Back to Documentation

Security

Firewall Rules

Configure Web Application Firewall (WAF) rules to protect your site from attacks and unwanted traffic.

1Built-in Protection

Every site includes enterprise-grade protection:

DDoS Protection: Automatic mitigation of volumetric attacks
WAF Rules: Protection against OWASP Top 10 vulnerabilities
Bot Protection: Block malicious bots while allowing good ones
Rate Limiting: Prevent abuse and brute force attacks

2IP Access Rules

Control access by IP address:

Go to Site Settings > Security > Firewall
Click "Add Rule"
Choose action: Block, Allow, or Challenge
Enter IP address or CIDR range
Add optional note

# Example rules
Block: 192.168.1.100
Block: 10.0.0.0/8 (entire range)
Allow: 203.0.113.0/24 (office IPs)

3Country Blocking

Block or allow traffic by country:

Go to Firewall > Country Rules
Select countries to block
Or switch to "allowlist mode" for specific countries

Use case: If your business only serves Kenya, you might allow only KE traffic to reduce attack surface.

4Rate Limiting

Prevent abuse with rate limits:

Login pages: 5 requests per minute per IP
API endpoints: 100 requests per minute per IP
General: 1000 requests per minute per IP

Custom rate limits available on Business+ plans.

5Security Events

Monitor blocked threats:

Go to Site Settings > Security > Events
View blocked requests with details:
- IP address and location
- Request path and method
- Rule that triggered the block
- Timestamp

Export events to CSV for analysis or compliance.

On this page

Built-in Protection
IP Access Rules
Country Blocking
Rate Limiting
Security Events

Related