WAF migration: Bypass prevention rules update
We will be migrating the Website Security Web Application Firewall (WAF) and Content Delivery Network (CDN) to a new version to enhance the security of your website. Before we proceed with the migration, we want to ensure that you take the necessary steps to avoid any downtime during the process.
One critical step that we highly recommend is to check if your website has bypass prevention enabled. Bypass prevention is a security feature that helps prevent unauthorized access to your website, ensuring that only legitimate traffic is allowed to pass through the WAF and CDN.
You can use the following curl test to find out whether or not your site has bypass prevention enabled:
$ curl -H "host: domain.com" 123.45.67.80 -kILWhere domain.com is your domain name, and 123.45.67.80 is the IP address assigned to your hosting server.
- If you receive a 403 error, bypass prevention is enabled properly.
- If you receive a 200 response, bypass prevention is not enabled.
If bypass prevention is enabled already, the newest version of the firewall requires the .htaccess file to be updated with the following rules:
# BEGIN Website Firewall Bypass Prevention
<FilesMatch ".*">
Require ip 208.109.0.0/22
Require ip 192.88.134.0/23
Require ip 185.93.228.0/22
Require ip 2a02:fe80::/29
Require ip 66.248.200.0/22
Require ip 173.245.48.0/20
Require ip 103.21.244.0/22
Require ip 103.22.200.0/22
Require ip 103.31.4.0/22
Require ip 141.101.64.0/18
Require ip 108.162.192.0/18
Require ip 190.93.240.0/20
Require ip 188.114.96.0/20
Require ip 197.234.240.0/22
Require ip 198.41.128.0/17
Require ip 162.158.0.0/15
Require ip 104.16.0.0/13
Require ip 104.24.0.0/14
Require ip 172.64.0.0/13
Require ip 131.0.72.0/22
Require ip 2400:cb00::/32
Require ip 2606:4700::/32
Require ip 2803:f800::/32
Require ip 2405:b500::/32
Require ip 2405:8100::/32
Require ip 2a06:98c0::/29
Require ip 2c0f:f248::/32
</FilesMatch>
# END Website Firewall Bypass Prevention
