How to set up the Transparent proxy mode

You are here:
Estimated reading time: < 1 min

Enabling the Transparent proxy mode in the WAf 2.0 module allows you to see the real IP addresses behind the WAF module instead of the server’s own IP address(es) without setting up the X-Forwarded-For header in your web server.

Instructions

Enable the WAF module

You can enable the module from the Dashboard by clicking on the server’s card and then clicking on Setting. You just need to click on the switch icon next to the WAF 2.0 module.
Do You or your customers use any CDN or proxy?

If yes, then please also enable the Trusted Proxy module from the Dashboard. You can find it by clicking on the server’s card and then clicking on Setting.

We need to set this up in the WAF module’s config file.

  1. Open /etc/bitninja/WAFManager/config.ini with your preferred text editor.
    e.g.: nano /etc/bitninja/WAFManager/config.ini
  2. Find the [redirect_options] flag in the file
    1. e.g.: in nano use ctrl+w then type [redirect
  3. Delete the semicolon (;) from the beginning of the redirection_mode = 'transparent' line
  4. Save changes and exit the text editor
    1. e.g.: in nano ctrl+x and then press y and then press enter
  5. Restart BitNinja with service bitninja restart
Litespeed

If you have the integrated brute-force protection module enabled in Litespeed, please make sure to add all IP addresses of your server to the Trusted IP list in Litespeed.
Adding ‘ALL’ is not sufficient, add all IP addresses or IP ranges used by the server to the list.

Please go to the LiteSpeed Configuration menu and select the Server and select General. In the General / Settings menu, you can see Use Client IP in Header. Here select Trusted IP Only. You can add the IP address(es) of your server under the General tab under Security at Access Control at the Allowed list. You just need to add your server’s IP addresses separated with space. You can check out the syntax here: https://www.litespeedtech.com/docs/webserver/config/security#accessControl_allow

If you change the Logformat setting under the General tab/ Log tab to look like this: %a %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
Then the BitNinja SenseLog module will protect Litespeed from the brute force attacks and Litespeed’s brute force protection can be disabled.
Let’s check if the WAF module is working properly.

The easiest way to test whether the BitNinja WAF 2.0 module is working okay is, to add /?test=/etc/passwd after one of the domain’s URL in the browser. The WAF module should stop the request as it is a local file inclusion attempt.

It didn’t work for me

Don’t give up!

Settings
You can reach the WAF module’s settings by clicking on the Firewall menu point ta the top then select the Web Application Firewall menu point.
Views: 1366