Hardening > Firewall

On the Firewall subpage of your application, you can change multiple settings:

• Firewall
• Hardening
• Login Protection
• Cookie Notice

Firewall Settings

Accessible for the Community, Developer and Business plan users.

Under the Firewall Settings section, you can switch the state of your web app's firewall and manage the rules of IP addresses.

🚧

Example case:

Patchstack has blocked 5 attacks on your application by one specific IP address in a period of 60 minutes.
You would now want this IP to be blocked.

Type in the following data:

Block IP for 4320 Minutes
After 5 Blocked Attacks
Over A Period of 60 Minutes

Click Save Settings

Now - any IP address which meets all those conditions will be blocked for three days.

Patchstack has the possibility to override IP address headers; block certain IPs and whitelist certain traffic to your web application.

📘

IP Address Header Override

If you would like to override the IP address header that we use to grab the IP address of the visitor, enter the value to IP Address Header Override input.

This must be a valid value in the $_SERVER array, for example HTTP_X_FORWARDED_FOR. If the $_SERVER value you enter does not exist, it will fallback to the Patchstack IP grab function so ask your hosting company if you are unsure.

Leave this empty to use the Patchstack IP address grabbing function.

📘

IP Block List

Lets you completely block IP addresses by entering each IP address to a new line.

Following formats are accepted:
127.0.0.1
127.0.0.*
127.0.0.0/24
127.0.0.0-127.0.0.255

📘

Whitelist

Each rule must be on a new line.

The following keywords are accepted
IP:IPADDRESS
PAYLOAD:someval
URL:/someurl

Definitions
IP = firewall will not run against the IP
PAYLOAD = if the entire payload contains the keyword, the firewall will not proceed
URL = if the URL contains given URL, firewall will not proceed

Example
IP:192.168.1.1
PAYLOAD:contact_form
URL:water
URL:/some-form

In this scenario, the firewall will not run if the IP address is 192.168.1.1 or if the payload contains contact_form or if the URL contains water or if the URL contains /some-form.

Country Blocking

Accessible for the Developer and Business plan users only.

In case you want to block traffic to your web application from certain countries, you can do so by scrolling down to the Country Blocking section.
You can start typing the names of countries into the "Blocked Countries" input.
After typing the name, press Enter or click on the name of a given country.

If you want the country blocking to start working right away, click on Enable Country Blocking.
You may then click Save Settings.

PS! We have also added the Inversed Check option which works the other way around.
When this is checked, the countries which are typed into the "Blocked Countries" input, will be the only countries from which the traffic to your application is allowed.

Example:
If you want to allow traffic from only Germany:

1. Type "Germany" into "Blocked Countries"
2. Check "Inversed Check"
3. Check "Enable Country Blocking"
4. Click on "Save Settings"

.htaccess Features

Accessible for the Developer and Business plan users only.

From .htaccess Features you can directly modify your .htaccess file by changing your settings.

What you can do:

• Add security headers
• Prevent default WordPress file access
• Block access to debug.log file
• Disable index views
• Forbid proxy comment posting
• Prevent image hotlinking



In case you wish to write custom htaccess rules to the file, you can insert your rules to Custom .htaccess rules textfield.
Additionally, you can select if your written rules appear at the bottom of Patchstack rules or at the top of Patchstack rules in the .htaccess file.

Please note that If the custom htaccess rules provided there break your web application, Patchstack will automatically remove them and revert the .htaccess to the previous working state.

Having done all your changes, click on Save Settings at the bottom of this section.