WAF & Core Security Features
Submitting a Malware Removal Request (SLA)
Last Updated: December 7, 2025When to Submit a Malware Request Submit a request immediately if you notice any of the following: Suspicious redirects or pop-ups on your website. Your site has been blacklisted by Google, Bing, or a security provider. You cannot log into your administrative backend (potential backdoor). Your site loads slowly and contains unknown code. The Removal Process and SLA Guarantee Priority 1: The malware removal service is prioritized. Your SLA guarantees an expert will begin cleaning and remediation within the time frame specified by your plan (e.g., 3 hours for Basic, 1 hour for E-commerce). Comprehensive Cleaning: Our team will clean all files, databases, remove backdoors, and harden your system configuration. Blacklist Removal: We handle the process of submitting the clean site to search engines to remove the blacklisting warning. How to Submit the Request Open a Support Ticket: Log into your Client Area and select the “Malware/Hack Removal” department. Provide Critical Information: A description of when you first noticed the infection. FTP/cPanel/SSH credentials (ensure these are current). Confirmation that you have changed your application (e.g., WordPress) admin passwords.
How to Handle False Positives (Whitelisting)
Last Updated: December 7, 2025Understanding False Positives A “False Positive” occurs when a legitimate user request (e.g., a complex data entry form, a custom admin action) is flagged as malicious by the WAF and subsequently blocked. Diagnosing a Block Check the WAF Logs: Use the WAF logs tool in your cPanel or Client Area to see the recent traffic logs. Look for an entry corresponding to the blocked action, noting the Source IP Address and the Rule ID that triggered the block. Confirm Legitimacy: Ensure the blocked IP or action belongs to a trusted source (e.g., your own office IP or a necessary third-party service). Whitelisting IP Addresses The safest way to resolve a false positive for a trusted source is to whitelist the source IP. Access Whitelisting Tool: Navigate to the “WAF Configuration” or “IP Management” section. Add IP: Enter the source IP address that was blocked. Note: Whitelisting should be done sparingly, as it bypasses all WAF rules for that specific IP address. Submitting a WAF Rule Review (Recommended) If a critical function of your website is being blocked, contact our support team immediately. We can analyze the specific Rule ID and implement a more granular exclusion rule, ensuring the specific function...
Managing Your Zero-Day Exploit Prevention Settings
Last Updated: December 7, 2025The Threat of Zero-Day Exploits A Zero-Day vulnerability is a security flaw that is unknown to the software vendor or public, meaning no patch or fix exists yet. Hackers often exploit this gap immediately, making protection crucial. How CyberWAF Provides Zero-Day Shielding Our platform uses advanced heuristics and virtual patching techniques, which do not require direct code modification on your site: Behavioral Analysis: We look for behavior patterns typical of zero-day attacks, rather than known signatures. Protocol Enforcement: If a new vulnerability attempts to bypass standard protocol rules, the WAF enforces strict compliance and blocks the suspicious request immediately. Verification and Configuration Status Check: You can verify the status of your Zero-Day protection within your Client Area under the “Security Overview” section. Recommendation: This feature should always be enabled and is active by default on all CyberWAF plans to ensure continuous, proactive defense.
Understanding WAF Rules and Filtering Modes
Last Updated: December 7, 2025Learn the difference between monitoring and blocking modes, and how CyberWAF uses advanced rule sets to analyze and filter incoming traffic. What is a Web Application Firewall (WAF)? A WAF is a dedicated security layer (Layer 7) that filters, monitors, and blocks malicious HTTP traffic aimed at your web application. Unlike a traditional firewall, the WAF inspects the content of the data (forms, cookies, requests) to prevent application-specific attacks. WAF Filtering Modes Explained Your WAF can typically operate in two main modes: Monitoring Mode (Passive): The WAF analyzes all incoming traffic and logs any malicious attempts it detects, but it does not block them. This mode is useful during initial deployment to tune rules and identify potential false positives before enabling full protection. Blocking Mode (Active): The standard, recommended mode. The WAF actively blocks any request that matches a known malicious signature (e.g., SQL Injection, XSS) before it reaches your application. How Our Rule Sets Work CyberWAF utilizes constantly updated rule sets based on industry standards (like the OWASP Top 10) and proprietary intelligence. These rules are designed to recognize patterns indicative of attacks, such as: Unusual characters or commands in form fields. Attempts to access system files or directories....