Neptune WAF

Proxy Type

🌐 HTTP/HTTPS Proxy 🔌 TCP Proxy Premium

Domain Name Supports wildcard domains (e.g., *.plumsy.dev will match all subdomains)

Backend URL

Backend IP Address

Backend Port

Description

SSL/TLS Configuration

Enable SSL/TLS for this domain

Anti-Bot Protection

Enable anti-bot challenge

What is Anti-Bot Challenge?
Visitors will see an interactive 3D verification page before accessing your website. This helps prevent automated bots and scrapers while allowing legitimate users through after a simple challenge.

Domain Status

Enable this domain

Backend Configuration

Backend URL

Backend server URL (e.g., http://localhost)

Backend IP

Backend server IP address

Backend Port

Backend server port (1-65535)

HTTPS Settings

Force HTTPS (redirect HTTP to HTTPS)

Info: When enabled, all HTTP requests will be automatically redirected to HTTPS. Make sure SSL/TLS is properly configured.

Domain Aliases

Additional domains that point to the same backend (with AutoSSL support)

Info: Aliases automatically get SSL certificates via Let's Encrypt if AutoSSL is enabled for this domain.

🛡️ Anti-Bot Protection

Challenge users to verify they're human

⏱️ Rate Limiting

Limit the number of requests per IP address

🌍 Country Blocking

Block requests from specific countries

Required DNS Configuration

To use Let's Encrypt automatic SSL, your domain must be configured to point to this Neptune WAF instance:

A Record:

your-domain.com → Your WAF Public IP

Steps to Configure

Log into your DNS provider (CloudFlare, GoDaddy, etc.)
Add an A record pointing your domain to your WAF's public IP address
Wait 5-10 minutes for DNS propagation
Add the domain in Neptune WAF with SSL enabled
Neptune will automatically request and install the certificate

Using CloudFlare (Recommended)

CloudFlare Setup:
1. Add your domain to CloudFlare
2. Create an A record pointing to your WAF IP
3. Set CloudFlare proxy status to "DNS Only" (gray cloud) during initial setup
4. After SSL certificate is obtained, you can enable CloudFlare proxy (orange cloud) for extra protection
5. Set SSL/TLS mode to "Full" in CloudFlare dashboard

Important Requirements

Port 80 must be accessible from the internet (for Let's Encrypt validation)
Port 443 must be open for HTTPS traffic
Domain must resolve to your WAF's public IP
WAF must have a valid email configured for Let's Encrypt notifications

Tip: Certificates automatically renew every 60 days. Neptune WAF handles this automatically!

Important: Custom HTML replaces the default challenge page. Your code must handle the verification flow for the selected challenge type.

🎯 Challenge Types Overview

Cookie Challenge - Simple auto-verification. Just POST to /__neptune_verify without parameters.

PoW Challenge - Browser computes hash with leading zeros. Send type, challenge, nonce, hash to verify.

Captcha Challenge - User enters displayed code. Send type, captcha_id, captcha_input to verify.

1️⃣ Cookie Challenge (Default)

Simple verification - just call the endpoint:

fetch('/__neptune_verify', { method: 'POST' })
  .then(r => r.json())
  .then(data => {
    if (data.status === 'verified') window.location.reload();
  });

2️⃣ PoW Challenge (Premium)

Your page receives placeholders {{CHALLENGE}} and {{DIFFICULTY}}:

const challenge = '{{CHALLENGE}}';
const difficulty = {{DIFFICULTY}};
const target = '0'.repeat(difficulty);

async function sha256(msg) {
  const buf = await crypto.subtle.digest('SHA-256', new TextEncoder().encode(msg));
  return [...new Uint8Array(buf)].map(b => b.toString(16).padStart(2,'0')).join('');
}

async function solve() {
  let nonce = 0;
  while (true) {
    const hash = await sha256(challenge + ':' + nonce);
    if (hash.startsWith(target)) {
      // Submit solution
      fetch('/__neptune_verify', {
        method: 'POST',
        headers: { 'Content-Type': 'application/json' },
        body: JSON.stringify({ type: 'pow', challenge, nonce, hash })
      }).then(r => r.json()).then(d => {
        if (d.status === 'verified') window.location.reload();
      });
      break;
    }
    nonce++;
  }
}
solve();

3️⃣ Captcha Challenge (Premium)

Your page receives placeholders {{CAPTCHA_ID}} and {{CAPTCHA_IMAGE}} (base64 PNG):

🔒 Security: The captcha text is NEVER sent to the client. Only a server-generated image (base64 data URL) is provided. The actual text stays securely on the server.

let captchaId = '{{CAPTCHA_ID}}';

// Display the server-generated captcha image
// {{CAPTCHA_IMAGE}} is a base64 data URL (data:image/png;base64,...)
document.getElementById('captcha-img').src = '{{CAPTCHA_IMAGE}}';

function verify(userInput) {
  fetch('/__neptune_verify', {
    method: 'POST',
    headers: { 'Content-Type': 'application/json' },
    body: JSON.stringify({
      type: 'captcha',
      captcha_id: captchaId,
      captcha_input: userInput.toUpperCase()
    })
  }).then(r => r.json()).then(d => {
    if (d.status === 'verified') window.location.reload();
    else refreshCaptcha(); // Get new captcha on failure
  });
}

// Refresh captcha - gets new image from server
function refreshCaptcha() {
  fetch('/__neptune_captcha_refresh', { method: 'POST' })
    .then(r => r.json())
    .then(d => {
      captchaId = d.captcha_id;
      document.getElementById('captcha-img').src = d.captcha_image;
    });
}

HTML example: <img id="captcha-img" src="{{CAPTCHA_IMAGE}}" alt="Captcha">

🔑 Key Points

Endpoint: POST /__neptune_verify
Success Response: {"status":"verified","redirect":"/"}
Error Response: {"status":"error","error":"..."}
Captcha Refresh: POST /__neptune_captcha_refresh returns captcha_id + captcha_image (base64)

💡 Tip: The placeholders ({{CHALLENGE}}, {{CAPTCHA_ID}}, etc.) are replaced server-side before the page is sent. Make sure your custom HTML matches the challenge type selected above!

📊 Basic Information

Attack ID

-

Timestamp

-

IP Address

-

Country

-

Domain

-

Method

-

Path

-

Protocol

-

⚠️ Attack Information

Attack Type

-

Severity

-

Rule ID

-

Rule Name

-

Matched In

-

Status

-

Matched Data

-

📋 Request Headers

-

🍪 Cookies

-

🔗 Query Parameters

-

📝 Request Body

-

🌐 User Agent

-

Dashboard

GeoIP Configuration

⬢Neptune

Dashboard

GeoIP Configuration

Change Password

Add Domain

Domain Settings

🛡️ Anti-Bot Protection

⏱️ Rate Limiting

🌍 Country Blocking

DNS Configuration for Let's Encrypt

Required DNS Configuration

Steps to Configure

Using CloudFlare (Recommended)

Important Requirements

Add IP to Blacklist

Add IP to Whitelist

Add User

Edit User

🛡️ Anti-Bot Configuration

Premium Feature

⏱️ Rate Limit Configuration

🌍 Country Blocking

🛡️ Custom Anti-Bot Page - Implementation Guide

🎯 Challenge Types Overview

1️⃣ Cookie Challenge (Default)

2️⃣ PoW Challenge (Premium)

3️⃣ Captcha Challenge (Premium)

🔑 Key Points

Domain Details

Premium Feature

Create Account

Account Created Successfully!

Forgot Password

Password Reset Successfully

🛡️ Attack Details

📊 Basic Information

⚠️ Attack Information

📋 Request Headers

🍪 Cookies

🔗 Query Parameters

📝 Request Body

🌐 User Agent

Add Premium Code

Premium Code Details

Users Who Used This Code

Edit Premium Code

Redeem Premium Code