Checks and filters
AWAF combines several checks to detect automated traffic.
Indexing bots
lists/indexbot_rules contains PTR rules for legitimate search bots.
FingerPrint
FingerprintJS helps identify the same bot even when IP addresses change.
Blocking Tor networks
AWAF can block requests from Tor exit node IP addresses. This reduces fraud potential on sites with user accounts, private areas, order forms, or other actions that are sensitive to anonymous traffic.
The Tor address list is downloaded from an external source and stored in lists/blacklist_tor. The refresh interval is controlled by cache_time, and action defines the response: BLOCK, CAPTCHA, or SKIP.
[tor_checker]
enabled = On ; block visits from Tor network IPs
action = BLOCK ; CAPTCHA - show captcha, BLOCK - block, SKIP - skip the rule
url = "https://www.dan.me.uk/torlist/?exit" ; list source for the HTTP method
timeout = 2 ; response timeout in seconds
cache_time = 86400 ; list refresh interval in seconds
blacklist_tor = "lists/blacklist_tor"HTTP, ASN, FPS
Use HTTP protocol checks, ASN lists, and frame-rate checks to block or challenge suspicious traffic.
[fps_checker]
enabled = On
action = CAPTCHA
fps = 50404 challenge page
[main]
header404 = On