Introduction:
Apache WAF is an application layer firewall developed based on the nginx lua module, which effectively mitigates DDOS attacks, prevents most infiltration attacks and provides highly free rule customization functions

Note:

  1. If you do not understand regular expressions, please do not modify the rules that come with the firewall at will

Application scenario:
All dynamic websites

Features:

  1. Site-oriented rule application
  2. The protection function of a site can be turned off or turned on separately
  3. Highly free rule application, allowing users to edit and choose whether a site uses this rule

The main function:

  1. Routine filtering, including GET (URI, URI parameters), POST, Cookie, User-Agent, Header, IP black and white list, URI black and white list, etc.
  2. URI encryption protection, often used to protect the background of the website
  3. URI special rules to quickly fix vulnerabilities
  4. CDN mode. If your site uses CDN, please enable CDN mode, otherwise the firewall may affect the normal access of the website.

WAF function preview:





is it paid version.

13 days later

@aaPanel_Jose so which one is best for Nginx, Nginx Waf or Apache Waf? both are paid i want to use better one, so plz suggest me, thanks

    9 days later

    Yamiraan This is straight forward. Nginx use Nginx WAF and Apache use Apache WAF

    I hope you're working on OpenLiteSpeed WAF too. But LiteSpeed is build alongside CSF (OWASP and Comodo). It already supports the two. I hope you integrate it soon.

      a month later

      TomDings ~ Unfortunately, aaPanel relies on vHosts set on aaPanel as opposed to directly configuring the OLS settings on the web server. If you directly do this on aaPanel your OLS web server will crash.

        deewinc Thanks for letting me know but within my hosting environment it did not crash.

        Maybe I did it a bit different than "normal" ... Really hope to find the difference so I am able to let you know why I am not experiencing any issues. Or at least not yet !

          TomDings Thanks for letting me know but within my hosting environment it did not crash.

          You followed the same tutorial? Or what did you do to make it work?

          I do not manage OLS with aaPanel. Some services I installed in the same Lxc container as aaPanel but do not manage them from within the aaPanel.

          Example: By default I install Apache2 as web service for all aaPanel websites/blogs. But within the Lxc container I am running Nginx too. And some other services like Rainloop, Matomo, my own Monitoring Tool, ownCloud, etc. And OLS is one of those services too.

          Understood ?