A web application firewall (WAF) is a security solution designed to protect web applications such as WordPress and Joomla. It monitors and filters HTTP traffic between your website and the internet. By analysing the traffic, a WAF can identify and block attacks that exploit vulnerabilities, such as SQL injections, cross-site scripting (XSS) and DDoS attacks. A WAF helps safeguard your web application and improves the security of your users’ data and privacy.
At Loopia, every site running on UNIX, Autobahn or Boost is protected by our web application firewall. Unauthorised traffic is prevented from reaching your site.
You can activate or deactivate the WAF in your Loopia Customer Zone. Click the domain you want to manage and tick or untick the box for the web application firewall.
Why disable the WAF?
Every day, our firewall stops hundreds of thousands of requests to our servers, and the protection is continually updated to handle new threats. Sometimes, however, legitimate traffic may be blocked because it looks like an attack. For example, a plugin (add-on) might try to make external requests, or a file upload might time out.
If you suspect a false positive, try disabling the WAF temporarily to see whether the traffic goes through. Then re-enable the WAF. Please also contact support@loopia.se with details of the incorrect block so we can investigate.