This article explains how to use the "Web Application Firewall", an additional security layer that you can manage through your Cloud Control Panel™(CCP). We originally created this feature because we noticed that many Joomla 1.5 customers had insecure extensions that allowed dangerous SQL injections or PHP code into the Joomla site. It's getting increasingly harder to get in contact with developers for an update and we've seen an increase in the amount of Joomla 1.5 Instances being hacked. After fixing these hacks over and over again, we developed the Web Application Firewall. This feature can be used for any site, using any version of Joomla or WordPress. Please keep in mind that if you enable this feature, no one (including site administrators) will be able to update the site.
First, you will have to log into your CloudAccess.net CCP. Using the Dashboard at the top of the CCP, select the site you'd like to work with. Select the "Web Application Firewall" icon.
The "Web Application Firewall" tab allows you to create "read only" site files and database tables which adds an additional layer of security for your Joomla or WordPress site. By default, this feature is disabled. Click on the "Enable" button next to "Files"to lock site files or next to "Database" to lock your database tables. Once enabled, your site files and database tables are locked, and no one can create or alter any core site file or database table.
You will receive a message confirming that you have successfully enabled the firewall.
After enabling the firewall fo the database, you'll notice a "Customize" button to specify which database tables you'd like to write to, and which you'd like to read only.
You'll see a list of database tables appear. You can easily select or deselect which tables you'd like to be able to write to and which tables you'd like to be read only. Be sure to save your work.
If you'd like to block all access to your site by placing a username/password prompt on the main diretory, click on the "Enable" button under "Block Visitors with htaccess" options. If you do enable this feature, your site will be marked as "unmanaged", and general website visitors won't be able to access the site. Learn more about "managed" vs. "unmanaged" sites. After enabling this feature, you'll be required to enter your FTP username and password to access the site.
Once enabled, you'll receive a message letting you know that the request was successful.
We take a great deal of pride in our knowledgebase and making sure that our content is complete, accurate and useable. If you have a suggestion for improving anything in this content, please let us know by filling out this form. Be sure to include the link to the article that you'd like to see improved. Thank you!