Product Improvements: Flexible
Cloudways values its customers and their feedback! You can now give us your feedback on how we can improve Cloudways services, solution and products by pitching in your ideas!
90 results found
-
Integrate mod_evasive to mitigate DDoS attacks
DDoS issues are getting out of control. It would be a good idea to integrate mod_evasive apache module to mitigate them.
I was suggested by the support team to mitigate the attack using app level firewalls but that's far to be an optimal solution.
They confirmed that the current infrastructure of their servers is not ready for adding this apache module but they are open to evaluating it as an option.
4 votes -
Feature Request: Log analysis section
I made contact via suppot chat and ask if it was possible to install GoAccess on my server for a visual and accurate log view.
Since it was not possible all i can do is suggest to make a section on server panel to analyse server logs and have a clear vision of traffic and load.Gabriel G.
4 votes -
yubikey support
would be great to add hardware 2FA devices with fallback to google auth or SMS.. :)
7 votes -
Integrate firewall with CDN
There are probably many needed enhancements to the firewall. One that would be especially helpful would be to block traffic that doesn't originate through the CDN.
For example, with Cloudflare, hackers can sometimes use historical dns records to discover your server's origin IP address. They can then circumvent Cloudflare's ddos and firewall features.
An option in the Cloudways firewall to only accept traffic through the CDN would eliminate this whole class of vulnerabilities.
14 votes -
5 votes
-
Ability to add multiple SSL certificates per application (neither wildcard nor SAN)
If we have a multisite, we need a wildcard SSL for the subdomains. However if we go further, and provide custom domain (domain mapping) the problem comes that the SSL certificate is only for our domain not the mapped. Would be great if we can (even manually) create more than one certificate. SAN certificates is not the good option, since:
- We are using the wildcard for the own subdomains.
- There is a hard limit with the 100 domains.
- All the custom domains would be listed as secondary domains in the certificate details.
3 votes -
Allow disabling of weak SSH key exchange algorithms
PCI Compliance now regards weak ssh key exchange algorithms as a liability. There should be a way to disable them. It's fairly easy to set up in open-ssh: https://infosec.mozilla.org/guidelines/openssh#Configuration
4 votes -
Some form of account activity log viewable by the super admin or account holder
account activity log
2 votes -
Caution Notifications if the bandwidth about to touch the default ceiling limits
Caution Notifications if the bandwidth about to touch the default ceiling limits in order to take steps on illegitimate/spam hits. This may safe guard the ignorant developers from incurring a heavy loss and in some cases losing their business. Please consider.
Thanks and regards,
Venkat Chinniah
App Consultant & Architect2 votes -
Fix security problem with Team Member
My niche is high risk for online hacking. In Cloudways I can add a team member, which sends his un-encrypted password to his account. This is high risk. As owner of my account I should be able to change his password, and then I can share via a secure app like Last Pass. Please consider this a high priority request. Thank You
2 votes -
Force 2FA for Team Members
As account owner, I can setup 2FA on the main account, but I can't force my team members (some of whom have full access) to do so. This obviously creates a security loophole.
6 votes -
Add ability to add multiple IP addresses at once in the Security panel
Provide the ability to add multiple IP addresses at once in the Security panel for when we need to whitelist IPs for managewp and other services.
2 votes -
Fix password change system
At the moment, when signing up there is no limit to password length, but when changing a password, it is limited to 20 characters. This results in the "old" password not being recognised correctly, presumably as it's looking for a password of maximum 20 characters.
So if you create a password with more than 20 characters as your first password, you can't change it without logging out and doing "forgotten password". Rubbish!
1 vote -
Provide an Edit feature for the admin panel URL path name
Vendors (magento) recommend changing the control panel name from "admin" to something else, it would be great if you can provide an edit facility so we can modify the admin URL so that we can launch the control panel from within cloudways as it only permits the default control panel name.
2 votes -
Spectre and Meltdown
Please advise about specific measures did you take regarding Spectre and Meltdowns recent announced threats in order to give a word of trust to our final customers
3 votesCloudways respondedHi Filipe:
We’ve put up an update on our blog about Meltdown and Spectre: https://www.cloudways.com/blog/protection-against-meltdown-and-spectre/
Cloudways Team
-
Firewall Management + fail2ban support
It would be useful to have the ability to configure the default firewall rules at server level, rather than relying on htaccess files which are useless for managing large data sets (i.e. IP lists/ranges).
Additionally, having fail2ban installed and bridging between the firewall would be extremely helpful for using plugins like wp-fail2ban, which automatically bans "bruteforce" login attempts at server level, rather than application level.
29 votes -
Add to CloudwaysCDN DDoS Protection and WAF
Now that there is a Partnership With StackPath this shouldn't be hard. Add another option, charge more, but add the possibility please. If you look at the comments about CloudwaysCDN on the Facebook Group and on the blogpost about it you'll see there is a demand for it.
19 votes -
Enable/ Disable mod_security
Please add Enable/ Disable for mod_security . This will increase our servers and applications security.
7 votes -
Please make your cloud server SOC2 compliant.
Please make your cloud server SOC2 compliant.
3 votes -
Cloud Firewalls
Will you offer a service similar to Cloud Firewalls, as provided by Digital Ocean? You can check the link here: https://blog.digitalocean.com/cloud-firewalls-secure-droplets-by-default/
6 votes
- Don't see your idea?