Web Application Firewall (WAF)

The WAF (mod_security with the OWASP Core Rule Set) sits in front of your sites and blocks common web attacks — SQL injection, cross-site scripting and the like. Find it under Security → WAF.

Status

Shows whether the WAF is active and which rule set is in force. It protects every hosted site automatically.

Blocks

The Blocks view lists requests the WAF has stopped — useful for confirming an attack was blocked, or for spotting a false positive (a legitimate request caught by a rule).

Whitelist

If the WAF is blocking something legitimate, add it to the Whitelist so it's allowed through. Use this sparingly — only for requests you're sure are safe.