Protecting your application against bypass methods in our WAF is essential for maintaining the security and integrity of your application. After all, what's the point of having a gate if attackers can find a way to circumvent it? Here are some strategies and best practices to strengthen your WAF and reduce the chances of bypass, ensuring that it serves as an effective barrier against threats. The adjustments below aim to make your server (origin) accept only our requests.
ATTENTION: Make this adjustment only after you have verified that the DNS change has propagated, otherwise, your application may become inaccessible.
In LiteSpeed
<IfModule Litespeed>
RewriteEngine On
RewriteCond %{REMOTE_ADDR} !^72\.14\.189\.190$
RewriteCond %{REMOTE_ADDR} !^104\.200\.19\.210$
RewriteRule .* - [F]
</IfModule>
In Apache 2.4
<FilesMatch ".*">
Require ip 72.14.189.190
Require ip 104.200.19.210
</FilesMatch>
In Apache 2.2
<FilesMatch ".*">
Order deny,allow
Deny from all
Allow from 72.14.189.190
Allow from 104.200.19.210
</FilesMatch>
In NGINX
location / {
allow 72.14.189.190;
allow 104.200.19.210;
deny all;
# Continue with the other rules
}