Service Improvement

Cloudways values its customers and their feedback! You can now give us your feedback on how we can improve Cloudways services, solution and products by pitching in your ideas!

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Provide an SSL badge for Cloudways users to display on their sites. Most SSL companies provide an HTML Coded badge for website users to see.

    Provide an SSL badge for Cloudways users to display on their sites. Most SSL companies provide an HTML Coded badge for website users to click on which then opens a security check popup that shows that the site is, in fact, secure at the very moment of use. It's reassuring for users, especially on an e-commerce site, to know they are protected.

    4 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  2. Please make search feature in all Bot Protection data table.

    so this make easier for user to find the ip addresses.
    And you can make a specific fiture to make a whitelist IP Adresses.

    Also please make the pagination better, so user can go to specific page.

    And also in the data table, please make a filter by country, ip, etc

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  3. Add ablility to bulk whitelist IP's in Bot protection

    Please add a way to import whitelist IPs from a list(or copy/paste) for "Bot Protection" as now going through the blocked IPs and comparing IPs and whitelisting one by one is hardly an option. Also there are legitimate optimization services that we use that get blocked(like https://nitropack.io for example) and they 10s of IPs so bulk whitelisting is much needed indeed.

    Thank you, guys/gals and I hope this will be implemented sooner.

    25 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    79 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  4. Slow HTTP DoS (Denial of Service) Attack

    Your all web servers are vulnerable to Slow HTTP DoS (Denial of Service) attacks.

    Slowloris and Slow HTTP POST DoS attacks rely on the fact that the HTTP protocol, by design, requires requests to be completely received by the server before they are processed. If an HTTP request is not complete, or if the transfer rate is very low, the server keeps its resources busy waiting for the rest of the data. If the server keeps too many resources busy, this creates a denial of service.

    Attack Details:
    Time difference between connections: 10006 ms

    The impact of this vulnerability:
    A…

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  5. Display remaining Lets encrypt SSL limit

    SSL has rate limit for SSL certificates which is reset in 12hrs. This limit should be displayed on SSL page so that user can be careful.

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  6. Two factor authentication - Mandatory for Team Members

    Please add the ability for main/primary account holders to force TFA use for all Team Member accounts. Not having this capability (or the ability to see TFA status on Team Member accounts) is a significant security hole, of the type that could lead us to migrate away.

    4 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  7. Bulk enable bot protection on all apps over a server

    I want to know if there is a possibility to enable bot protection on all of the apps under a server at once. I asked the support team but they have said no. I badly need that since that could possibly save days of work as I have over 100 websites running under your servers.

    5 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  8. Launch a new feature on the console which blocks the bad BOTS and DDOs attacks from the site for popular applications like Magento.

    Launch a new feature on the console which blocks the bad BOTS and DDOs attacks from the site for popular applications like Magento.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  9. that there should be mechanism for notification of requests generated by instead load on the server.

    that there should be mechanism for notification of requests generated by instead load on the server.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  10. Labels and wildcards for database whitelist

    Add the ability to label IPs added to the remote DB whitelist so you can add your own identifier to IPs. And also add the ability to wildcard IPs by range eg. 5.40.%.%, and also the ability to add by domain name in addition to IP. This will allow for better management and greater control of whitelisted IPs

    6 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  11. SSH keys should accept eliptic curves - not only RSA

    SSH keys should accept eliptic curves - not only RSA
    RSA is old, using too big big length.
    I would like to see possibility to use standard eliptic curves that are used everywhere. For some reason this is still not possible on Cloudways.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  12. Remove Server Signature for Improved Security

    Provide a way to disable the server signature to improve security by not disclosing the server type and server software, along with other information, which could allow hackers to determine vulnerabilities by listing server and software specifications.

    Thanks!

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  13. Check for the blacklist IP before assigning Server IP

    Hello Team,

    Can you please add some feature where it'll check for the blacklist before assigning server IP?

    It seems like someone else was using assigned server IP before it's assigning to the user and they have abused the server so their IP is under blacklist and that blacklist server IP is not going to be useful for the new user.

    4 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  14. create a drop-down for "SSL ciphers" in the "APPLICATION SETTINGS" below the "TLS VERSIONS" for customers who want only strong SSL ciphers

    Customers can get an A+ rating on https://www.ssllabs.com/ssltest/ if you:
    Add an "SSL ciphers" drop-down for customers that are interested in only using strong SSL ciphers.

    You can consider your current ciphers as "default", and add an option for "most secure" that allows customers to select a pre-defined "A+ rated" SSL cipher configuration.

    The "SSL Cipher" configuration would go below the existing "TLS VERSIONS" option in the "APPLICATION SETTINGS" > "GENERAL" > "TLS VERSIONS" configuration interface.

    7 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  15. Add WAF module StackPath

    Like done with CloudFlare and Sucuri a WAF module for StackPath's WAF would be great. So, one will be able to see the real IP - just like with CloudFlare and Sucuri

    5 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  16. Authenticated Origin Pulls / SSLVerifyClient require

    I'm new customer, and previous tenant has domains pointing to my IP.
    My server is being hammered, tried blocking malicious traffic many different ways already, but need to enable Apache option SSLVerifyClient require.

    It means, the webserver will only accept connections from cloudflare, and nobody else. Quite common for people to bypass cloudflare, and hack into the origin server directly.

    If you let me edit the server.apache file, I would put the following:

    SSLCertificateFile "/applications/xxx/privatehtml/cert2020.crt"
    SSLCertificateKeyFile "/applications/xxx/private
    html/cert2020.key"
    SSLCACertificateFile "/applications/xxx/private_html/server-ca.crt"
    SSLVerifyClient require

    Authenticated Origin Pulls
    Authenticated Origin Pulls allow you to cryptographically verify that requests to your origin server…

    5 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  17. whitelist

    Please add Remark Option with Whitelist IP address in Server Security Section. Right now its difficult to find out which IP is pointing to external important server and which is IP is added for temporary use. Deleting an IP by mistake can take us into trouble as some live App IP's are listed in Whitelist IP list.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  18. provide a way for site-administrators to view the auth.log

    When sites are hacked the first thing to check is the auth.log to see who accessed what, when. When a compromise happens we need to be able to investigate immediately and find a fix.
    Can site owners be provided with a way to see the auth.log for their site, similar to how we can currently view web access/error logs?

    Specifically what I'm requesting is live (and perhaps filtered to my site) visibility on:
    * auth.log
    * sftpserver.log
    * history of auth and sftp
    server logs so that we can go back at least a week to see if we…

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  19. SSH/Platform Login Alerts

    As an agency hosting a magnitude of customers through Cloudways we would like to see the ability to get Cloudways Bot alerts and email alerts for the following:

    • Cloudways Login
    • SSH Login (IP/Location etc)
    • SFTP Login
    • Changes to application/server configiration
    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  20. 1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  • Don't see your idea?

Feedback and Knowledge Base