Preventing WAF Bypass by Attackers


Protecting your application against bypass methods in our WAF is essential for maintaining the security and integrity of your application. After all, what's the point of having a gate if attackers can find a way to circumvent it? Here are some strategies and best practices to strengthen your WAF and reduce the chances of bypass, ensuring that it serves as an effective barrier against threats. The adjustments below aim to make your server (origin) accept only our requests.

ATTENTION: Make this adjustment only after you have verified that the DNS change has propagated, otherwise, your application may become inaccessible.

In LiteSpeed

<IfModule Litespeed>
RewriteEngine On
RewriteCond %{REMOTE_ADDR} !^45\.33\.21\.140$
RewriteCond %{REMOTE_ADDR} !^45\.33\.21\.46$
RewriteCond %{REMOTE_ADDR} !^45\.33\.21\.223$
RewriteCond %{REMOTE_ADDR} !^45\.79\.42\.243$
RewriteRule .* - [F]
</IfModule>
In Apache 2.4

<FilesMatch ".*">
Require ip 45.33.21.140
Require ip 45.33.21.46
Require ip 45.33.21.223
Require ip 45.79.42.243
</FilesMatch>
In Apache 2.2

<FilesMatch ".*">
Order deny,allow
Deny from all
Allow from 45.33.21.140
Allow from 45.33.21.46
Allow from 45.33.21.223
Allow from 45.79.42.243
</FilesMatch>
In NGINX

location / {
allow 45.33.21.140;
allow 45.33.21.46;
allow 45.33.21.223;
allow 45.79.42.243;
deny all;
# Continue with the other rules
}

Related Articles