DLE CMS
Prefer .htaccess auto_prepend_file for DLE CMS where Apache/PHP supports it. This starts protection before CMS code and covers direct PHP endpoints.
Preferred method
On Apache with mod_php and allowed php_value, place the directive in the DLE site root .htaccess and use the absolute AWAF path.
php_value auto_prepend_file "<path_to_directory>/antibot/index.php"DLE CMS fallback
If php_value is unavailable, use .user.ini, vhost/pool configuration, or hosting panel settings. If none of those options is available, add AWAF to an early shared DLE entry point, usually index.php, before the CMS core and HTML output.
require_once $_SERVER['DOCUMENT_ROOT'].'/antibot/index.php';Verify
- Back up .htaccess, .user.ini, or index.php before editing.
- Test the home page, news pages, categories, search, comments, login, and admin panel.
- Test AJAX, cron, sitemap/XML, RSS, and other DLE service endpoints.
- Confirm logs/, cache/, and lists/ are writable by the web server.
- Add precise whitelist_url/captcha_uri rules for service URLs where captcha is not appropriate.
Why not index.php only
An index.php-only include may miss separate PHP scripts, AJAX handlers, and service routes. auto_prepend_file starts AWAF before each PHP file in scope, so it gives broader coverage for DLE CMS.