CMS integration
For Apache with mod_php, the preferred AWAF integration is auto_prepend_file in .htaccess. If the environment does not support php_value, use an early entry point, usually index.php, and verify coverage.
Preferred .htaccess
If PHP runs as an Apache module and php_value is allowed in .htaccess, add this directive in the site root and use the absolute path to the AWAF directory.
php_value auto_prepend_file "<path_to_directory>/antibot/index.php"Why it covers more
auto_prepend_file loads AWAF before every PHP file execution in that scope, not only through one front controller. It covers direct PHP endpoints, admin/ajax scripts, legacy files, CMS files that bypass index.php, and reduces gaps from front-controller-only integration.
Environment caveats
php_value is not available everywhere. With PHP-FPM, CGI, Nginx-only hosting, or locked .htaccess settings, use .user.ini, vhost or pool configuration, or an early entry point, usually index.php. That fallback is less universal than auto_prepend_file, so verify admin/ajax, direct PHP endpoints, and service routes where needed.
Verify
- Open /antibot/ and confirm write permissions for logs/, cache/, and lists/.
- Test public pages, forms, AJAX/API, XML, admin, cron, exchanges, and any direct PHP endpoint.
- Configure header_proxy first when the site is behind a proxy/CDN.
- Add precise whitelist_url/captcha_uri rules for technical endpoints where captcha is not acceptable.