Pre-Requirements
In the WAF module’s case, there are pre-requirements that need to be met. Please check if the required settings are done.
You can check these settings in this GUIDE.
In the WAF module’s case, there are pre-requirements that need to be met. Please check if the required settings are done.
You can check these settings in this GUIDE.
If the pre-requirements are met but the WAF module is still not running we will need to check a few things.
Connections from localhost
The web server has to accept connections from 127.0.0.1
to http://<server_IP>:80
and to https://<server_IP>:443
in order for the WAF module to work.
Are all IP addresses of the server added to the X-Forwarded-For header?
Issue this command: ifconfig and you will see all IP addresses of your server.
If not all IP addresses are added then please follow the guide here and all IP addresses of your server are separated by space.
If not all IP addresses are added then please follow the guide here and all IP addresses of your server are separated by space.
Have you set up the Transparent Proxy mode in the WAF module instead of the X-Forwarded-For header in your webserver?
This mode of the WAF module is in the beta phase, so we recommend setting up the X-Forwarded-For header in your webserver. In this case please try to set up the X-Forwarded-For header following this guide:
How to set up the WAF module
How to set up the WAF module
The network interface facing the internet has only a Private IP address?
Issue the ifconfig command. This will show your server’s IP addresses.
If the IP addresses are within one of the ranges below then please follow this guide HERE.
192.168.0.0 – 192.168.255.255
172.16.0.0 – 172.31.255.255
10.0.0.0 – 10.255.255.255
If the IP addresses are within one of the ranges below then please follow this guide HERE.
192.168.0.0 – 192.168.255.255
172.16.0.0 – 172.31.255.255
10.0.0.0 – 10.255.255.255
Does your server have multiple network interfaces?
In this case, adding your network interfaces to the WAF module’s config might solve the issue. This is because the WAF module might not detect all the network interfaces of the server.
In this article, you can find a step-by-step guide on how to add the network interfaces to your server. You can find the guide here.
In this article, you can find a step-by-step guide on how to add the network interfaces to your server. You can find the guide here.
Are the required ports open?
If the ports below are not open then BitNinja will not work correctly. Please make sure these ports are open.
Protocol | Port | BitNinja module(s) |
---|---|---|
TCP | 60412 | CaptchaHttp, CaptchaSmtp |
TCP | 60413, 60418* | CaptchaHttps |
TCP | 25 | CaptchaSmtp |
TCP | 60201 | CaptchaSmtp |
TCP | 60210 | CaptchaFtp (active) |
TCP | 60211-60250 | CaptchaFtp (passive) |
TCP | 60300 | WAF HTTP |
TCP | 60301 | WAF HTTPS |
TCP | 60414, 60415 | SslTerminating |
TCP | 60416 | TrustedProxy HTTP |
TCP | 60417 | TrustedProxy HTTPS |
Port 60418 is only required for the CaptchaHttps service if you are using cPanel/WHM. Otherwise, it’s not required.
Is the bitninja-sslt module running?
How to check this
Check if the services are running:
Check if the process is present:e
Check if the services are running:
ps aux|grep haproxy
Check if the process is present:e
netstat -lntp |grep bitninja-ss
Are the SSL certs found by the BitNinja cert miner?
Check these files below if they have the correct data and if they contain the domain.
and
In the
Recollecting the certs might solve the issue.
Run this command to recollect the certs:
/var/lib/bitninja/ConfigParser/getCerts-report.json
and
/opt/bitninja-ssl-termination/etc/haproxy/cert-list.lst
In the
/opt/bitninja-ssl-termination/etc/haproxy/cert-list.lst
file the first element will be the pem files location. Check if it is the correct pem file.Recollecting the certs might solve the issue.
Run this command to recollect the certs:
/opt/bitninja/modules/Cli/scripts/force_recollect_ssl_certs.sh
Did the IpFilter module have an unsuccessful connection test?
If you see the following lines in the
Then it is recommended to check if your Webserver has a default server configured.
Because if it responds with an empty reply, our CURL test will be considered as failed.
And the WAF redirections won’t be created.
/var/log/mod.ip_filter.log:
[info] |IpFilter| Testing connection for [<Server_IP_Address>:80]
[warn] |IpFilter| Unsuccessful connection test for [<Server_IP_Address>:80]
[warn] |IpFilter| CURL error: Empty reply from server
[warn] |IpFilter| Failed to process ProxyFilter redirections for [80->60416]: Connection refused.
Then it is recommended to check if your Webserver has a default server configured.
Because if it responds with an empty reply, our CURL test will be considered as failed.
And the WAF redirections won’t be created.
Still not working?
Send a ticket to our Support Ninjas.
Please include the output of the following commands in the ticket:
–
–
–
–
–
netstat -lntp | grep -E '60300|60301' ; iptables -S -t nat | grep -E 'BN_WAF_REDIR'
–
ps aux|grep haproxy
–
netstat -lntp |grep bitninja-ss
–
ifconfig