Product Improvements: Flexible
Cloudways values its customers and their feedback! You can now give us your feedback on how we can improve Cloudways services, solution and products by pitching in your ideas!
90 results found
-
Setting Sucuri as WAF should also enable WAF bypass prevention
In the advanced settings for nginx there is an option to set a WAF. This is needed fo nginx to grab the right headers in order to get the actual visitor's IP address.
Using a WAF one would certainly also want a WAF bypass prevention. For this SUCURI suggests adding the following lines to the nginx vhost:
location / {
allow 192.88.134.0/23;
allow 185.93.228.0/22;
allow 2a02:fe80::/29;
allow 66.248.200.0/22;
allow 208.109.0.0/22;
deny all;
....
}There should be an option to do that when chosing sucuri as a WAF.
Also, if you contact support to add those rules for you (which…
1 vote -
create a drop-down for "SSL ciphers" in the "APPLICATION SETTINGS" below the "TLS VERSIONS" for customers who want only strong SSL ciphers
Customers can get an A+ rating on https://www.ssllabs.com/ssltest/ if you:
Add an "SSL ciphers" drop-down for customers that are interested in only using strong SSL ciphers.You can consider your current ciphers as "default", and add an option for "most secure" that allows customers to select a pre-defined "A+ rated" SSL cipher configuration.
The "SSL Cipher" configuration would go below the existing "TLS VERSIONS" option in the "APPLICATION SETTINGS" > "GENERAL" > "TLS VERSIONS" configuration interface.
8 votes -
Please make search feature in all Bot Protection data table.
so this make easier for user to find the ip addresses.
And you can make a specific fiture to make a whitelist IP Adresses.Also please make the pagination better, so user can go to specific page.
And also in the data table, please make a filter by country, ip, etc
2 votes -
Add WAF module StackPath
Like done with CloudFlare and Sucuri a WAF module for StackPath's WAF would be great. So, one will be able to see the real IP - just like with CloudFlare and Sucuri
6 votes -
Display remaining Lets encrypt SSL limit
SSL has rate limit for SSL certificates which is reset in 12hrs. This limit should be displayed on SSL page so that user can be careful.
3 votes -
Slow HTTP DoS (Denial of Service) Attack
Your all web servers are vulnerable to Slow HTTP DoS (Denial of Service) attacks.
Slowloris and Slow HTTP POST DoS attacks rely on the fact that the HTTP protocol, by design, requires requests to be completely received by the server before they are processed. If an HTTP request is not complete, or if the transfer rate is very low, the server keeps its resources busy waiting for the rest of the data. If the server keeps too many resources busy, this creates a denial of service.
Attack Details:
Time difference between connections: 10006 msThe impact of this vulnerability:
A…2 votes -
Check for the blacklist IP before assigning Server IP
Hello Team,
Can you please add some feature where it'll check for the blacklist before assigning server IP?
It seems like someone else was using assigned server IP before it's assigning to the user and they have abused the server so their IP is under blacklist and that blacklist server IP is not going to be useful for the new user.
4 votes -
Remove Server Signature for Improved Security
Provide a way to disable the server signature to improve security by not disclosing the server type and server software, along with other information, which could allow hackers to determine vulnerabilities by listing server and software specifications.
Thanks!
3 votes -
Launch a new feature on the console which blocks the bad BOTS and DDOs attacks from the site for popular applications like Magento.
Launch a new feature on the console which blocks the bad BOTS and DDOs attacks from the site for popular applications like Magento.
1 vote -
whitelist
Please add Remark Option with Whitelist IP address in Server Security Section. Right now its difficult to find out which IP is pointing to external important server and which is IP is added for temporary use. Deleting an IP by mistake can take us into trouble as some live App IP's are listed in Whitelist IP list.
2 votes -
that there should be mechanism for notification of requests generated by instead load on the server.
that there should be mechanism for notification of requests generated by instead load on the server.
1 vote -
SSH keys should accept eliptic curves - not only RSA
SSH keys should accept eliptic curves - not only RSA
RSA is old, using too big big length.
I would like to see possibility to use standard eliptic curves that are used everywhere. For some reason this is still not possible on Cloudways.1 vote -
SSH/Platform Login Alerts
As an agency hosting a magnitude of customers through Cloudways we would like to see the ability to get Cloudways Bot alerts and email alerts for the following:
- Cloudways Login
- SSH Login (IP/Location etc)
- SFTP Login
- Changes to application/server configiration
1 vote -
Hide origin IP option rather than relynon cloudflare
Don't rely on cloudflare
1 vote -
provide a way for site-administrators to view the auth.log
When sites are hacked the first thing to check is the auth.log to see who accessed what, when. When a compromise happens we need to be able to investigate immediately and find a fix.
Can site owners be provided with a way to see the auth.log for their site, similar to how we can currently view web access/error logs?Specifically what I'm requesting is live (and perhaps filtered to my site) visibility on:
* auth.log
* sftpserver.log
* history of auth and sftpserver logs so that we can go back at least a week to see if we…1 vote -
Allow closing shellinabox
The shellinabox service that runs on port 4200 is not secure enough, for a number of reasons:
* it accepts non-TLS traffic
* no multifactor authentication
* no battle-tested frontend webserver like nginx before itInstead of fixing all of these, perhaps just allow to disable this service like you allow for other services.
3 votes -
Automatic IP attack blocking
I would suggest that ips be blocked automatically by Cloudways when they were hitting on the site of yours continuously
9 votes -
close the different IP verify
Our different colleagues need sign in cloudways frequently, so we suggest if can close the different IP verify
1 vote -
yubikey support
would be great to add hardware 2FA devices with fallback to google auth or SMS.. :)
7 votes -
Integrate firewall with CDN
There are probably many needed enhancements to the firewall. One that would be especially helpful would be to block traffic that doesn't originate through the CDN.
For example, with Cloudflare, hackers can sometimes use historical dns records to discover your server's origin IP address. They can then circumvent Cloudflare's ddos and firewall features.
An option in the Cloudways firewall to only accept traffic through the CDN would eliminate this whole class of vulnerabilities.
14 votes
- Don't see your idea?