← HeatShield Docs

Using a Firewall with a CDN

If your server is connected to a content delivery network (CDN), you can create a HeatShield ruleset to only allow HTTP/HTTPS access to your server from the IP addresses belonging to your CDN.

Some common CDNs are CloudFlare, MaxCDN, and Incapsula.

You will need to refer to each one's documentation or contact its support to ask for a list of IP addresses to use in the following tutorial.

Limiting HTTP and HTTPS to a CDN's IP Addresses

To configure your firewall so only your CDN can make HTTP and HTTPS requests to your server, you will need to create a ruleset in HeatShield.

If you haven't upgraded this server yet, do so now. Once upgraded, you'll be able to use custom rulesets on this server.

First, open your Rulesets page and click Create Ruleset.

Next, name your ruleset and click Create Ruleset.

Now, create a new HTTP rule by selecting the policy, the destination, and the source.

Set the Policy to Allow and the Destination to HTTP.

Select Custom from the Source dropdown and enter the first IP address or range given by your CDN. Click Add.

Repeat this step for each of the IP addresses and ranges in your CDN's list.

When you finish your rules for HTTP, you will need to create rules for HTTPS.

This time set the Policy to Allow and the Destination to HTTPS.

Select Custom from the Source dropdown and repeat the process for each of the IP addresses and ranges in your CDN's list.

Applying the CDN Ruleset

To apply your new CDN ruleset to your server, open your server in HeatShield.

Select your CDN ruleset from the drop-down list and click Apply Ruleset.

Then, click Remove next to the default HTTP/HTTPS ruleset.

Your new ruleset will now be applied to your server.

Remember, you can apply your CDN ruleset to any number of servers. You don't need to create a new CDN ruleset for each server.

Advanced security for your WordPress sites