Web Application Firewall
Table of content
The Web Application Firewall is part of our security systems, along with Malware Detector, which aims to prevent attacks on our clients' sites.
What is Web Application Firewall?
The difference between a Firewall and the Web Application Firewall (WAF), explained in a simple way, is that an ordinary firewall will block network packets - for example, all HTTP traffic to port
80 will be blocked and the site will be not accessible.
While the Web Application Firewall will allow this traffic to reach the server, it will analyze the requests and if they are detected as malicious, they will be blocked before they are executed by the hosting server.
This is possible thanks to ModSecurity policies that analyze and block attacks on popular Content Management Systems and e-commerce platforms such as WordPress, Magento, Joomla, and others. We use rules made by leading cyber security companies, as well as our own, to make sure we block the latest attacks on your online services.
Configuration of Web Application Firewall
You can access Web Application Firewall in your cPanel by clicking its icon in the Security section. Through the cPanel plug-in, you can turn WAF
OFF for your different domains and subdomains, change its mode of operation, and remove rules from the Web Application Firewall if a legitimate request is blocked.
The Web Application Firewall itself has four modes of operation:
- Off - no requests to the server are blocked.
- Basic - it contains only the most basic rules, providing low level of protection as well as low chance of blocking legitimate queries.
- Medium - the most common rules are enabled, there is a moderate risk of blocking legitimate queries.
Strict - all ModSecurity policies are enabled, providing the most complete protection against various web attacks, but there is also a significant risk of blocking legitimate queries.
You can turn on the Web Application Firewall for a particular domain or subdomain by selecting it from the Managing drop-down menu, selecting Actions from the Actions menu, and clicking the Update button.
WAF activation for a domain does not start the application for its subdomains. If you have a forum, store, blog or other important website, running as a subdomain, you must enable manually the WAF to protect it.
How to add a exclusion for a legitimate query?
To be able to predict any possibility - for example, if a legitimate request is flagged as malicious and blocked, we have created an instruction page that appears when you block a link to particular domain. To find out why the request is blocked and possibly add an exception to it, you need to copy the unique ID of the blocked request.
This ID should be copied to the Web Application Firewall plug-in in your cPanel and click the Go button to see all the details for the blocked request.
On this page you will also see an Exclude rule button - click it to exclude the rule in question for your account and such requests will no longer get blocked.
Statistics on blocked atakes
Click the Statistics link to find data about all addresses, files, IPs and rules that have been blocked in your hosting plan for the last 7 days.
Top URI will show you the most frequently attacked addresses and files on your site. Top Referrers are the pages in your hosting plan that activate the Web Application Firewall the most.
Top IPs is a list of all IP addresses that have been blocked by WAF when accessing your site. You can check your own IP address on a site like
www.googlemyip.com to easily find out if your own requests have been blocked in the last 7 days.
Top Rules is a list of the most commonly used rules for your hosting plan. You have the option to add rule exceptions with the Exclude selected button and see a list of all excluded rules for your hosting plan using the Show excluded button: