In Plesk, the X-Forwarded-For header is already included with all IP addresses of the server in the configuration files of all web server applications. If remoteip is not enabled yet, you need to enable remoteip. from Plesk.
- Go to Tools and settings
- Apache Web Server
- Tick in remoteip’s checkbox under Apache modules

Please also check the logformat in the file if it looks like this:
"%a %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
After that is done please restart the web server
Enable the WAF module
Now we can enable the WAF module if it was not enabled yet. You can enable the module from the Dashboard by clicking on the “Show modules” button and then click on the Switch button next to the WAF 2.0 module.

Settings
You can reach the WAF module’s settings by clicking on the Firewall menu point at the top then select the Web Application Firewall menu point.
You can reach the WAF module’s settings by clicking on the Firewall menu point at the top then select the Web Application Firewall menu point.
Lets test WAF
You can test if the WAF module is working if you add
You can also test the module by following this GUIDE
You can test if the WAF module is working if you add
/?test=/etc/passwd
after one of the domains hosted on the server. e.g.: www.example.com/?test=/etc/passwd
It will trigger the WAF module.You can also test the module by following this GUIDE