is it possible to have WAF also protect the Virtualmin miniserv running on port 10000?

thanks

Thanks for the question, yes indeed thats exactly what its built to do. Just follow the documentation here to set it up:

https://www.atomicorp.com/wiki/index.php/ASL_WAF#local

Thanks, followed the instructions and enabled T-WAF for SSL on port 10000. The certificate used by webmin is of .pem type, and both public and private key use the same file (thats webmin's default config). As soon as it was enabled I could no longer access webmin. Disabled T-WAF, no go. Whitelisted my IP address, no-go. Webmin error log shows "Failed to initialize SSL connection" (webmin is mandatorily accessed via SSL).

/etc/webmin/stop, followed by a /etc/webmin/start, and still no-go.

i waited 20 minutes and it worked again, but then I started T-WAF and it stopped again.

I came back 1 hour later and I could access Webmin again: it seems that turning on T-WAF disables access to Webmin for about 1 hours after it is enabled. Restarting webmin doesnt help. This is a problem.

pem certificates are not supported at this time

would it work if I convert it to another format? which format would that be ?

Thanks for the question, any format that's compatible with Apache 2.2 will work.

PEM is compatible with Apache. In fact, the default certificate format for SSLeay/OpenSSL is PEM.

I think you meant to say that Apache expects the certificate and private key to be in separate files. Since PEM is the same Base64 encoded ASCII file as .crt and .key, I broke up a copy of the .PEM file into .crt and .key. I then pointed T-WAF to use those files and disabled/enabled T-WAF (just to make sure it reloaded the conf). I also restarted webmin.

And I still have the same problem: Webmin wont be accessible for the next X hours.

Note that even while I was using the prior PEM setup WAF was working. It just breaks webmin for X hours.