If someone knows your hidden Hosting IP address, they can bypass our firewall and try to access your site directly. It is not common or easy to do so, but for additional extra security, we recommend only allowing HTTP access from our firewall.
The best way to prevent hackers from bypassing our Firewall is limiting their access to your web server. To do this, all you have to do is add restrictions to your .htaccess file so that only our Firewall’s IP will be able to access your web server.
However, before you do this, make sure your DNS changes fully propagated, as you may block valid visitors whose DNS has old information. Four hours is usually enough, but you can check propagation here.
Click here to go to the Preventing Firewall Bypass settings.
- Select the proper server for your hosting configuration and you will need to add the code for Apache in your .htaccess file and for Nginx, you will need to add it to your Nginx configuration file.
Alternative bypass prevention rules
If using Apache 2.4 or above you should use the following format for the .htaccess file:
Require ip xxx.xxx.xxx.xxx Require ip xxx.xxx.xxx.xxx Require ip xxx.xxx.xxx.xxx ErrorDocument 403 "Forbidden"
Just replace xxx.xxx.xxx.xxx with the IPs listed in the bypass prevention rules in the Sucuri firewall dashboard here.
Rackspace may need the FileMatch Directive added in their own way, check this out.
It will depend on what version of IIS you are using for the exact instructions, but the links below provide various options for different IIS versions.
If using this method to bypass the firewall yourself, ensure to add your IP address to the list of allowed IP addresses.
If you have any questions don’t hesitate to open a ticket in our system and our team will help you out!