xCloudโs 7G and 8G Web Application Firewalls automatically block malicious traffic to keep your website safe. They protect against attacks such as SQL injection, cross-site scripting (XSS), bad bots, and more. While doing this, they allow legitimate visitors to browse your site without interruption.
What Are 7G and 8G WAF? #
The 7G Firewall blocks bad bots, suspicious query strings, referrers, malformed requests, and unauthorized HTTP methods.
The 8G Firewall includes all of these protections. It also adds rules to block bad cookies, bad hosts, advanced bots, and remote code execution (RCE).
Both firewalls reduce server load by filtering harmful requests early, before they reach your site.
Why Whitelist Firewall Rules? #
Sometimes a firewall can block legitimate requests. This is called a false positive. It can cause errors such as 403 Forbidden during uploads, plugin updates, or when connecting to third-party services.
False positives often happen when:
- A plugin or theme contains query strings that match firewall patterns
- Trusted API calls are flagged as suspicious
- Certain file types or URLs match default rules
- Search engine or analytics bots are blocked
Whitelisting specific firewall rules allows safe requests to pass without turning off your firewall protection.
Steps to Whitelist 7G and 8G Rules for Your Website in xCloud #
Learn how to whitelist specific 7G and 8G WAF rules in xCloud to fix false positives without turning off your firewall. This guide walks you through enabling the firewall, checking logs, and adding safe traffic exceptions.
Step 1: Enable the Firewall #
Log in to your xCloud dashboard. Go to Your Website โ Tools โ Security. Toggle on the 8G Firewall (or 7G) and click Save Settings.
Step 2: Find Which Rules Are Blocking Legitimate Requests #
Go to Site Monitoring โ Logs. Select the 8G Error Log (or 7G log). Look for entries with 403 errors. Each log line shows a triggered rule inside brackets, such as [“:bad_querystring_6:”].
The part before the number (for example, bad_querystring) is the rule name you will use when creating your whitelist.
Step 3: Construct the Whitelist Variable Name #
To whitelist a rule, set its firewall variable to 0. The variable name follows a pattern:
- 7G Drop: $7g_drop_<rule_name>
- 8G Drop: $8g_drop_<rule_name>
Example: If the triggered rule is bad_querystring_6, the whitelist variable will be:
- For 7G: $7g_drop_bad_querystring
- For 8G: $8g_drop_bad_querystring
Step 4: Whitelist Rules via xCloud Custom NGINX (Site-Specific) #
Open Tools โ NGINX Customization in your site dashboard. Click Add a New Config. Enter the whitelist rule using NGINX syntax.
Example: Whitelist bad_querystring in 7G
if ($bad_querystring = 1) {
ย ย ย ย set $7g_drop_bad_querystring 0;
}Example: Whitelist by IP Address
if ($remote_addr = "199.191.137.17") {
ย ย ย ย set $7g_drop_bad_request 0;
ย ย ย ย set $7g_drop_bad_referer 0;
ย ย ย ย set $7g_drop_bad_querystring 0;
ย ย ย ย set $7g_drop_bad_method 0;
ย ย ย ย set $7g_drop_bad_bot 0;
}Example: Whitelist Plugin Requests by URI
if ($request_uri ~* "essential-blocks") {
ย ย ย ย set $7g_drop_bad_request 0;
ย ย ย ย set $7g_drop_bad_referer 0;
ย ย ย ย set $7g_drop_bad_querystring 0;
ย ย ย ย set $7g_drop_bad_method 0;
ย ย ย ย set $7g_drop_bad_bot 0;
}Note: If using the 8G Firewall, replace $7g_ with $8g_ in all variables.
Step 5: Save and Test #
After adding your whitelist rules, save the configuration. Test your website to confirm the false positives are resolved.
Server-Wide Whitelisting (Advanced) #
You can apply whitelist rules to all websites on the server by editing the firewall configuration files via SSH.
The file locations are:
- 7G: /etc/nginx/xcloud-conf/7g/server-conf/
- 8G: /etc/nginx/xcloud-conf/8g/server-conf/
After making changes, run nginx -t to test the configuration. Then reload NGINX with service nginx reload.
This method affects all hosted sites and should be tested carefully.
By following these steps, you can fine-tune your firewall to block real threats while preventing disruptions from false positives.
Still stuck? Contact our dedicated support team for any of your queries.
