• Support

  • Nginx WAF 520 / header.lua problem

Hi, I use Nginx 1.19.8 for my websites and due to recent attacks on one of my websites I wanted to give Nginx WAF a try. After installing it I was not able to enter any of my websites. And when I check my nginx errorlogs I see this error for every website I have tried to enter:
2021/03/15 09:13:36 [error] 31500#0: *1 failed to load external Lua file "/www/server/btwaf/header.lua": cannot open /www/server/btwaf/header.lua: No such file or directory while reading response header from upstream, client: 141.101.xx.xx, server: Mydomainhere, request: "GET / HTTP/1.1", upstream: "fastcgi://unix:/tmp/php-cgi-80.sock:", host: "Mydomainhere"
2021/03/15 09:13:37 [error] 31500#0: *3 failed to load external Lua file "/www/server/btwaf/header.lua": cannot open /www/server/btwaf/header.lua: No such file or directory while sending response to client, client: 172.69.xx.xx, server: Mydomainhere, request: "GET /favicon.ico HTTP/1.1", host: "Mydomainhere", referrer: "https://Mydomainhere"
And this is the Cloudflare error:
BTW Nginx WAF version is 8.7.8

@aaP_mail.webmaster.my#18914 Hello, I'm very sorry. This problem has been fixed, please uninstall and reinstall nginx waf, and restart nginx.

    aapanel_sniper I have restarted it again but I still get 500 Error and no overloading(closed the website to public access only I can enter)
    This the error log:
    2021/03/15 10:21:13 [error] 37302#0: *38 lua entry thread aborted: runtime error: /www/server/btwaf/libinjection.lua:106: /www/server/btwaf/libinjection.so: cannot open shared object file: No such file or directory
    stack traceback:
    coroutine 0:
    [C]: in function 'load'
    /www/server/btwaf/libinjection.lua:106: in function '_loadlib'
    /www/server/btwaf/libinjection.lua:236: in function 'sqli'
    /www/server/btwaf/init.lua:1032: in function 'libinjection_chekc'
    /www/server/btwaf/init.lua:1122: in function 'post_urlencoded'
    /www/server/btwaf/init.lua:2501: in function 'post_data_chekc'
    /www/server/btwaf/init.lua:3354: in function 'run_btwaf'
    /www/server/btwaf/waf.lua:14: in function </www/server/btwaf/waf.lua:1>, client: 141.101.xx.xxx, server: Mydomainname, request: "POST /viewthread/47213 HTTP/1.1", host: "Mydomainname", referrer: "https://Mydomainname/viewthread/47213"
    2021/03/15 10:21:16 [error] 37302#0: *39 lua entry thread aborted: runtime error: /www/server/btwaf/libinjection.lua:106: /www/server/btwaf/libinjection.so: cannot open shared object file: No such file or directory
    stack traceback:
    coroutine 0:
    [C]: in function 'load'
    /www/server/btwaf/libinjection.lua:106: in function '_loadlib'
    /www/server/btwaf/libinjection.lua:236: in function 'sqli'
    /www/server/btwaf/init.lua:1032: in function 'libinjection_chekc'
    /www/server/btwaf/init.lua:1122: in function 'post_urlencoded'
    /www/server/btwaf/init.lua:2501: in function 'post_data_chekc'
    /www/server/btwaf/init.lua:3354: in function 'run_btwaf'
    /www/server/btwaf/waf.lua:14: in function </www/server/btwaf/waf.lua:1>, client: 141.101.xx.xxx, server: Mydomainname, request: "POST /viewthread/47213 HTTP/1.1", host: "Mydomainname", referrer: "https://Mydomainname/viewthread/47213"

      @aaP_mail.webmaster.my#18923 Dear user, sorry. The latter problem has been fixed, please uninstall and reinstall again. Sorry again, thank you for using and supporting aapanel. 😆

        aapanel_sniper Yes! It totally works now! Thank you so much. And Nginx WAF Software is really successful!
        It has prevented nearly 50 attacks and handled over 20 million requests, which my server wouldn't be able to