• Resolved MrMattEastwood

    (@mrmatteastwood)


    Hello, Shield team,

    I noticed that Sucuri’s SiteCheck tool tells me there’s no WAF detected on my website, brandartery.com.

    Screenshot: https://pasteboard.co/JVrtDyq.png

    However, in Shield’s Security Dashboard on the “Firewall” tab, everything is green and enabled.

    Screenshot: https://pasteboard.co/JVru4EG.png

    Can you make heads or tails of this?

    Thanks!
    Matt.

    EDIT: fwiw, it’s running on an nginx server at SiteGround. Don’t know if or how that factors in.

    • This topic was modified 2 months, 2 weeks ago by MrMattEastwood. Reason: Added info re. nginx

    The page I need help with: [log in to see the link]

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author Paul

    (@paultgoodchild)

    You need to first understand what Sucuri’s “scan” is about.

    It’s a lead-generation tool for their Sucuri security product.

    It’s not a thorough “scan” and it’s not, by any means, a thorough security analysis or testing suite.

    It’s not designed to detect whether Shield’s firewall is running because there’s little way for them to detect that anything is there to block or intercept requests unless they actually send test malicious requests to the site.

    We don’t, for example, offer these sorts of scans as they’re fundamentally misleading. The only thing you can really scan for with such testing is the positive presense of something, not for the lack of it.

    I hope that helps.

    Thread Starter MrMattEastwood

    (@mrmatteastwood)

    Hey Paul, totally forgot to respond. It does clarify! I spoke to a colleague the other day as well, who is much more tech-savvy than me, and he confirmed the same thing.

    Thanks for your quick reply.

Viewing 2 replies - 1 through 2 (of 2 total)
  • You must be logged in to reply to this topic.