WAF migration: Bypass prevention rules update
We will be migrating the Website Security Web Application Firewall (WAF) and Content Delivery Network (CDN) to a new version to enhance the security of your website. Before we proceed with the migration, we want to ensure that you take the necessary steps to avoid any downtime during the process.
One critical step that we highly recommend is to check if your website has bypass prevention enabled. Bypass prevention is a security feature that helps prevent unauthorized access to your website, ensuring that only legitimate traffic is allowed to pass through the WAF and CDN.
You can use the following curl test to find out whether or not your site has bypass prevention enabled:
$ curl -H "host: domain.com" 126.96.36.199 -kIL
Where domain.com is your domain name, and 188.8.131.52 is the IP address assigned to your hosting server.
- If you receive a 403 error, bypass prevention is enabled properly.
- If you receive a 200 response, bypass prevention is not enabled.
If bypass prevention is enabled already, the newest version of the firewall requires the .htaccess file to be updated with the following rules:
# BEGIN Website Firewall Bypass Prevention <FilesMatch ".*"> Require ip 184.108.40.206/22 Require ip 220.127.116.11/23 Require ip 18.104.22.168/22 Require ip 2a02:fe80::/29 Require ip 22.214.171.124/22 Require ip 126.96.36.199/20 Require ip 188.8.131.52/22 Require ip 184.108.40.206/22 Require ip 220.127.116.11/22 Require ip 18.104.22.168/18 Require ip 22.214.171.124/18 Require ip 126.96.36.199/20 Require ip 188.8.131.52/20 Require ip 184.108.40.206/22 Require ip 220.127.116.11/17 Require ip 18.104.22.168/15 Require ip 22.214.171.124/13 Require ip 126.96.36.199/14 Require ip 188.8.131.52/13 Require ip 184.108.40.206/22 Require ip 2400:cb00::/32 Require ip 2606:4700::/32 Require ip 2803:f800::/32 Require ip 2405:b500::/32 Require ip 2405:8100::/32 Require ip 2a06:98c0::/29 Require ip 2c0f:f248::/32 </FilesMatch> # END Website Firewall Bypass Prevention