About the Cloud WAF Bypass Problem

Yesterday one of the providers of WordPress Security plugins published an article on their blog about cloud-based Web Application Firewall and a particular attack vector.

With a remote firewall, you change your DNS records so they point to the firewall. After examination, the firewall forwards the traffic to your server.  The hazard being discussed in the blog post is essentially: “If someone figures out your server’s real IP address then they can bypass your firewall send traffic directly to your server.”

This is a simple hole to plug.  Add a few lines to your server’s .htaccess file so that it rejects all traffic not originating from the fire wall’s IP addresses.  This is part of the normal process of setting up the cloud-based firewall we use.

Frankly, the aforementioned blog post almost sounds like FUD (Fear, uncert