Nginx firewall is recommended to use Nginx 1.18 and above. Better compatibility If it is a version less than 1.18, the compatibility of compiling and installing is fine. Introduction: Nginx WAF is an application layer firewall developed based on the nginx lua module, which effectively mitigates DDOS attacks, prevents most infiltration attacks and provides highly free rule customization functions Note: If you do not understand regular expressions, please do not modify the rules that come with the firewall at will WAF relies on luaJIT components, some nginx versions may have to be reinstalled before they can be used Application scenario: All dynamic websites Features: Site-oriented rule application The protection function of a site can be turned off or turned on separately Highly free rule application, allowing users to edit and choose whether a site uses this rule The main function: Routine filtering, including GET (URI, URI parameters), POST, Cookie, User-Agent, Header, IP black and white list, URI black and white list, etc. URI encryption protection, often used to protect the background of the website URI special rules to quickly fix vulnerabilities CDN mode. If your site uses CDN, please enable CDN mode, otherwise the firewall may affect the normal access of the website. WAF function preview:

aaPanel_Jose why hasn't the version of nginx free waf I have changed as shown in the image above? Even though I have updated my panel to version 6.8.8 .. is this the paid version?

my friend say this plugin got some problem, after install it wordpress can't login and can't install new wordpress. 500 server error

hi sounds cool, is it possible to protect my udp port since i'm using reverse proxy?

This is a very problematic plugin, and hence is a 3rd party or so its the free version, I do not suggest to new people to use it, until AAPanel fix all the bugs and issues in it. And are severals to be fixed.

@aaPanel_Jose hello, did plugin have block attack method like this? 93.87.75.118 - - [03/Mar/2021:07:00:54 -0500] "GET /?XzSBa0x6brQ1ntCudDRgO84MWwoXzSBa0x6brQ1ntCudDRgO84MWwoXzSBa0x6brQ1ntCudDRgO84MWwoXzSBa0x6brQ1ntCudDRgO84MWwo HTTP/1.1" 200 2637 "-" "Mozilla/5.0 (Linux; Android 7.1.1; coolpad E2 Build/NMF26F) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.158 Mobile Safari/537.36" 187.16.43.242 - - [03/Mar/2021:07:00:54 -0500] "GET /?gLUEVNMACXG2YFk9rovytmdz4IngLUEVNMACXG2YFk9rovytmdz4IngLUEVNMACXG2YFk9rovytmdz4IngLUEVNMACXG2YFk9rovytmdz4In HTTP/1.1" 501 560 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; InfoPath.2; AskTbARS2/5.15.4.23821; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" 209.141.61.129 - - [03/Mar/2021:07:00:54 -0500] "GET /?FEkbpSOJahj5d9QfnPrIFEkbpSOJahj5d9QfnPrIFEkbpSOJahj5d9QfnPrIFEkbpSOJahj5d9QfnPrI HTTP/1.1" 501 560 "-" "Mozilla/5.0 (Linux; Android 8.0.0; SM-N950F Build/R16NW) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.158 Mobile Safari/537.36 OPR/47.3.2249.130976" 187.44.110.157 - - [03/Mar/2021:07:00:54 -0500] "GET /?hV4Qk2UPdXyjuAZ8wYagoWtfKDOImLH0q9vhV4Qk2UPdXyjuAZ8wYagoWtfKDOImLH0q9vhV4Qk2UPdXyjuAZ8wYagoWtfKDOImLH0q9vhV4Qk2UPdXyjuAZ8wYagoWtfKDOImLH0q9v HTTP/1.1" 200 2637 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; BTRS124294; GTB7.5; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E)" 138.255.240.66 - - [03/Mar/2021:07:00:54 -0500] "GET /?tl7V6NwA1Jij3x9C2hOaDKIsvXcyGdb5RWzkMHr40qptl7V6NwA1Jij3x9C2hOaDKIsvXcyGdb5RWzkMHr40qptl7V6NwA1Jij3x9C2hOaDKIsvXcyGdb5RWzkMHr40qptl7V6NwA1Jij3x9C2hOaDKIsvXcyGdb5RWzkMHr40qp HTTP/1.1" 200 2637 "-" "Mozilla/5.0 (Windows NT 5.1; rv:52.0) Gecko/20100101 Firefox/52.0" 91.205.241.86 - - [03/Mar/2021:07:00:54 -0500] "GET /?YI4lv1Sc62zRHB7jCatEFMLKJ35fbVAGekmPYI4lv1Sc62zRHB7jCatEFMLKJ35fbVAGekmPYI4lv1Sc62zRHB7jCatEFMLKJ35fbVAGekmPYI4lv1Sc62zRHB7jCatEFMLKJ35fbVAGekmP HTTP/1.1" 200 3458 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_3) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.82 Safari/537.1" 103.138.212.242 - - [03/Mar/2021:07:00:54 -0500] "GET /?KM3eW0a9u8jA4lP7CoDhZpgVnvk2zfTKM3eW0a9u8jA4lP7CoDhZpgVnvk2zfTKM3eW0a9u8jA4lP7CoDhZpgVnvk2zfTKM3eW0a9u8jA4lP7CoDhZpgVnvk2zfT HTTP/1.1" 200 2637 "-" "Opera/9.80 (J2ME/MIDP; Opera Mini/8.0.35158/35.4658; U; en) Presto/2.8.119 Version/11.10" 213.7.196.26 - - [03/Mar/2021:07:00:54 -0500] "GET /?YH1kXPzMSwnfsLIpyOEBKZj2oaWF5YH1kXPzMSwnfsLIpyOEBKZj2oaWF5YH1kXPzMSwnfsLIpyOEBKZj2oaWF5YH1kXPzMSwnfsLIpyOEBKZj2oaWF5 HTTP/1.1" 200 2637 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36 Mozilla/5.0 (Fedora; WOW64; rv:33.0) Gecko/20120101 Firefox/33.0" 70.185.68.133 - - [03/Mar/2021:07:00:54 -0500] "GET /?Dj31e8Gf4MkYBOZFWVyocJ2QvCExT7uqLUA0wrlpmgDj31e8Gf4MkYBOZFWVyocJ2QvCExT7uqLUA0wrlpmgDj31e8Gf4MkYBOZFWVyocJ2QvCExT7uqLUA0wrlpmgDj31e8Gf4MkYBOZFWVyocJ2QvCExT7uqLUA0wrlpmg HTTP/1.1" 200 3458 "-" "Opera/9.80 (Tizen; Opera Mini/7.6.40252/71.132; U; en) Presto/2.12.423 Version/12.16" if(window.hljsLoader && !document.currentScript.parentNode.hasAttribute('data-s9e-livepreview-onupdate')) { window.hljsLoader.highlightBlocks(document.currentScript.parentNode); }

sry,there is no such protection for the time being, we will optimize and add more protection methods in the future

im used Apache 2.4.46 it's will ok ??

bassam Hello, I'm very sorry, nginx firewall is suitable for nginx server, not for apache

prices for per year or per month?

Nginx WAF instructions

aaPanel_Kern

LEJA76071275A
Hello, some performance will be lost when nginx WAF is turned on.

jazz1611

@aaPanel_Kern
hello, we need block/prevent http flood like this in nginx free firewall

GET /?s＝dFBrl1hnoZ8wAsdFBrl1hnoZ8wAsdFBrl1hnoZ8wAsdFBrl1hnoZ8wAs
GET /?oCBKzTeJOcV7ilkIE8UNd9fjWnrYvF6gmQbuP0pqsZHGMRoCBKzTeJOcV7ilkIE8UNd9fjWnrYvF6gmQbuP0pqsZHGMRoCBKzTeJOcV7ilkIE8UNd9fjWnrYvF6gmQbuP0pqsZHGMRoCBKzTeJOcV7ilkIE8UNd9fjWnrYvF6gmQbuP0pqsZHGMR
GET /?lKAY0UpCZGz2dvNx4VyhkHTBjQ8PLcIJlKAY0UpCZGz2dvNx4VyhkHTBjQ8PLcIJlKAY0UpCZGz2dvNx4VyhkHTBjQ8PLcIJlKAY0UpCZGz2dvNx4VyhkHTBjQ8PLcIJ
GET /wp-includes/js/jquery/jquery.min.js?ver＝3kmWUJg0vRsCGqetBo7r4PcOzbn52pa8wiYN3kmWUJg0vRsCGqetBo7r4PcOzbn52pa8wiYN3kmWUJg0vRsCGqetBo7r4PcOzbn52pa8wiYN3kmWUJg0vRsCGqetBo7r4PcOzbn52pa8wiYN

aaP_Bekti

do we need to turn cdn if we use cloudflare?

aaPanel_Kern

aaP_Bekti
It is recommended to enable the cdn option. Otherwise, the ip of cloudflare will be banned by mistake

aaP_Bekti

aaPanel_Kern thanks

aaP_msblastir45

Hello. I want change waf default page message. how can I do that?

aaPanel_Kern

aaP_msblastir45
Hello, as shown in the picture, you can change the content of Resp

aaP_learn2code

how to set WAF to just accept mobile useragents

aaP_vini

@aaPanel_Jose @aaPanel_Captain @aapanel_sniper

How much better is this WAF than the free version? Is it comparable to WAF Cloudflare?

aaP_vini

@aaPanel_Jose @aaPanel_Captain @aapanel_sniper

How much better is this WAF than the free version? Is it comparable to WAF Cloudflare?

idflorin

aaP_vini You really can't compare WAF with WAF Cloudflare
WAF works at the server level
WAF Cloudflare works at the DNS level.
You can use both at the same time but it's not really recommended to do so, in my opinion.

aaP_vini

idflorin @aaPanel_Jose @aaPanel_Captain @aapanel_sniper Does the level of protection of the aaPanel WAF eliminate the need to hire the Cloudflare WAF, then?Does the level of protection of the aaPanel WAF eliminate the need to hire the Cloudflare WAF, then?

idflorin

aaP_vini no firewall is buletproof. start small and add more protection to your needs.

aaP_taufik_y2t

Why Nginx WAF pro version (paid version) not running realtime?
Is will not work with 2 WAF run in same time? (pro and free), because free version is running well
image for free version

image for pro (paid) version

aaP_mdestafadilah_simrs

idflorin do you have updated ua filter from bad-bots-blocker? like this?

idflorin

aaP_mdestafadilah_simrs

idflorin thanks, btw so your filter it's enough? i try to install ultimate bad bot blocker, unsuccessfully, my nginx server not restart, rollback again and use your trick with custom UA Filter.

idflorin

aaP_mdestafadilah_simrs it's enough?

its enough for me.

aaP_mdestafadilah_simrs

idflorin ok thanks, btw did you replace UA Filter or add more?

idflorin

aaP_mdestafadilah_simrs add/replace/update all is ok, but respect the syntax

« Previous Page Next Page »