Skip to main content

Does Seravo Use a Firewall (WAF)?

Guide to Seravo's Web Application Firewall (WAF). Learn how global protection and site-specific WAF work, how to use the srv tool for configuration, and discover the features coming with the upcoming Enterprise WAF extension.

Updated over a week ago

Yes. Seravo uses a Web Application Firewall (WAF) to monitor and filter web traffic. It analyzes incoming requests to the site and automatically blocks known attack patterns, such as SQL injections and Cross-Site Scripting (XSS) attempts.

All sites at Seravo are protected against common threats with global security rules. In addition to this, a more specific, site-based WAF protection can be activated for individual sites.

Managing WAF Settings

You can manage the site-specific Web Application Firewall directly from the command line using the srv tool. This allows you to temporarily disable the protection for troubleshooting purposes, for example, if you suspect that legitimate traffic is being blocked.

Available commands:

  • Check status: srv feature waf --status

  • Enable WAF: srv feature waf --enable

  • Disable WAF: srv feature waf --disable

  • More info: srv feature waf --help

Note on latency: When you change the WAF setting, the change does not take effect immediately because the nginx configuration must be reloaded. The setting is updated automatically in the background. Please note that there may be a delay before the change becomes active.

Note: If you need the change to take effect immediately (e.g., for troubleshooting), please contact our customer support.

Enterprise WAF

Upcoming feature for WP Enterprise sites

We are currently developing the Enterprise WAF extension, which will provide our WP Enterprise customers with even deeper visibility and control over their site's security.

Planned features:

  • Custom Security Rules: The ability to implement strictly tailored and tightened firewall rules specifically for your site.

  • Detailed Log Data: In-depth access to filtered traffic logs, making it easier to analyze attack patterns and perform advanced troubleshooting.

  • Optimized Protection: Security rules optimized to match your specific site requirements and integrations.

We will provide further updates once Enterprise WAF is ready for general availability. If you would like to learn more or discuss your site's specific security needs today, please reach out to your account manager or our customer support.

Need help or more information?

Contact our customer support by sending a message to [email protected].

Related Articles
Data locations
How Do I Enable the HTTPS on Our Website?
Logs Available for the Site
Using the WordPress REST API
WordPress and XML-RPC
Did this answer your question?