Preventing Firewall Bypass

If someone knows your hidden Hosting IP address, they can bypass the Sucuri firewall and try to access your site directly. It is not common or easy to do so, but for additional extra security, we recommend only allowing HTTP access from the Sucuri firewall.

The best way to prevent hackers from bypassing the Sucuri firewall is limiting their access to your web server. To do this, all you have to do is add restrictions to your .htaccess file so that only the Sucuri Firewall’s IP will be able to access your web server.

However, before you do this, make sure your DNS changes are fully propagated, as you may block valid visitors whose DNS has old information. Four hours is usually enough, but you can check propagation here

After that, just go to your CloudProxy’s dashboard and click on Settings, thenSecurity

security cloudproxy

Scroll all the way down and you will see:

prevent bypass

Use the information in the blue boxes to make the proper restriction changes. If you use Apache, follow the instructions for the first box and if you use Nginx, follow the instructions on the second box.

Alternative bypass prevention rules

Apache 2.4

If using Apache 2.4 or above you should use the following format for the .htaccess file:

<FilesMatch ".*">
    Require all denied
    Require ip xxx.xxx.xxx.xxx
    Require ip xxx.xxx.xxx.xxx
    Require ip xxx.xxx.xxx.xxx
</FilesMatch>

Just replace xxx.xxx.xxx.xxx with the IPs listed in the bypass prevention rules in the CloudProxy dashboard under Settings -> Security.

in ConfigurationSucuri CloudProxy

0

0

Related Articles