Enabling the Transparent proxy mode in the WAf 2.0 module allows you to see the real IP addresses behind the WAF module instead of the server’s own IP address(es) without setting up the X-Forwarded-For header in your web server.
Instructions
Enable the WAF module
You can enable the module from the Dashboard by clicking on the server’s card and then clicking on Setting. You just need to click on the switch icon next to the WAF 2.0 module.
You can enable the module from the Dashboard by clicking on the server’s card and then clicking on Setting. You just need to click on the switch icon next to the WAF 2.0 module.
Do You or your customers use any CDN or proxy?
If yes, then please also enable the Trusted Proxy module from the Dashboard. You can find it by clicking on the server’s card and then clicking on Setting.
If yes, then please also enable the Trusted Proxy module from the Dashboard. You can find it by clicking on the server’s card and then clicking on Setting.
We need to set this up in the WAF module’s config file.
- Open /
etc/bitninja/WAFManager/config.iniwith your preferred text editor.
e.g.:nano /etc/bitninja/WAFManager/config.ini - Find the
[redirect_options]flag in the file- e.g.: in nano use
ctrl+wthen type [redirect
- e.g.: in nano use
- Delete the semicolon (;) from the beginning of the
redirection_mode = 'transparent'line - Save changes and exit the text editor
- e.g.: in nano
ctrl+xand then pressyand then press enter
- e.g.: in nano
- Restart BitNinja with
service bitninja restart
Litespeed
If you have the integrated brute-force protection module enabled in Litespeed, please make sure to add all IP addresses of your server to the Trusted IP list in Litespeed.
Adding ‘ALL’ is not sufficient, add all IP addresses or IP ranges used by the server to the list.
Please go to the LiteSpeed Configuration menu and select the Server and select General. In the General / Settings menu, you can see Use Client IP in Header. Here select Trusted IP Only. You can add the IP address(es) of your server under the General tab under Security at Access Control at the Allowed list. You just need to add your server’s IP addresses separated with space. You can check out the syntax here: https://www.litespeedtech.com/docs/webserver/config/security#accessControl_allow
If you change the Logformat setting under the General tab/ Log tab to look like this:
Then the BitNinja SenseLog module will protect Litespeed from the brute force attacks and Litespeed’s brute force protection can be disabled.
If you have the integrated brute-force protection module enabled in Litespeed, please make sure to add all IP addresses of your server to the Trusted IP list in Litespeed.
Adding ‘ALL’ is not sufficient, add all IP addresses or IP ranges used by the server to the list.
Please go to the LiteSpeed Configuration menu and select the Server and select General. In the General / Settings menu, you can see Use Client IP in Header. Here select Trusted IP Only. You can add the IP address(es) of your server under the General tab under Security at Access Control at the Allowed list. You just need to add your server’s IP addresses separated with space. You can check out the syntax here: https://www.litespeedtech.com/docs/webserver/config/security#accessControl_allow
If you change the Logformat setting under the General tab/ Log tab to look like this:
%a %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combinedThen the BitNinja SenseLog module will protect Litespeed from the brute force attacks and Litespeed’s brute force protection can be disabled.
Let’s check if the WAF module is working properly.
The easiest way to test whether the BitNinja WAF 2.0 module is working okay is, to add
The easiest way to test whether the BitNinja WAF 2.0 module is working okay is, to add
/?test=/etc/passwd after one of the domain’s URL in the browser. The WAF module should stop the request as it is a local file inclusion attempt. It didn’t work for me
Don’t give up!