Manage cookies that are used for advertising, such as ad personalization, remarketing, and ad effectiveness analysis.
2.15.4. Firewall
On the hosting, there's an automatic security system that finds and blocks bots that attack sites, request files with viruses, test CMS for vulnerabilities to exploit them later, send spam through forms on sites, try to guess passwords, and so on.
In some cases, the system may mistakenly block a bot that is intended to be used by the site's logic. For example, a bot that makes hundreds of thousands of POST requests to a site per day may appear dangerous, but in fact it may be an office CRM that synchronizes data with the site several times per second.
When an IP address is blocked by mistake, it can be added to the whitelist in the "Firewall" section. Requests from such addresses to hosting account sites will not be automatically blocked.
flowchart LR
request@{ shape: stadium, label: "➡️ Request" }
whitelist@{ shape: rounded, label: "🧱 Restricted
access mode" } blacklist@{ shape: rounded, label: "📋 IP blacklist" } subgraph firewall [🔥 Firewall] list@{ shape: diamond, label: "📋 IP
in whitelist?" } end bots@{ shape: rounded, label: "🤖 Bots" } countries@{ shape: rounded, label: "🌎 Countries" } iam@{ shape: rounded, label: "🛡️ I'm Under Attack" } site@{ shape: stadium, label: "✅ Site" } request-->whitelist request-->blacklist whitelist-->list blacklist-->list list-->|✅|site list-->|❌|bots bots-->countries countries-->iam iam-->site
access mode" } blacklist@{ shape: rounded, label: "📋 IP blacklist" } subgraph firewall [🔥 Firewall] list@{ shape: diamond, label: "📋 IP
in whitelist?" } end bots@{ shape: rounded, label: "🤖 Bots" } countries@{ shape: rounded, label: "🌎 Countries" } iam@{ shape: rounded, label: "🛡️ I'm Under Attack" } site@{ shape: stadium, label: "✅ Site" } request-->whitelist request-->blacklist whitelist-->list blacklist-->list list-->|✅|site list-->|❌|bots bots-->countries countries-->iam iam-->site
In the chain of all stages of site protection, Firewall comes after restricted access mode and IP blacklist before bot protection, country access restriction and I'm Under Attack.
Whitelist
Whitelist:
- Affects only access to sites and only within this hosting account.
- Does not affect the operation of DDoS protection, FTP, SSH, MySQL, etc.
The security system will not trigger for IP addresses from the hosting account's firewall whitelist when requests are sent from these addresses to sites on the same hosting account. However, if suspicious requests to sites of other hosting accounts are detected from these IP addresses, such addresses will be blocked globally by the DDoS protection system and access to them will be denied even for those hosting accounts where they are added to the whitelist.
You don't need to add the IP addresses of search engines and secure services such as Google, PayPal, or PrivatBank gateways to the whitelist. We regularly monitor the list of addresses for such services, and they always have open access to sites.
Add IP address
Notes:
- Only single IP addresses can be added; networks with masks are not supported.
- IPv6 addresses are automatically truncated and converted to /64 networks when added. The reason for this is that, according to IPv6 allocation rules, each device is assigned not a single address, but a /64 subnet. Our protection system blocks device subnets, as blocking individual addresses does not make sense (the device owner can assign a huge number of individual addresses within their subnet).
- Maximum number of IP addresses that can be added to a single hosting account: shared hosting — 15, business hosting — 30.
- Open the "Firewall" section.
- Click "Add IP".
- Enter the IP address and click "Add".
(1)