nopStation - Your Trusted Solutions Partner

Download the WAF Plugin from our store https://nop-station.com/customer/downloadableproducts
Go to Administration > Configuration > Local plugins
Upload the zip file using the "Upload plugin or theme" button
Go to Administration, reload the 'list of plugins'. Install 'Nop-Station Core' Plugin first and then Install 'WAF' plugin
To make the plugins functional, restart the application
Activate the plugin with the 'Edit' option And Configure it

Step 1: Initial Configuration

Step 2: Monitor in Learning Mode

Step 3: Review and Adjust Rules

Step 4: Transition to Active Mode

Enable WAF: Master switch for WAF functionality (requires application restart)
Operating Mode: Select protection level
- Learning Mode: Observes and logs traffic without blocking (recommended for initial setup)
- Passive Mode: Logs threats and applies explicit blocks only
- Active Mode: Full enforcement with automatic blocking
Log All Requests: Enable to log every request (use in Learning mode only)
Redact Sensitive Data: Automatically redact passwords, credit cards, tokens from logs (always enable in production)
Security Event Retention Days: How long to keep security event logs (default: 90 days)
Max Payload Length: Maximum characters to store in request logs (default: 5000)
Sensitive Params: Comma-separated list of parameter names to redact (e.g., password,token,secret)
API Path Prefixes: Comma-separated list of API endpoint paths (e.g., /api,/odata)

Enable Email Notifications: Send email alerts for security incidents
Notification Recipients: Comma-separated email addresses for alerts
Critical Event Threshold: Number of critical events to trigger alert (default: 5)
High Severity Event Threshold: Number of high-severity events to trigger alert (default: 10)
Attack Rate Threshold: Attacks per minute to trigger alert (default: 20)
Threshold Time Window: Time window for threshold evaluation in minutes (default: 5)
Alert Cooldown: Minimum time between alerts to prevent flooding (default: 30 minutes)
Send Immediate Critical Alerts: Send instant alerts for critical threats

Enable Scheduled Reports: Automatically send periodic security summaries
Report Schedule: Daily or Weekly
Report Recipients: Comma-separated email addresses for reports
Daily Report Hour: Hour of day to send daily reports (0-23)
Weekly Report Day: Day of week for weekly reports (0=Sunday, 1=Monday, etc.)

The dashboard provides real-time security overview with:

Current Threat Level: Overall threat assessment (Low, Medium, High, Critical)
24-Hour Statistics:
- Total Events - All security events
- Blocked Attacks - Successfully blocked threats
- Critical Threats - High-severity incidents
- Block Rate - Percentage of blocked requests
24-Hour Attack Timeline: Chart showing blocked and logged events over time
Top Attack Types: Most common attack categories with counts and percentages
System Health: Current status, operating mode, active rules, and IP lists
Recent Security Events: Latest 10 security incidents with severity, IP, and actions

Create and manage security rules to detect and block malicious requests:

Name: Descriptive rule name (e.g., "Block SQL UNION Attacks")
Category: Attack type (SQL Injection, XSS, Path Traversal, Command Injection, Bot Detection, Custom)
Pattern: Pattern to match against requests (supports regex)
Match Type: How to match (Contains, Regex, Equals, Starts With, Ends With)
Target Field: Where to check (URL, Header, Body, Cookie, All)
Action: What to do when matched (Log, Block, Log and Block)
Severity Level: Threat level 1-10 (affects dashboard metrics)

WAF Pro Documentation