If your website is hosted on multiple servers with more than one public IP address or if your website has a backup IP address in case of technical trouble, you can easily configure the Sucuri Firewall to use these IP addresses in the Sucuri Firewall’s dashboard.
- Click here to go to the Hosting IP Addresses settings.
There you can add multiple hosting IP addresses used for load balancing or you can add backup IP addresses as an emergency failover.
To add an additional host IP just select Hosting from the drop-down menu. To add a failover backup host IP, select Backup.
Enter the IP and click Add Address.
Multiple Hosting IP addresses
To sustain the user session on the correct server, Sucuri Firewall uses NGINX
ip_hash parameter as explained on NGINX documentation.
There are two setups of Load Balancing you can choose:
- Default Load Balancing
In this case, the requests will be distributed to the group of servers equally. If one of the servers is down, the next one on the list will take over respecting the Failover Server Timeout setting.
- Cross-Region Load Balancing
Sucuri Firewall allows you to configure which server should be responsible for most requests per region by using NGINX
In the image above, you can see two servers, one set to USA and the other to Europe. With this configuration, out of twenty one USA requests, twenty are sent to the USA server and one to the Europe server. Out of twenty one Europe requests, twenty are sent to the Europe server and one to the USA server.
That’s why you’ll be seeing requests originated in the US reaching the Europe server sometimes. This method was chosen to prevent overloading only one server and it’s hard-coded, so you can’t change the number of requests. However, nothing will stop you from adding 3 Hosting IP and set two to USA and 1 to Europe. That way, the chances of USA users reaching the Europe server decreases.
Failover Backup IP address
Failover backup hosting IP will be used once the main hosting IP is:
a) offline; b) timing out; c) sending invalid headers OR d) returning http 50x response codes.
The failover backup IP respects the Failover Server Timeout setting.