ATOM working with a WAF
66 views
Skip to first unread message
John Coquitlam
Mar 10, 2026, 11:38:14 AMMar 10
to AtoM Users
Hello,
We are trying to setup a web application firewall (WAF) for our ATOM 2.9.2 environment. However we are encountering some issues.
Currently, ATOM restricts logins to internal IPs, but the WAF masks the source IP so ATOM sees the WAF egress IP and rejects the request.
We also looked at restricting access in the WAF, but it can only block the entire application not specific pages like the login page.
The remaining option is to bypass the WAF for internal login traffic while keeping the rest of the site behind the WAF, but this adds deployment and support complexity. It's best if entire traffic (internal or external) go through the WAF.
Has anyone setup a WAF with ATOM?
Any suggestions?
Thanks,
John
Desegnia *
Mar 10, 2026, 12:09:23 PMMar 10
to AtoM Users
Hi, we have our own WAFs built with NPM Plus + CrowdSec + Fail2Ban.
To prevent what you mentioned, and to allow the machine where Atom is installed from recognizing external IPs, we've added this configuration to nginx:
real_ip_header X-Forwarded-For;
set_real_ip_from 192.168.0.0/16; #Here you can put your proxy ip y you want
real_ip_recursive on;
With this, we now see the real IPs in the access logs.
I hope this helps.
Regards,
Miguel
To prevent what you mentioned, and to allow the machine where Atom is installed from recognizing external IPs, we've added this configuration to nginx:
real_ip_header X-Forwarded-For;
set_real_ip_from 192.168.0.0/16; #Here you can put your proxy ip y you want
real_ip_recursive on;
With this, we now see the real IPs in the access logs.
I hope this helps.
Regards,
Miguel
John Coquitlam
Mar 12, 2026, 12:12:11 AMMar 12
to AtoM Users
Thank you Miguel,
I will forward this to our tech guy.
John
Reply all
Reply to author
Forward
0 new messages