Quick start
Connect a PHP site with one line and configure config.ini.
AWAF evaluates visitors with technical and behavioral checks, asks for a captcha only when needed, and keeps legitimate traffic moving.

Connect a PHP site with one line and configure config.ini.
IP, URL, User-Agent, Referer, and ASN lists with BLOCK/CAPTCHA modes.
Cloudflare, nginx proxy, and load balancer support with real visitor IP handling.
The chart shows a real case: before protection, the site was hitting the 100cp hosting limit, so the host slowed it down. After AWAF was connected, the load stayed around 30-50% of the maximum.


A slow site is not always under a massive network attack. Often it is being drained by bots and scanners that keep opening pages. AWAF helps filter that waste before you pay for heavy DDoS filtering and lets the site breathe again.
I want to thank you for an excellent solution: AWAF saved my fairly large forum. For the last few months, a botnet had been scanning the forum uncontrollably: 40,000 different IPs could arrive in 15 minutes, and no rate limits worked. Manually blocking subnets and countries only helped temporarily.
Michael also noted that cache can grow quickly under this traffic, so safe regular cleanup should be documented.


A project with webmaster tools quickly started attracting bot traffic. The site is monetized with ads, and ad networks do not like that kind of traffic, so we needed to close the site off from bots. After installing AWAF, Google CAPTCHA was removed from the forms: legitimate users got a smoother experience, while bots stopped getting through. The logs show that AWAF filters out almost all bots, and the chart confirms it. Bounce rate dropped, time on site and page depth increased, and Metrika now shows bot traffic at about 1% instead of previous peaks up to 50%.
The first chart shows the share of visits with bots, and the second shows the lower bounce rate after protection was enabled.


The help section guides users from first launch to filters, integration, and troubleshooting.
Source code and project updates: github.com/githubniko/antibot. Development news and discussion: t.me/antibotwaf.