Your App is exposed to the World Wide Web to give your users access. Unfortunately not every request is made by friendly humans. In fact there are bots, crawlers and attackers that scan your site for vulnerabilities. Even if they are not successful those requests are harmful because they eat resources which are meant for your users.
Instead of a full-fledged Web Application Firewall we block the most common automated request patterns.
By default "Basic WAF rules" are enabled; you can disable them in the Dashboard.
- common dotfiles
Intentionally we don't block every possible attack we've seen in the past. There are rules which may be specific to your use case but which are not necessarily required for everyone. Use an
.htaccess file to write your own rules.
See our htaccess section for more.