The WAF module is not working

You are here:
Estimated reading time: < 1 min
Pre-Requirements

In the WAF module’s case, there are pre-requirements that need to be met. Please check if the required settings are done.

You can check these settings in this GUIDE.

If the pre-requirements are met but the WAF module is still not running we will need to check a few things.

Are all IP addresses of the server added to the X-Forwarded-For header?

Issue this command: ifconfig and you will see all IP addresses of your server.

If not all IP addresses are added then please follow the guide here and all IP addresses of your server separated by space.

Have you set up the Transparent Proxy mode in the WAF module instead of the X-Forwarded-For header in your webserver?

This mode of the WAF module is in the beta phase, so we recommend setting up the X-Forwarded-For header in your webserver.In this case please try to set up the X-Forwarded-For header following this guide:

How to set up the WAF module

The network interface facing the internet has only a Private IP address?

Issue the ifconfig command. This will show your server’s IP addresses.

If the IP addresses are within one of the ranges below then please follow this guide HERRE.

192.168.0.0 – 192.168.255.255
172.16.0.0 – 172.31.255.255 
10.0.0.0 – 10.255.255.255 

Does your server have multiple network interfaces?

In this case, adding your network interfaces to the WAF module’s config might solve the issue. This is because the WAF module might not detect all the network interfaces of the server.

In this article, you can find a step-by-step guide on how to add the network interfaces of your server. You can find the guide here.

Are the required ports open?

If the ports below are not open then BitNinja will not work correctly.Please make sure these ports are open.
ProtocolPortBitNinja module(s)
TCP60412CaptchaHttp, CaptchaSmtp
TCP60413CaptchaHttps
TCP25CaptchaSmtp
TCP60201CaptchaSmtp
TCP60210CaptchaFtp (active)
TCP60211-60250CaptchaFtp (passive)
TCP60300WAF HTTP
TCP60301WAF HTTPS
TCP60414SslTerminating

Is the bitninja-sslt module running?

How to check this

Check if the services are running: ps aux|grep haproxy


Check if the process is present:e netstat -lntp |grep bitninja-ss

Are the SSL certs found by the BitNinja cert miner?

Check these files below if they have the correct data. And if they contain the domain.
/var/lib/bitninja/ConfigParser/getCerts-report.json and
/opt/bitninja-ssl-termination/etc/haproxy/cert-list.lst

In the /opt/bitninja-ssl-termination/etc/haproxy/cert-list.lst file the first element will be the pem files location. Check if it is the correct pem file.

Recollecting the certs might solve the issue.
Run this command to recollect the certs: /opt/bitninja/modules/Cli/scripts/force_recollect_ssl_certs.sh 

Still not working?

Send a ticket to our Support Ninjas. https://helpcenter.bitninja.io/ticket

Please include the output of the following commands in the ticket:
netstat -lntp | grep -E '60300|60301' ; iptables -S -t nat | grep -E 'BN_WAF_REDIR'
ps aux|grep haproxy
netstat -lntp |grep bitninja-ss
ifconfig
Views: 467