Preventing Firewall Bypass
If someone knows your hidden Hosting IP address, they can bypass the Sucuri firewall and try to access your site directly. It is not common or easy to do so, but for additional extra security, we recommend only allowing HTTP access from the Sucuri firewall.
The best way to prevent hackers from bypassing the Sucuri firewall is limiting their access to your web server. To do this, all you have to do is add restrictions to your .htaccess file so that only the Sucuri Firewall’s IP will be able to access your web server.
However, before you do this, make sure your DNS changes are fully propagated, as you may block valid visitors whose DNS has old information. Four hours is usually enough, but you can check propagation here
After that, just go to your CloudProxy’s dashboard and click on Settings, thenSecurity
Scroll all the way down and you will see:
Use the information in the blue boxes to make the proper restriction changes. If you use Apache, follow the instructions for the first box and if you use Nginx, follow the instructions on the second box.
Alternative bypass prevention rules
Apache 2.4
If using Apache 2.4 or above you should use the following format for the .htaccess file:
<FilesMatch ".*">
Require all denied
Require ip xxx.xxx.xxx.xxx
Require ip xxx.xxx.xxx.xxx
Require ip xxx.xxx.xxx.xxx
</FilesMatch>
Just replace xxx.xxx.xxx.xxx with the IPs listed in the bypass prevention rules in the CloudProxy dashboard under Settings -> Security.
0
0
Related Articles
- Preventing Firewall Bypass
- Support for MaxCDN
- Enabling Sucuri DNS
- Adding Aliases to Your Domain
- Integrating with Splunk
- Working with cPanel
- Signatures
- Protected Page
- Block User-agents
- Block HTTP Referers
- Block HTTP Cookies
- Country Blocking