IpserverOne currently has one WAF (Web Application Firewall) configured with OWASP rules.

The purpose of this WAF is to add another layer of security from XSS.

To do this, we would need to SSH into the WAF server. The IP keeps changing so please get the latest one from any one of our seniors. I will use ticket YVO-603-21529 as an example.

Once inside the WAF, there already is a script which adds a domain with its respective IP.
It is located in /ips1/scripts.

To add a domain to the WAF:
[cc]
cd /ips1/scripts
./add-domain-http.sh csrbrandangel.org 43.228.245.32
[/cc]

Once added, you will find the a folder created under /etc/nginx/vhosts.
[cc]
[root@OWASP-WAF-01 vhosts]# ll |grep csrbrandangel.org
drwxr-xr-x 3 root root 4096 Mar 29 22:33 csrbrandangel.org
[/cc]

Within the folder there will be 2 files; nginx.conf and ssl.
If the domain has SSL installed, the certificate would need to be uploaded to the SSL folder.
Once that’s done, there is also a script to force HTTPS under /ips1/scripts.

You can edit the nginx.conf file to view its contents.
[cc]
upstream csrbrandangel.org-http {

ip_hash;
server 43.228.245.32:80;

}

server {

listen *:80 proxy_protocol;
server_name csrbrandangel.org www.csrbrandangel.org;
modsecurity on;

location / {

proxy_pass http://csrbrandangel.org-http;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_intercept_errors on;
modsecurity_rules_file /etc/nginx/whitelist/csrbrandangel.org;

}

access_log /var/log/nginx/domains/csrbrandangel.org/access.log;
error_log /var/log/nginx/domains/csrbrandangel.org/error.log info;

}
[/cc]

Once that’s done, we would need to point the domain’s A record to the WAF IP.