If your Cloud Platform-hosted websites protected by Edge Security are under threat of attack or are currently under attack, Acquia recommends you take the following steps for maximum protection of your websites:
Sign in to your Acquia Edge web user interface.
In the Overview section, click Under Attack Mode from the Quick Actions select box. This enables additional protections to stop potentially malicious HTTP traffic from being passed to your server.
Note
Whenever you enable Under Attack Mode, Acquia Edge will serve a brief interstitial page to first-time visitors of your website while performing additional checks to see whether the traffic is legitimate.
Navigate to the Firewall section of the Edge Security interface, and select Managed Rules. Ensure the Web Application Firewall option is set to “On.”
Navigate to your Domain Name Server (DNS) settings in the Edge Security interface, and ensure your DNS settings for maximum protection:
Enable the Acquia Edge security on the DNS records you use, including SSH. DNS records with security disabled are gray, while DNS records with security enabled are orange.
Acquia Edge only proxies HTTP traffic. If you must connect to your origin using another protocol (for example, SSH, FTP, or SMTP) you must do so using a record that does not have Acquia Edge enabled in the DNS settings or by connecting directly to the origin server’s IP address. Some examples:
Delete any DNS records, unless they are required, as they will expose your origin IP address.
Remove any mail records that expose your web application’s origin IP address.
Create a Support ticket and provide detailed information about the attack to help Acquia Support better assist you in determining next steps.