AWAFAWAF

CMS integration

For Apache with mod_php, the preferred AWAF integration is auto_prepend_file in .htaccess. If the environment does not support php_value, use an early entry point, usually index.php, and verify coverage.

Preferred .htaccess

If PHP runs as an Apache module and php_value is allowed in .htaccess, add this directive in the site root and use the absolute path to the AWAF directory.

php_value auto_prepend_file "<path_to_directory>/antibot/index.php"

Why it covers more

auto_prepend_file loads AWAF before every PHP file execution in that scope, not only through one front controller. It covers direct PHP endpoints, admin/ajax scripts, legacy files, CMS files that bypass index.php, and reduces gaps from front-controller-only integration.

Environment caveats

php_value is not available everywhere. With PHP-FPM, CGI, Nginx-only hosting, or locked .htaccess settings, use .user.ini, vhost or pool configuration, or an early entry point, usually index.php. That fallback is less universal than auto_prepend_file, so verify admin/ajax, direct PHP endpoints, and service routes where needed.

Verify

  • Open /antibot/ and confirm write permissions for logs/, cache/, and lists/.
  • Test public pages, forms, AJAX/API, XML, admin, cron, exchanges, and any direct PHP endpoint.
  • Configure header_proxy first when the site is behind a proxy/CDN.
  • Add precise whitelist_url/captcha_uri rules for technical endpoints where captcha is not acceptable.