CMS protection
Content Management Systems (CMS) typically send information to your website, and this activity can appear malicious due to its automated nature.
CDB's Web Application and API Protection (WAAP) product can distinguish between traffic from your CMS administrators and potentially harmful requests. This ensures that administrative activities remain unblocked and your application stays protected.
The CMS protection policy group contains specific policies that detect when a user is logged into a supported CMS, and automatically adds the user's session to the allowlist. We also maintain a library of known malicious attacks, which allows us to block exploits that have attacked users in the past.
Allow admin access to your domain
In some cases, administrative sections of a CMS-based website may be blocked. For example, for WordPress, WAAP may label a change made to the /wp-admin section of a CMS-based site as malicious behavior such as cross-site scripting or SQL injection.
As a result, WAAP will block admins from making any page edits. You can prevent this issue in two ways: enable the needed policies in the CMS protection policy group or allowlist your static IP address.
Configure CMS Protection rules
You can review the CMS Protection rules and enable or disable them in the CDB Technical Web Portal:
1. Navigate to WAAP > Default Rules.
2. In the domain dropdown at the top of the page, select the needed domain.
3. Click the CMS Protection tab to view and adjust the rules.
Info
Most of the CMS protection policies allow traffic. Only the WordPress WAF ruleset policy will block the traffic to your website.
If you don't see your CMS, you can allow admin access by adding your IP address to the allowlist. Contact our Support team for assistance.
| Policy | Description |
|---|---|
| WordPress WAF ruleset | Block requests that are potentially a WordPress exploit. |
| Logged-in WordPress admins | Allow requests from logged-in WordPress admins. |
| Logged-in MODX admins | Allow requests from logged-in MODX admins. |
| Logged-in Drupal admins | Allow requests from logged-in Drupal admins. |
| Logged-in Joomla admins | Allow requests from logged-in Joomla admins. |
| Logged-in allowlist Magento admins | Allow requests from logged-in Magento admins. |
| Logged-in Umbraco admins | Allow requests from logged-in Umbraco admins. |
| Logged-in PimCore admins | Allow requests from logged-in PimCore admins. |
If you enable a particular policy for your CMS, the admin CMS session will be allowlisted when that admin user logs into the site.
Tip
We recommend disabling policies for Content Management Systems that you don't use.
Allowlist a static IP address
If you don't see your CMS in the list of policies under the CMS policy group, you can allow admin access to your site as follows:
1. In the CDB Technical Web Portal, navigate to WAAP > Firewall.
2. In the domain dropdown at the top of the page, select the needed domain.
3. In the Allowed IPs tab, click Add IP/IP range.
4. Enter your public IP address so all traffic from your IP will be allowed and won't be blocked by the WAAP for any type of request.
5. (Optional) Add a description.
6. Click Save to apply the changes.