The Sucuri Firewall functions as a reverse proxy, filtering all incoming traffic through the Sucuri network, parsing good requests from bad requests. To accomplish this, a change is made to your DNS settings.
Specifically, one or more A records are added to the existing configuration, or an existing one’s are modified.
If not done carefully, these DNS changes can affect connectivity to other non-website services such as Mail, FTP/SFTP/SSH or cPanel/WHM. A review of your DNS records and some small changes can resolve these issues.
DNS Configuration Updates
There are two IP addresses important on your WAF configuration: the "Hosting IP Address" and the "Firewall IP address"; both can be found on the main page of the WAF dashboard.
There, you’ll see a box containing both IP addresses, just like this image:
In case you have more than one domain protected, make sure you’re indeed on the Settings page of the correct domain.
The "Hosting IP Address" belongs to your hosting provider. It’s where all the content for your website lives and where you will FTP/SFTP/SSH into to manage your website files. If you are using cPanel or Plesk, that’s also the IP address these services are installed.
If you’re used to connecting to your domain by navigating to
ftp.example.com it may no longer work if the FTP record is pointing to your
Once the WAF was activated, your
example.com domain had its IP address (or A record to be precise) changed to the "Firewall IP address" so the WAF could protect your website.
You can’t change the IP address of your domain because this would deactivate the WAF. However you can use the "Hosting IP Address" as FTP/SFTP/SSH hostname, so you directly access your server (with no interference from the WAF).
Or you can, with the assistance of your hosting provider or system administrator, change the
ftp.example.com sub-domain to point to your "Hosting IP Address" instead of pointing to the "Firewall IP address".
This is done automatically when you use the cPanel or Plesk automatic integration, which is why we recommend using the integration to setup the WAF.
Accessing cPanel/WHM or Plesk
If you’re used to accessing cPanel/WHM or Plesk like
example.com:8443, etc. – the same solution for accessing FTP/SFTP/SSH applies here.
You can either change the
cpanel.example.com sub-domain to point to your "Hosting IP Address" or, you can access the Hosting IP address directly with the control panel port appended on the URL.
For cPanel you would use:
For WHM you would use:
For Plesk you would use:
Just like FTP/SFTP/SSH and cPanel/Plesk, e-mails can stop working for the same reason. While every DNS provider is different, the basics of what has to happen are the same.
Email requires special DNS records named Mail Exchange Record (MX Record) which point to another record in your domain. Usually, the MX record for
example.com is set to
mx.example.com which causes the same issues with mail as it does for the other non-web services. When the WAF is activated,
example.com IP address will be the "Firewall IP Address" and thus the domain can only receive web traffic, not mail traffic.
That incorrect configuration can have your MX records pointed to records that look like this.
If you’re working off a typical cPanel configuration, you will want to change the following in the MX Record section:
mail.example.com = >> [yourhostingipaddress]
If you’re working off a typical GoDaddy configuration, you will want to change the following in the MX (Mail Exchanger) section:
Host = @ -->> Host = [yourhostingipaddress]
At this time, the Sucuri Firewall does not support WebSockets. Therefore, in order to use WebSockets, you’ll need to create a sub-domain, say
ws.example.com and point that sub-domain directly to your hosting server.
This way the WebSockets connection will not pass through the WAF.
Still Not Clear? Need Help?
Please open a General Support Request.
This will be assigned by a trained support agent that will access your DNS account and fix whatever issues you might be experiencing