Back

How to Configure your TrueShield Web Application Firewall (WAF)

What can the SiteLock Trueshield firewall do and the 3 steps in configuring it to block website attacks.

How to Setup Your Firewall

1.Locate your website’s DNS manager. If you do not have this information, or do not know where to find it, please read the Locating Your DNS Manager section. Also check where your nameservers are pointing to. Sometimes just because your hosting is with one provider, doesn’t mean your DNS is managed at the same one. This will help determine which host has your dns manager.

2.On the main page of your dashboard, click the TrueShield box.

3. On this new page, you should see three steps. You can ignore the third if you are just setting up your firewall for now, as it has nothing to do with the firewall setup. If you have an SSL on your site, continue on. If you do not have an SSL on your website, skip to step 7. If you are unsure if your website has an SSL, contact your hosting provider to check.

4. Click the link that says “STEP 1 Verify your domain”. If it says “Not necessary since your site does not use an SSL certificate”, you may not have one. Contact your hosting provider to ensure you do not. If you don’t have one, skip to step 8. If you do, and it still says your site does not use an SSL certificate, please call us so we may provide the correct information to setup your firewall. Otherwise, continue on to step 6.

5.You should see the screen below but with text in the fields. In order to verify your SSL with the firewall, you must add a TXT record in your website’s DNS settings

  • In your DNS manager, select the option to add a TXT record.
  • For host, just use your plain domain name or whatever is in that field. For example, SiteLock would just use “sitelock.com”.
  • Highlight and copy what is in the “TXT Value” field in SiteLock, and paste it into the value field in your DNS Manager.
  • If it asks for a TTL value, just add 14400.
  • Click the save or submit button depending on your hosting provider

Back in the SiteLock window, click the “Click to verify once you change your TXT record” button. Please do note that it can take up to 24 hours for our networking team to verify your certificate.

If you are unsure of these instructions, please contact us for assistance.

6.You will know your SSL is verified when it says “STEP 1 Verify your domain: Completed” as shown below. It will also say “Your site is already verified with SSL” when you click that link. Please note that you will have to leave this screen and come back to check, as it does not automatically update the page. When it is verified, continue on to step 8. Again, please note that it can take up to 24 hours for our networking team to verify your certificate.

7.Click the link that says “STEP 2 Change your A Record(s) and CNAME in your DNS records”. You should see the screen below but with text in the fields.

8. On your website’s DNS manager, make the following changes.

Please note that these instructions are general and will vary based on your hosting platform. More specific instructions may be found by clicking the Instructions link as seen in the image above. Not all hosting providers will have specific instructions.

  • In your DNS manager, change your current A record to the first New IP Address as listed in the field on SiteLock.
  • Create a second duplicate A record (using either @ or just your domain as the host) and point it to the second New IP address as listed in the field on SiteLock.
  • Change your www CNAME from pointing to your domain or @ to pointing to the New CNAME record as listed in the field on SiteLock.
  • Change any other CNAME (except any visitor-facing subdomains) that is pointing to the domain (for example ftp, mail, cpanel, whm, etc) and change them to A records that point to their server IP address.
  • Save these changes in your DNS manager.

Please allow up to 24 hours for the changes to your DNS settings to propagate.

If you are unsure of these instructions, please contact us for assistance.

9.After you have allowed at least 24 hours for your DNS settings to propagate, you can check to see if they are working in a dns checking website. If it was done successfully, you should see the two SiteLock IP addresses under A records and the SiteLock CNAME under CNAMES. If it was unsuccessful, please contact us so that we may either assist you or do it for you.

The product that you just purchased is your TrueShield Firewall/CDN. This will be the proactive measure of your website security. TrueShield will be blocking out malicious traffic from hitting your website, including bad bots and a database of known malicious IP addresses.

Reduce your website security risks

Get started with SiteLock today

Automatically protect your website, reputation and visitors against both common threats and advanced attacks.