AWAFAWAF

Quick start

Install AWAF into /antibot/, verify write permissions, and include protection before the PHP application starts.

Installation steps

  1. Copy AWAF files into /antibot/ at the site root.
  2. Allow the web server to write to lists/, logs/, and cache/.
  3. Open /antibot/ in a browser and create config.ini through the first-run check.
  4. Include AWAF as the first line in index.php or another early shared site entry point.
  5. Open the site in a normal browser and inspect logs/antibot.log for errors.
require_once $_SERVER["DOCUMENT_ROOT"]."/antibot/index.php";

Post-launch checks

  • /antibot/ opens without 500/403.
  • config.ini exists and is not publicly downloadable.
  • logs/antibot.log contains RayID, IP, and check result entries.
  • Legitimate users pass while suspicious traffic receives CAPTCHA or BLOCK according to config.ini.

If the site is behind nginx proxy, a CDN, or Cloudflare, configure header_proxy before enabling strict blocking.

Next steps

  • Confirm real visitor IPs in logs before enabling BLOCK.
  • Add whitelist_url entries for API, XML, callback, and health-check paths.
  • Review source code and updates in the AWAF GitHub repository.

AWAF GitHub repository