**Show HN: Aiwaf Now Supports Local Geo-blocking and Country-level Rules**
As a web application firewall, Aiwaf has long been recognized for its advanced features and user-friendly interface. With the latest update, Aiwaf now supports local geo-blocking and country-level rules, making it an even more powerful tool in the fight against cyber threats.
**A Self-Learning WAF with Enhanced Protection**
Aiwaf is a self-learning Django-friendly web application firewall that offers enhanced context-aware protection, rate-limiting, anomaly detection, honeypots, UUID-tamper protection, smart keyword learning, file-extension probing detection, exempt path awareness, and daily retraining. This comprehensive suite of features makes Aiwaf an ideal choice for protecting your website from cyber threats.
**Key Features**
* **IP Blocklist:** Instantly blocks suspicious IPs using Django models with real-time performance. * **Rate Limiting:** Sliding-window blocks flooders (> AIWAF\_RATE\_MAX per AIWAF\_RATE\_WINDOW), then blacklists them. * **AI Anomaly Detection:** IsolationForest trained on your website's traffic patterns for effective detection of malicious activity. * **GeoIP Support:** Aiwaf supports optional geo-blocking and country-level traffic statistics using a local GeoIP database.
**Enhanced Dynamic Keyword Learning with Django Route Protection**
Aiwaf's dynamic keyword learning feature allows it to automatically detect and block suspicious keywords in real-time. This is complemented by Django route protection, which ensures that your website's routes are secure from malicious activity.
**File-Extension Probing Detection**
This feature tracks repeated 404s on common extensions (e.g., .php, .asp) and blocks IPs suspected of file-extension probing.
### HTTP Header Validation
Aiwaf provides advanced header analysis to detect bots and malicious requests through the HeaderValidationMiddleware. This middleware performs comprehensive HTTP method validation, including GET→POST timing analysis.
**UUID Tampering Protection**
Aiwaf's UUID tampering protection feature blocks guessed or invalid UUIDs that don't resolve to real models.
**Built-in Request Logger**
The built-in request logger captures requests to Django models and provides valuable insights into your website's traffic patterns.
### Smart Training System
Aiwaf's smart training system automatically uses the best available data source, ensuring that its detection capabilities are always up-to-date and effective.
### Exempt Paths and Views
Aiwaf exempts common login paths from all blocking mechanisms. You can add additional exempt paths in your Django settings.py or store them in the database without redeploying.
### Managing Exemptions
You can manage exemptions via the Django admin interface, ensuring that legitimate traffic is not blocked by Aiwaf's protection mechanisms.
### Installation and Setup Guide
To get started with Aiwaf, follow these steps:
1. Add 'aiwaf' to your Django INSTALLED_APPS to avoid setup errors. 2. Create the necessary tables using the following command: `python manage.py aiwaf_make_tables` 3. Enable Aiwaf's built-in request logger as a fallback when main access logs aren't available.
### Additional Configuration Options
You can configure Aiwaf's behavior by modifying its settings in your Django project. For example, you can:
* Set the AIWAF\_GEOIP\_DB\_PATH to override the bundled .mmdb file. * Enable or disable the GeoBlock Middleware and the feature flag. * Use path rules to selectively disable middleware or override settings without full exemptions.
### Middleware Setup
To use Aiwaf's protection mechanisms, add the following middleware in this order:
1. `aiwaf.middleware.UUIDTamperMiddleware` 2. `aiwaf.middleware.HoneypotTimingMiddleware` 3. `aiwaf.middleware.HeaderValidationMiddleware`
Note: Order matters! AI-WAF protection middleware should come early, and the logger middleware should come near the end to capture final response data.
### Troubleshooting
If you encounter any issues during setup or usage, consult Aiwaf's comprehensive documentation for troubleshooting guides.
Aiwaf is an excellent choice for web developers looking to protect their websites from cyber threats. With its advanced features and user-friendly interface, it provides unparalleled protection against malicious activity.