AWAFAWAF

Checks and filters

AWAF combines several checks to detect automated traffic.

Indexing bots

lists/indexbot_rules contains PTR rules for legitimate search bots.

FingerPrint

FingerprintJS helps identify the same bot even when IP addresses change.

Blocking Tor networks

AWAF can block requests from Tor exit node IP addresses. This reduces fraud potential on sites with user accounts, private areas, order forms, or other actions that are sensitive to anonymous traffic.

The Tor address list is downloaded from an external source and stored in lists/blacklist_tor. The refresh interval is controlled by cache_time, and action defines the response: BLOCK, CAPTCHA, or SKIP.

[tor_checker]
enabled = On ; block visits from Tor network IPs
action = BLOCK ; CAPTCHA - show captcha, BLOCK - block, SKIP - skip the rule
url = "https://www.dan.me.uk/torlist/?exit" ; list source for the HTTP method
timeout = 2 ; response timeout in seconds
cache_time = 86400 ; list refresh interval in seconds
blacklist_tor = "lists/blacklist_tor"

HTTP, ASN, FPS

Use HTTP protocol checks, ASN lists, and frame-rate checks to block or challenge suspicious traffic.

[fps_checker]
enabled = On
action = CAPTCHA
fps = 50

404 challenge page

[main]
header404 = On