In this article, you will learn:
WEDOS-Protected Websites
WEDOS Protection is primarily used to protect websites and through that the underlying web hosting infrastructure from attacks and other unwanted traffic. This is achieved by:
- Filtering suspicious traffic based on IP or behavior. WEDOS Protection evaluates all traffic using a complex algorithm. While sometime attack routes and methods are pretty clear, others disguise themselves to appear as legitimate as possible to blend into the crowd of helpful bots and geuine site visitors. Because it’s better to be safe than sorry, the system may sometimes block non-malicious traffic and cause a site to be unavailable to a certain group of visitors or services.
- Delivering cached content. To help decrease server loads, WEDOS Protection caches content, which may cause outdated versions of the website to display, especially if the cached content is requested very often. For more information, read the Protection – CDN Cache article.
- Hiding the web server behind a proxy. A protected website’s server IP should be completely concealed from the Internet and replaced by the IP of the WEDOS Protection proxy server. This may however become an issue in the event a service needs to check whether the web hosting IP matches the corresponding domain’s records. For more information, check out the Protection – DNS and Target IPs article.
- HTTPS. The system enforces using the secure HTTPS (HTTP over SSL) protocol and may cause errors if the encryption fails at any point.
You typically activate the protection and other benefits of WEDOS Protection by adding your domain, but WEDOS can also deploy an emergency version in justified cases.
Emergency WEDOS Global
When an unprotected website operated primarily on a shared Webhosting service becomes the target problematic traffic or an attack that threatens other parts of the infrastructure outside of that website, we must minimize the damage by significantly limiting this problematic website, sometimes even shutting it down completely. This solution is disadvantageous for both us and the customer.
WEDOS Protection allows us to bypass the need for operational restrictions using the mechanisms listed above, which protect the website itself and all related infrastructure, because the attack now has to go through a proxy that is properly equipped to deal with it, and the web server has free resources to do what it’s meant to be doing.
To deploy this protection, we need the Webhosting domain to use WEDOS DNS servers ⧉. In an emergency, a technician will change the DNS records from the web server to the WEDOS Protection proxy in our system, which usually resolves the unwanted traffic within a few minutes and can remove any web hosting restrictions.
We inform customers about the action taken by a message sent to their billing email address.
While Emergency WEDOS Protection is technically free, it comes with these major drawbacks:
- No customer control over WEDOS Protection settings. Unless customers purchase WEDOS Protection for themselves, they don’t have access to controls.
- Any issues are handled by customer support with low priority. Typical response time in case of content issues is 2 hours, may take significantly longer during weekends or holidays.
To enjoy the benefits of WEDOS Protection for free, without any drawbacks of the emergency version, add the domain via our WordPress plugin.
Emergency WEDOS Protection deployment may cause errors. The most common ones, including their solutions, can be found in the Troubleshooting chapter.
Troubleshooting Common Issues
Common issues with sites using WEDOS Protection, either as a stand-alone service or the emergency version deployed by us, include:
- Error messages
- Damaged or dysfunctional website contents
- Blocked access to third-party content and APIs
- Spammed or undelivered emails sent from web
Error Messages
Issue: An error message is displayed on the website.
Solution: The correct solution depends on the displayed error message:
- Not found on accelerator. You will most often encounter this error if you do not have HTTPS set up on your VEDOS Webhosting. Check the domain settings in the certificate according to the Webhosting – Manual HTTPS Setup ⧉ guide. If HTTPS is disabled, enable it. If there are errors with domains, contact support ⧉ and ask to add (sub)domains with disabled validation.
- Gateway Timeout. Make sure your server is not blocking connections to addresses from this list ⧉ (JSON version ⧉).
Website Contents
Issue: The website does not display correctly or at all after deploying WEDOS Protection. Sometimes only the main page or some subpages work correctly.
Cause: The problem is usually caused by a static content caching error, but it can also be related to the blocking of templates, plugins, and external resources described below.
Solution: If you have access to the domain’s WEDOS Global admin panel ⧉, clear the cache or reset it (disable and re-enable) in the CDN Cache settings.
If you do not have access to the WEDOS Global administration, you can add the domain and gain access, or ask us to purge the cache ⧉. Requests are usually resolved by the technical department within 2 hours, depending on the department’s workload and complexity of the solution (especially if the problem is elsewhere).
Blocking External Content
Issue: After deploying WEDOS Protection, a template, plugin, or third-party service/API (crawlers, payment gateways, etc.) doesn’t work properly.
Cause: WEDOS Protection may preemptively block large ranges of IP addresses, for example based on bad reputation. However, between these ranges there may be unproblematic units of addresses used by plugins, templates and generally APIs that your website needs to communicate with, but cannot.
Another common cause of the problem is the restriction of access to a third-party application or interface that you originally set up for the Webhosting server IP. However, after deploying WEDOS Protection, you access it from one of the system’s many regional IP addresses.
Solution: Ask the blocked third party’s support to provide a complete list of IP addresses that we should whitelist on our end to restore communication. They must be units of specific addresses – large quantities, or entire ranges, are usually problematic.
Once you have this list, send the following request ⧉:
Please whitelist the IP addresses (replace the parenthesis with a list of addresses) in the WEDOS Protection system in order to restore the connection of the website (replace the parenthesis with the name of your website) with the service (replace the parenthesis with the name of the template, plugin, API or other setvice that cannot connect).
Requests are usually processed by the technical department within 2 hours, depending on the department’s workload and the complexity of the request (IP address reputation verification).
If, on the other hand, the source of the problem is caused by a blocked connection on a third-party server (typically payment gateways), enable communication for IP addresses from the list at https://ips.wedos.global/ips.json ⧉ (automatically updated).
Email Delivery
Issue: Emails sent from the website (e.g. forms) end up in spam or are not delivered at all.
Cause: The most common cause is a problem with verifying the SPF record due to a different A record of the domain and the actual IP address of the web server.
Solution: Add the actual Webhosting IP address to the domain’s SPF record using the code ip4:X.X.X.X. You can find detailed instructions in the article Emails – SPF record ⧉.
FAQ
What if the attacked Webhosting domain uses third-party DNS servers?
In this case, a technician tries to contact the owner via email and SMS. As long as we cannot effectively protect the service, we limit its parameters or shut it down completely.
How do I know that a website is using WEDOS Global?
Check the DNS A records. If you find two values 45.138.107.X, where X is a number from 0 to 255, the domain directs to WEDOS Protection.
For AAAA records, the corresponding value is 2a0e:acc0::X.
What if I have a different problem or your solution doesn’t work?
Try to direct the domain to your web server instead of the proxy.
Why should I set up WEDOS Global when I’m already protected by another service?
We receive a large amount of unwanted traffic even from domains using other protective services. In some cases, if we cannot enable WEDOS Protection for a website under attack, we have no choice but to limit/disable web hosting.