Cloudbric WAF FAQ

[Frequently asked questions about the Cloudbric WAF website security service]

Cloudbric WAF is a security service that provides comprehensive protection against website attacks and vulnerabilities. We offer this add-on service to our customers to assist you in protecting your website.

What is the difference between the security that you already provide and this service?

We ensure that our servers and network are free from security threats. Cloudbric WAF offers website level security, which is a specialised service.

What is a Web Application Firewall (WAF)?

A web application firewall (or WAF) filters, monitors, and blocks website traffic to and from a website. A WAF is differentiated from a regular firewall in that a WAF is able to filter the content of specific websites, eg. WordPress, Joomla. By inspecting website traffic, it can prevent attacks stemming from website security flaws, such as SQL injection, cross-site scripting (XSS), file inclusion, and security misconfigurations.

My website has been hacked? Will Cloudbric WAF fix it?

While a web application firewall is a proactive security solution that can prevent you from getting into trouble, you should check if your website is already infected. If you weren’t previously using a solution similar to Cloudbric WAF, your website potentially could have already been compromised. Cloudbric WAF focuses on protection and prevention and not the cleaning of already compromised websites. You can have it cleaned by a reputable website developer or website cleaning service.

Cloudbric WAF offers a free option for domains using less than 4GB per month on their website. Why should I use you?

Cloudbric WAF does not have any public African nodes that can be used directly (i.e. not via xneelo), therefore website speed will be significantly impacted as your site will be served via Asia. The dashboard will also be slower. Customers making use of Cloudbric WAF with xneelo will not experience this delay as everything will be hosted locally and will be much faster. You will also not be limited to 4GB of traffic per month.

Must Cloudbric WAF customers update their own DNS or will it be done automatically on activation?

We will update the DNS of domains whose website DNS is hosted by xneelo. (This is the default configuration). Domains with website DNS (@ and www records) hosted elsewhere will need to have the DNS updated at the relevant host before Cloudbric WAF activation can complete.

How does Cloudbric WAF compare with security plugins?

One can not compare a cloud-based Web Application Firewall with an endpoint protection service such as a security plugin for your CMS. While there may be some overlap in the protection offered, it is a good idea from a security perspective to have both installed. Security plugins often offer malware detection and removal, which is not what cloud-based WAFs are intended for.

You already offer DDoS protection, so why do I need Cloudbric WAF’s DDoS protection?

Our DDoS protection protects the network layer against direct large scale DDos attacks (layer 3 & 4). Cloudbric WAF protects against the website application level DDoS attacks (layer 7).

You already offer free SSL/TLS, so why do I need Cloudbric WAF’s SSL/TLS?

With Cloudbric WAF enabled, the SSL/TLS offered by us will cover the connection between the xneelo hosting server and the Cloudbric WAF server. Cloudbric WAF’s SSL/TLS will cover the connection between the Cloudbric WAF server and the browser of the website visitor.

Will Cloudbric WAF work with a custom SSL/TLS certificate, such as GoDaddy and Thawte?

If you would like to use your own SSL/TLS certificate instead of the free Let’s Encrypt SSL/TLS certificate, please provide us with both the certificate and key files via email to cloudbric@xneelo.com.
If you have a custom Thawte SSL/TLS certificate that was provided by us, we will install this certificate on your behalf.

Why doesn’t my email work after activating Cloudbric WAF?

If your email is setup using the recommended default xneelo settings, your email will not be affected. However, if you have used alternative settings, you may experience an error. Ensure that you use these mail server settings in your mail programme:

• Incoming mail server (POP or SMTP): mail.domain e.g. mail.example.co.za
• Outgoing SMTP server: smtp.domain e.g. smtp.example.co.za
• Alternatively, your server IP address can be used

Why can’t I FTP to my website after activating Cloudbric WAF?

This will occur if you are using your domain name as the host name in your FTP or SSH client. As web traffic is now routed via the Cloudbric WAF servers rather than directly to your website, use your server IP address as the host name in FTP or SSH.

Can I use Cloudbric WAF on a Parked Domain?

If your Cloudbric WAF protected domain has parked domain(s), it is highly recommended that you secure your parked domain(s) via an .htaccess redirect. The redirect will reroute all traffic from your parked domain(s) to your main domain. This will change the web address (URL) in the browser to that of your main domain.

The following rules need to be placed within a .htaccess file in the public_html of your main domain. Replace the example domain names with your relevant domain names.

If you are having difficulty adding these rules, please contact our Support team for further assistance. 

RewriteEngine On

# Entry for each parked domain. Add more lines if more Parked domains exist:
RewriteCond %{HTTP_HOST} ^(www.)?parked-domain-one.com$ [OR]
RewriteCond %{HTTP_HOST} ^(www.)?parked-domain-two.com$ [OR]

# Entry for temporary URL:
RewriteCond %{HTTP_HOST} ^(.*).host-h.net$

# Redirect Destination:
 RewriteRule ^/?$ "https://www.example.com" [R=301,L]

Can I use Cloudbric WAF on multiple domains?

Please note that Cloudbric WAF is not currently supported on multiple domains.