Information for: DEVELOPERS   PARTNERS

Defending your website against attacks

If your Acquia Cloud-hosted websites protected by Acquia Cloud Edge Protect are under threat of attack or are currently under attack, Acquia recommends you take the following steps for maximum protection of your websites:

  1. Sign in to your Acquia Cloud Edge web user interface.

  2. In the Overview section, click Under Attack Mode from the Quick Actions select box. This enables additional protections to stop potentially malicious HTTP traffic from being passed to your server.

    Under Attack Mode toggle switch

    Note

    Whenever you enable Under Attack Mode, Acquia Cloud Edge will serve a brief interstitial page to first-time visitors of your website while performing additional checks to see whether the traffic is legitimate.

  3. Navigate to the Firewall section of the Acquia Cloud Edge Protect interface, and select Managed Rules. Ensure the Web Application Firewall option is set to “On”.

  4. Navigate to your Domain Name Server (DNS) settings in the Acquia Cloud Edge Protect interface, and ensure your DNS settings for maximum protection:

    • Enable the Acquia Cloud Edge security on the DNS records you use, including SSH. DNS records with security disabled are gray, while DNS records with security enabled are orange.

    • Acquia Cloud Edge only proxies HTTP traffic. If you must connect to your origin using another protocol (for example, SSH, FTP, or SMTP) you must do so using a record that does not have Acquia Cloud Edge enabled in the DNS settings or by connecting directly to the origin server’s IP address. Some examples:

    • Delete any DNS records, unless they are required, as they will expose your origin IP address.

    • Remove any mail records that expose your web application’s origin IP address.

  5. Contact Acquia Support, and in the Support ticket you create, provide detailed information about the attack to help Acquia Support better assist you in determining next steps.