanel_sniper

aaP_zhibowang74

Good morning, Sir.
Please pay attention to your mailbox, I have sent an email to your mailbox.

GoodDay

I have a problem.
If I am on the site for more than 5 minutes and click on the "Download" button, then I am thrown to the "Redirect..."check.

How to deal with this? How to remove the check on PHP files?

xales

Hi! Why is the Firewall not working? For 12 hours of his work, he did not block anyone! Even by user-agent, not a single rule worked!

xales

Thanks! Figured it out. Due to the newly added file, a duplicate of the lua_package_path line was found

jazz1611

hello @aaPanel_Kern
i cannot submit the False positive file in Nginx WAF Free 5.0, aaPanel version 6.8.32

qh77com

I bought a WAF but it still doesn't work

aaPanel_Kern

qh77com

Hello, can you solve it by clicking here?

aaP_hiepnhse61627

WAF UI is broken when I click on WAF link in the sidebar.

aaPanel_Kern

Hello, is it normal after force refreshing the browser? Is it normal to access in incognito mode?

aaP_hiepnhse61627

aaPanel_Kern same issue happens when forcing refresh browser and access incognito mode.

aaPanel_Kern

aaP_hiepnhse61627
Hi, can you give us your aapanel information? The server makes a snapshot backup first, if possible, please send it to kern@aapanel.com.
It is recommended to fill in the following
Post link:
SSH IP address, account password and port:
aapanel login link address and account password:
Detailed problem description:

No post link will not be able to know which user's information is, and the problem will not be processed