The WAF module is not working

You are here:
Estimated reading time: 1 min
Pre-Requirements

In the WAF module’s case, there are pre-requirements that need to be met. Please check if the required settings are done.

You can check these settings in this GUIDE.

If the pre-requirements are met but the WAF module is still not running we will need to check a few things.

Connections from localhost

The web server has to accept connections from 127.0.0.1 to http://<server_IP>:80 and to https://<server_IP>:443 in order for the WAF module to work.

Are all IP addresses of the server added to the X-Forwarded-For header?

Issue this command: ifconfig and you will see all IP addresses of your server.

If not all IP addresses are added then please follow the guide here and all IP addresses of your server are separated by space.

Have you set up the Transparent Proxy mode in the WAF module instead of the X-Forwarded-For header in your webserver?

This mode of the WAF module is in the beta phase, so we recommend setting up the X-Forwarded-For header in your webserver. In this case please try to set up the X-Forwarded-For header following this guide:

How to set up the WAF module

The network interface facing the internet has only a Private IP address?

Issue the ifconfig command. This will show your server’s IP addresses.

If the IP addresses are within one of the ranges below then please follow this guide HERE.

192.168.0.0 – 192.168.255.255
172.16.0.0 – 172.31.255.255 
10.0.0.0 – 10.255.255.255 

Does your server have multiple network interfaces?

In this case, adding your network interfaces to the WAF module’s config might solve the issue. This is because the WAF module might not detect all the network interfaces of the server.

In this article, you can find a step-by-step guide on how to add the network interfaces to your server. You can find the guide here.

Are the required ports open?

If the ports below are not open then BitNinja will not work correctly. Please make sure these ports are open.
ProtocolPortBitNinja module(s)
TCP60412CaptchaHttp, CaptchaSmtp
TCP60413, 60418*CaptchaHttps
TCP25CaptchaSmtp
TCP60201CaptchaSmtp
TCP60210CaptchaFtp (active)
TCP60211-60250CaptchaFtp (passive)
TCP60300WAF HTTP
TCP60301WAF HTTPS
TCP60414, 60415SslTerminating
TCP60416TrustedProxy HTTP
TCP60417TrustedProxy HTTPS
Port 60418 is only required for the CaptchaHttps service if you are using cPanel/WHM. Otherwise, it’s not required.

Is the bitninja-sslt module running?

How to check this

Check if the services are running: ps aux|grep haproxy


Check if the process is present:e netstat -lntp |grep bitninja-ss

Are the SSL certs found by the BitNinja cert miner?

Check these files below if they have the correct data and if they contain the domain.
/var/lib/bitninja/ConfigParser/getCerts-report.json
and
/opt/bitninja-ssl-termination/etc/haproxy/cert-list.lst

In the /opt/bitninja-ssl-termination/etc/haproxy/cert-list.lst file the first element will be the pem files location. Check if it is the correct pem file.

Recollecting the certs might solve the issue.
Run this command to recollect the certs: /opt/bitninja/modules/Cli/scripts/force_recollect_ssl_certs.sh 

Did the IpFilter module have an unsuccessful connection test?

If you see the following lines in the /var/log/mod.ip_filter.log:

[info] |IpFilter| Testing connection for [<Server_IP_Address>:80]
[warn] |IpFilter| Unsuccessful connection test for [<Server_IP_Address>:80]
[warn] |IpFilter| CURL error: Empty reply from server
[warn] |IpFilter| Failed to process ProxyFilter redirections for [80->60416]: Connection refused.


Then it is recommended to check if your Webserver has a default server configured.
Because if it responds with an empty reply, our CURL test will be considered as failed.
And the WAF redirections won’t be created.

Still not working?

Send a ticket to our Support Ninjas.

Please include the output of the following commands in the ticket:
netstat -lntp | grep -E '60300|60301' ; iptables -S -t nat | grep -E 'BN_WAF_REDIR'
ps aux|grep haproxy
netstat -lntp |grep bitninja-ss
ifconfig
Was this article helpful?
It was not helpful
Views: 1520