Open your Apache configuration file with your favourite text editor. Insert the following lines at the end of the httpd.conf or apache2.conf file. On Debian you can find the configuration file usually at
/etc/apache2/httpd.conf or at
/etc/apache2/apache2.conf The location of this file is set at compile-time, but may be overridden with the -f command line flag.
find / -name 'apache2.conf' -printor with f
ind / -name 'httpd.conf' -printcommand to find the location of the file.
<IfModule remoteip_module> RemoteIPHeader X-Forwarded-For RemoteIPInternalProxy INSERT YOUR IP ADDRESS(ES) HERE </IfModule>
If you use Nginx to server your pages then you will need to insert these lines to the Nginx config:
The config file is usually located at
set_real_ip_from 192.168.0.0/16; set_real_ip_from 127.0.0.0/8; set_real_ip_from <INSERT YOUR IP ADDRESS(ES) HERE>;
Enable the WAF module
Now we can enable the WAF module if it was not enabled yet. You can enable the module from the Dashboard by clicking on the “Show modules” button and then click on the Switch button next to the WAF 2.0 module.
You can reach the WAF module’s settings by clicking on the Firewall menu point at the top then select the Web Application Firewall menu point.
You can test if the WAF module is working if you add
/?test=/etc/passwdafter one of the domains hosted on the server. e.g.:
www.example.com/?test=/etc/passwdIt will trigger the WAF module.
You can also test the module by following this GUIDE.