Summary of Nginx WAF false positives or bug submissions

aaPanel_Jose · Feb 23, 2021

A summary page for submissions of WAF false positives or bugs encountered during use.
If you encounter false positives or bugs, please reply in the following post

The response format is as follows:

Email: xxxxxxxxx
Error screenshot
Specific open source projects

If it is not an open source project, please specify which rule

Iidflorin · Feb 23, 2021

idflorin@altmails.com

Drupal 8/9
full URL https://www.graybookmarks.com/admin/reports/auditfiles/managednotused ; this URL is active just for the Audit Files module.
proposed fix: add /admin/reports/auditfiles/* to Manage URL whitelist
I also use these in Manage URL whitelist

/ads.txt
/sitemap.xml
/robots.txt
/rss.xml
^/\.well-known/

AaaP_mail.webmaster.my · Mar 14, 2021

Email : mail.webmaster.my@gmail.com
My own script
I haven't made any changes to any of Nginx WAF Rules. I just installed it and when I try to open my website, I get either 502 or 520 errors(by cloudflare)
When I check the nginx error log I see this:
2021/03/14 15:04:59 [error] 84975#0: *91 failed to load external Lua file "/www/server/btwaf/header.lua": cannot open /www/server/btwaf/header.lua: No such file or directory while reading response header from upstream, client: 141.101.xx.xx, server: mydomainnamehere, request: "GET / HTTP/1.1", upstream: "fastcgi://unix:/tmp/php-cgi-80.sock:", host: "mydomainnamehere"
Please help me

aapanel_sniper · Mar 16, 2021

@aaP_mail.webmaster.my#18893
Thank you all for your support. The problem has been resolved, users who encounter problems later, please reinstall nginx waf.
Refer to it:

https://www.aapanel.com/forum/d/3498-nginx-waf-520-headerlua-problem

AaaP_zhibowang74 · Apr 18, 2021

电子邮件：1152420107@qq.com
错误截图

特定的开源项目 v2board

aapanel_sniper · Apr 19, 2021

aaP_zhibowang74

Good morning, Sir.
Please pay attention to your mailbox, I have sent an email to your mailbox.

GGoodDay · May 26, 2021

I have a problem.
If I am on the site for more than 5 minutes and click on the "Download" button, then I am thrown to the "Redirect..."check.

How to deal with this? How to remove the check on PHP files?

Jjazz1611 · May 31, 2021

aaPanel_Jose
hello, have bug in UI. please look screenshot and fix it soon

Xxales · Jan 25, 2022

Hi! Why is the Firewall not working? For 12 hours of his work, he did not block anyone! Even by user-agent, not a single rule worked!

Xxales · Jan 25, 2022

Thanks! Figured it out. Due to the newly added file, a duplicate of the lua_package_path line was found

Jjazz1611 · Nov 16, 2023

hello @aaPanel_Kern
i cannot submit the False positive file in Nginx WAF Free 5.0, aaPanel version 6.8.32

Qqh77com · Jul 17, 2024

I bought a WAF but it still doesn't work

aaPanel_Kern · Jul 18, 2024

qh77com

Hello, can you solve it by clicking here?

AaaP_hiepnhse61627 · Aug 20, 2024

WAF UI is broken when I click on WAF link in the sidebar.

aaPanel_Kern · Aug 20, 2024

Hello, is it normal after force refreshing the browser? Is it normal to access in incognito mode?

aaP_hiepnhse61627

AaaP_hiepnhse61627 · Aug 20, 2024

aaPanel_Kern same issue happens when forcing refresh browser and access incognito mode.

aaPanel_Kern · Aug 20, 2024

aaP_hiepnhse61627
Hi, can you give us your aapanel information? The server makes a snapshot backup first, if possible, please send it to kern@aapanel.com.
It is recommended to fill in the following
Post link:
SSH IP address, account password and port:
aapanel login link address and account password:
Detailed problem description:

No post link will not be able to know which user's information is, and the problem will not be processed