Product Improvements: Flexible
Cloudways values its customers and their feedback! You can now give us your feedback on how we can improve Cloudways services, solution and products by pitching in your ideas!
92 results found
-
Able to turn-off session timeout in the Cloudways Platform
Throughout the day, I am logged out of the Cloudways platform and must re-login in order to access it. When you need to monitor sites then this can become very annoying.
I understand this is due to security reasons, when talking to customer support they also confirmed this and mentions that this is due to a session timeout and an additional layer of security for the portal. They also mentioned that there is no option to unset it.
It would be great if we can decide ourselves if we want to use this security measure and it should be possible…
1 vote -
During the Let's Encrypt autorenewal process, add a htaccess file to work around protected roots
If you have a .htaccess in the root of your application, that adds a htpasswd based auth password for the entire site, the Let's Encrypt autorenewal process fails. The process create a subdirectory, .well-known/ and uses it for the renewal process, deleting it at the end of the process.
There are two easy ways to get around this that I can think of:
do not delete the .well-known directory at the end of the process. so that us customers can add in the .htaccess file in there if we want to, to leave it readable
as a part of the…
1 vote -
Setting Sucuri as WAF should also enable WAF bypass prevention
In the advanced settings for nginx there is an option to set a WAF. This is needed fo nginx to grab the right headers in order to get the actual visitor's IP address.
Using a WAF one would certainly also want a WAF bypass prevention. For this SUCURI suggests adding the following lines to the nginx vhost:
location / {
allow 192.88.134.0/23;
allow 185.93.228.0/22;
allow 2a02:fe80::/29;
allow 66.248.200.0/22;
allow 208.109.0.0/22;
deny all;
....
}There should be an option to do that when chosing sucuri as a WAF.
Also, if you contact support to add those rules for you (which…
1 vote -
Launch a new feature on the console which blocks the bad BOTS and DDOs attacks from the site for popular applications like Magento.
Launch a new feature on the console which blocks the bad BOTS and DDOs attacks from the site for popular applications like Magento.
1 vote -
that there should be mechanism for notification of requests generated by instead load on the server.
that there should be mechanism for notification of requests generated by instead load on the server.
1 vote -
SSH keys should accept eliptic curves - not only RSA
SSH keys should accept eliptic curves - not only RSA
RSA is old, using too big big length.
I would like to see possibility to use standard eliptic curves that are used everywhere. For some reason this is still not possible on Cloudways.1 vote -
provide a way for site-administrators to view the auth.log
When sites are hacked the first thing to check is the auth.log to see who accessed what, when. When a compromise happens we need to be able to investigate immediately and find a fix.
Can site owners be provided with a way to see the auth.log for their site, similar to how we can currently view web access/error logs?Specifically what I'm requesting is live (and perhaps filtered to my site) visibility on:
* auth.log
* sftpserver.log
* history of auth and sftpserver logs so that we can go back at least a week to see if we…1 vote -
SSH/Platform Login Alerts
As an agency hosting a magnitude of customers through Cloudways we would like to see the ability to get Cloudways Bot alerts and email alerts for the following:
- Cloudways Login
- SSH Login (IP/Location etc)
- SFTP Login
- Changes to application/server configiration
1 vote -
Hide origin IP option rather than relynon cloudflare
Don't rely on cloudflare
1 vote -
close the different IP verify
Our different colleagues need sign in cloudways frequently, so we suggest if can close the different IP verify
1 vote -
2FA with Whitelisting
For those with 2FA, allow someone to whitelist their work ip address for XX days, so that 2FA is only required when time expires or access is from a new ip.
1 vote -
Fix password change system
At the moment, when signing up there is no limit to password length, but when changing a password, it is limited to 20 characters. This results in the "old" password not being recognised correctly, presumably as it's looking for a password of maximum 20 characters.
So if you create a password with more than 20 characters as your first password, you can't change it without logging out and doing "forgotten password". Rubbish!
1 vote
- Don't see your idea?