If your website is hosted on multiple servers with more than one public IP address or if your website has a backup IP address in case of technical trouble, you can easily configure the Sucuri Firewall to use these IP addresses in the Sucuri Firewall’s dashboard.
- Click here to go to the Hosting IP Addresses settings.
There, you can add multiple hosting IP addresses used for load balancing or you can add backup IP addresses as an emergency failover.
To add an additional host IP just select Hosting from the drop-down menu. To add a failover backup host IP, select Backup.
Enter the IP and click Add Address.
Multiple Hosting IP addresses
To sustain the user session on the correct server, Sucuri Firewall uses NGINX ip_hash parameter as explained on the NGINX documentation.
There are two setups of Load Balancing you can choose:
- Default Load Balancing
In this case, the requests will be distributed to the group of servers equally. If one of the servers is down, the next one on the list will take over respecting the Failover Server Timeout setting.
- Cross-Region Load Balancing
The Sucuri Firewall allows you to configure which server should be responsible for most requests per region by using NGINX weight parameter.
In the image above, you can see two servers, one set to USA and the other to Europe. With this configuration, out of 21 USA requests, 20 are sent to the USA server and one to the Europe server. Out of 21 Europe requests, 20 are sent to the Europe server and one to the USA server.
That’s why you’ll be seeing requests originated in the US reaching the Europe server sometimes. This method was chosen to prevent overloading only one server and it’s hard-coded, so you can’t change the number of requests. However, nothing will stop you from adding three Hosting IP and set two to USA and one to Europe. That way, the chances of USA users reaching the Europe server decreases.
Failover Backup IP address
The failover backup hosting IP will be used once the main hosting IP is doing one of the following:
The failover backup IP respects the Failover Server Timeout setting.