My server has Network Aliases configured https://knowledgebase.bitninja.io/kb/close-direct-access/
Let’s enable the Full transparent proxy mode in the WAF module.
From version 2.29.5 if the BitNinja agent was installed via the one-liner installation command, then the Transparent proxy mode is enabled in the WAF module by default. In this case, you just need to enable the WAF module.
Please follow this guide on how you can test if the WAF module is working properly.
Our Web Application Firewall 3.0 module will shortly be released with Caddy Server, replacing our previous WAF 2.0 technology (Nginx and HAProxy – SslTerminating) to take Web Application Firewall’s Performance, Security, and SSL Certificate Collecting to the next level.
It’s a lot easier to set up than X-Forwarded-For
In the 2.17.0 and above BitNinja agent versions the WAF module can now work in a fully transparent mode. With the fully transparent mode enabled you don’t need to set up the X-Forwarded-For header, even if you use a CDN or proxy.
Using the fully transparent mode might not work in some instances. In these cases, you need to set up the good old X-Forwarded-for header in your web server.
In the 2.17.0 and above BitNinja agent versions the WAF module can now work in a fully transparent mode. With the fully transparent mode enabled you don’t need to set up the X-Forwarded-For header, even if you use a CDN or proxy.
Using the fully transparent mode might not work in some instances. In these cases, you need to set up the good old X-Forwarded-for header in your web server.
The WAF module is a great tool to protect your server from botnets and from web-based attacks.
After you set up this module, you will be protected against:
- CMS vulnerability exploits
- CMS plugin exploits
- Cross-site scripting
- SQL injections
- PHP injections
- Botnet attacks
- And much more.
If you experience redirection errors (e.g., too many redirections) on your domains when BitNinja and Cloudflare are both enabled on the domain make sure to disable the WAF module of Cloudflare and set the SSL/TLS encryption mode in Cloudflare to Full.