Setting up WAF (web antivirus) for 1C-Bitrix

Our company is engaged in the development, support and maintenance of Bitrix and Bitrix24 solutions of any complexity. From simple one-page sites to complex online stores, CRM systems with 1C and telephony integration. The experience of developers is confirmed by certificates from the vendor.

8+Years of workmore info 900+Completed projectsmore info 100+In house employeesmore info 19+Partnersmore info

Showing 1 of 1 servicesAll 1626 services

Simple

~1 business day

FAQ

Our competencies:

Free consultation

Book a free consultation if you have any questions. A dedicated specialist will advise you.

Cost calculation

If you know what exactly you need to develop, or you already have a ready-made technical task.

Development stages

Latest works

B2B ADVANCE company website development
1175
Website development for FIXPER company
811
Development based on Bitrix, Bitrix24, 1C for the company Development of an Online Appointment Booking Widget for a Medical Center
564
Development based on 1C Enterprise for MIRSANBEL
747
Website development on CRM Bitrix24 for DOLBIMBY
655
Development based on Bitrix24 for the company TECHNOTORGKOMPLEKS
976

Show more works

WAF (Web Antivirus) Setup in 1C-Bitrix

WAF in Bitrix is an extension of the proactive filter with signature-based request analysis. Located under Security → Proactive Protection → Web Antivirus. When properly configured, it covers OWASP Top 10 at the application layer without requiring an external WAF solution.

How It Works and How It Differs from the Proactive Filter

The proactive filter performs simple pattern matching (regular expressions on GET/POST). The Web Antivirus (WAF) performs deeper analysis using rule sets similar to the ModSecurity Core Rule Set. It inspects request headers, User-Agent, Cookie, and the request body.

Architecturally: request → \Bitrix\Security\Waf\Engine → rule sets → block/pass.

Rule Set Configuration

Security → Web Antivirus → Rule Sets:

Bitrix ships with several preconfigured rule sets:

Basic — XSS, SQL injection, path traversal (../)
Extended — additional signatures, higher likelihood of false positives
Custom — user-defined rules in regular expression format

For each rule, you configure: inspection zone (URI, parameters, headers), action (block/log), and priority.

Whitelist Configuration

The most important step when deploying WAF is configuring exceptions before enabling enforcement mode.

Typical exceptions:

/bitrix/admin/ — admin panel with complex forms
/bitrix/tools/upload.php — file uploads via the editor
REST API endpoints (/rest/, /api/)
Paths to your custom AJAX handlers

To add an exception: Web Antivirus → Exceptions → Add Rule — specify a URI mask and the list of rules that should not apply.

Real-World Case

A B2B portal with a custom CSV price list upload form. After enabling WAF in active mode, the form stopped working — WAF was blocking requests containing CSV content (semicolons ;, double quotes ", strings resembling SQL). Solution: adding the form's URI (/upload/import/price/) to the exceptions for the SQL_INJECTION rule group. The form started working again while all other rules remained active.

Monitoring Triggered Rules

WAF logs are stored in b_security_log with MODULE = 'security' and EVENT_TYPE = 'WAF'. Use the following query for analysis:

SELECT IP, REQUEST_URI, COUNT(*) as cnt
FROM b_security_log
WHERE EVENT_TYPE = 'WAF'
  AND DATE_CREATE > NOW() - INTERVAL '24 hours'
GROUP BY IP, REQUEST_URI
ORDER BY cnt DESC
LIMIT 20;

Delivery Time

WAF setup including rule tuning and testing against live traffic — 6 to 12 hours depending on the number of custom components and API endpoints.

1C Bitrix presentation 1C Bitrix24 presentation 1C Enterprise presentation