• Support
  • Summary of Nginx WAF false positives or bug submissions

A summary page for submissions of WAF false positives or bugs encountered during use.
If you encounter false positives or bugs, please reply in the following post

The response format is as follows:

  1. Email: xxxxxxxxx
  2. Error screenshot
  3. Specific open source projects

If it is not an open source project, please specify which rule

    1. idflorin@altmails.com
    2. Drupal 8/9
      full URL https://www.graybookmarks.com/admin/reports/auditfiles/managednotused ; this URL is active just for the Audit Files module.
      proposed fix: add /admin/reports/auditfiles/* to Manage URL whitelist
      I also use these in Manage URL whitelist
      /ads.txt
      /sitemap.xml
      /robots.txt
      /rss.xml
      ^/\.well-known/
    19 days later
    1. Email : mail.webmaster.my@gmail.com
    2. My own script
    3. I haven't made any changes to any of Nginx WAF Rules. I just installed it and when I try to open my website, I get either 502 or 520 errors(by cloudflare)
      When I check the nginx error log I see this:
      2021/03/14 15:04:59 [error] 84975#0: *91 failed to load external Lua file "/www/server/btwaf/header.lua": cannot open /www/server/btwaf/header.lua: No such file or directory while reading response header from upstream, client: 141.101.xx.xx, server: mydomainnamehere, request: "GET / HTTP/1.1", upstream: "fastcgi://unix:/tmp/php-cgi-80.sock:", host: "mydomainnamehere"
      Please help me
    a month later
    a month later

    I have a problem.
    If I am on the site for more than 5 minutes and click on the "Download" button, then I am thrown to the "Redirect..."check.

    How to deal with this? How to remove the check on PHP files?

    5 days later
    8 months later

    Hi! Why is the Firewall not working? For 12 hours of his work, he did not block anyone! Even by user-agent, not a single rule worked!

    Thanks! Figured it out. Due to the newly added file, a duplicate of the lua_package_path line was found

    2 years later

    hello @aaPanel_Kern
    i cannot submit the False positive file in Nginx WAF Free 5.0, aaPanel version 6.8.32

    8 months later
    a month later

    aaP_hiepnhse61627
    Hi, can you give us your aapanel information? The server makes a snapshot backup first, if possible, please send it to kern@aapanel.com.
    It is recommended to fill in the following
    Post link:
    SSH IP address, account password and port:
    aapanel login link address and account password:
    Detailed problem description:

    No post link will not be able to know which user's information is, and the problem will not be processed