Installation
CoreWAF runs inline inside your application. There are no DNS changes, no reverse proxies, and no certificate work — you keep the same server, the same TLS, and the same routing.
Requirements
- PHP 7.2+ or Node.js 14+ (Astro, or Express / Connect)
- Write access to the document root
- An account at app.corewaf.com with your domain registered
Getting started
- Sign in at app.corewaf.com and add your domain.
- Open the site and go to Configure → Install.
- Pick PHP or Node.js and follow the matching section.
PHP
Automatic install
In Configure → Install → Automatic install, enter your FTP/SFTP credentials and confirm the path the panel detected.
Works automatically on WordPress and PrestaShop. Any other stack (Laravel, custom PHP, …) has to be installed manually.
Manual install
- Download
_waf.phpfrom Configure → Install → Manual install. The file is unique per domain, with the install token embedded. - Upload it to the document root, next to your
index.php. - Copy the code we give you and add it to a file that always loads.
Where to add the code, by CMS
| CMS / framework | File |
|---|---|
| WordPress | wp-config.php |
| PrestaShop | config/config.inc.php |
| Laravel | public/index.php (top) |
| Plain PHP | The file you require from every entry point |
Node.js
- In Configure → Install → Node.js, pick your framework (Astro or Express / Connect) and download
_waf.ts. - Drop it next to your entry file.
- Copy the code we give you and wire it into your middleware chain.
The Node agent reads the rule bundle from .corewaf/_waf.db, refreshes it in memory when the panel publishes a new version, and reports hits to the ingest over UDP.
Activate the rules
Once the install is done, go to Status in the panel and click Verify so the basic ruleset gets pushed to your agent.