Skip to main content

WAF Pro

Web Application Firewall

info

Our Web Application Firewall Pro module is based on Caddy Server, replacing our previous WAF 2.0 technology (Nginx and HAProxy - SslTerminating) to take Web Application Firewall's Peformance, Security and SSL Certificate Collecting to the next level.

caution

This module is still in BETA, use it with caution.

Introduction

Unlike traditional network firewalls, a Web Application Firewall (WAF) operates at the application layer, specifically analyzing the intent and structure of HTTP and HTTPS traffic. It acts as a smart security layer that understands web protocols and user interactions, allowing it to detect and block sophisticated attacks that target web applications—such as SQL injection, XSS, session manipulation, and file inclusion exploits—before they reach your backend.

We’ve developed a high-performance application-layer firewall powered by Caddy, acting as a reverse proxy that inspects and filters incoming traffic in real time—before it ever reaches your origin server.

One of the standout benefits of using Caddy as the WAF engine is its built-in TLS support, including TLS 1.3. There’s no need for external SSL termination—Caddy automatically manages certificates and enables full inspection of encrypted HTTPS traffic. With TLS 1.3 support by default, your applications benefit from the latest performance and security enhancements in HTTPS communication.

Activation is simple through our Dashboard (see instructions below). Once enabled, all incoming traffic is routed through Caddy, where it’s evaluated against a dynamic and regularly updated rule set. Malicious requests are blocked immediately, and offending IPs can be logged, challenged, or automatically banned depending on your configuration.

This WAF setup is ideal for both modern and legacy applications, combining ease of deployment, state-of-the-art TLS security, and real-time traffic filtering.

Activating and Deactivating the WAF Pro module.

info

BitNinja WAF Pro comes in as a replacement, NOT as an addon. Hence when you enable WAF Pro, BitNinja WAF 2.0 & Trusted Proxy and Protection on HTTPS are deactivated.

Activation

  • Log in to https://console.bitninja.io/
  • Click on the cogwheel of your chosen server's
  • Switch WAF Pro on.
  • BitNinja WAF Pro will be activated within a few seconds.

Deactivation

To deactivate the WAF Pro module you have 3 options:

  • You can use the Dashboard and switch the WAF Pro module (preferred)
  • You can use the command line (not recommended)
    • bitninjacli --module=WAF3 --disabled
  • You can shut down BitNinja (this is the most radical solution, but it will also disable WAF appropriately):
    • service bitninja stop

Log files

Module Log

As all modules WAF Pro is not an exception, any errors or information regarding redirections and the module itself can be found here.

Location: /var/log/bitninja/mod.waf3.log

current.log

Serves as the file that includes more information on blocked traffic.

Location:/var/log/bitninja-waf3/current.log

audit.log

This file includes access going through WAF Pro, pretty much an access log.

Location:/var/log/bitninja-waf3/audit.log

tls.log

This log includes information regarding WAF Pro's SSL/TLS communication errors or renewals, etc.

Location:/var/log/bitninja-waf3/tls.log