cwatch web security administrator guide · content delivery network (cdn) service accelerates site...

rat

Comodo cWatch Web Security

Software Version 2.10

Website Administrator GuideGuide Version 2.10.042018

Comodo Security Solutions1255 Broad StreetClifton, NJ 07013

Comodo cWatch Web Security – Website Administrator Guide

Table of Contents 1 Introduction to Comodo cWatch Web Security.....................................................................................................3

1.1 Purchase a License..........................................................................................................................................4 1.2 License Types...................................................................................................................................................7 1.3 Add Websites....................................................................................................................................................7 1.4 Login to the Admin Console.........................................................................................................................12

2 The Main Interface..................................................................................................................................................13 3 The Dashboard........................................................................................................................................................16 4 Website Data and Settings.....................................................................................................................................21

4.1 View Alerts......................................................................................................................................................22 4.2 Website Overview..........................................................................................................................................23 4.3 Comodo Vulnerability Scans .......................................................................................................................26

4.3.1 OWASP Top 10 Vulnerability Scan.......................................................................................................27 4.3.2 WordPress Vulnerabilities Scan..........................................................................................................31

4.4 Malware Scan Results...................................................................................................................................35 4.5 Cyber Security Operation Center Results...................................................................................................37 4.6 Content Delivery Network Metrics................................................................................................................39 4.7 Configure Firewall Rules ..............................................................................................................................46 4.8 Run Executive Scans ....................................................................................................................................49 4.9 Website Configuration...................................................................................................................................52

4.9.1 Configure FTP Settings ........................................................................................................................53 4.9.2 Configure a Website for cWatch Scans...............................................................................................54 4.9.3 Domain Configuration Instructions ....................................................................................................57 4.9.4 SSL Configuration ................................................................................................................................63 4.9.5 Configure CDN Settings.......................................................................................................................69 4.9.6 Configure WAF Settings ......................................................................................................................73

5 The Settings Interface............................................................................................................................................76 6 Upgrade Licenses for Domains.............................................................................................................................83 7 Manage Your Profile...............................................................................................................................................85 8 Get Support.............................................................................................................................................................88About Comodo Security Solutions...........................................................................................................................92

Comodo cWatch Web Security – Website Administrator Guide | © 2018 Comodo Security Solutions Inc. | All rights reserved. 2


1 Introduction to Comodo cWatch Web Security

cWatch Web Security is a cloud–based security intelligence service built for website and domain administrators to monitor and secure their web applications from various types of attacks and threats. The console allows administrators to view statistics about attacks and security related incidents which have been monitored and blockedon protected domains

• cWatch runs regular malware scans on your domains and automatically removes identified malware. The Content Delivery Network (CDN) service accelerates site performance by delivering your web content from the data center closest to your visitor.

• The service will analyze event logs from your domains in real–time to identify and block attacks based on rules managed by Comodo Cyber Security Operations Center (CSOC). It will also identify and block vulnerabilities found in the Open Web Application Security Project (OWASP) top ten list.

• You can also have log files manually analyzed by qualified technicians in the Comodo SOC team.

cWatch Web Security is available in three different service levels. More details are available in License Types.

This guide explains how to purchase cWatch licenses, how to set up the service and how to use the cWatch web console.

Guide Structure:



• Introduction to Comodo cWatch Web Security

• Purchasing a License• License Types• Add Websites• Logging–in to the Administrative Console

• The Main Interface

• The Dashboard

• Website Data and Settings

• View Alerts• Website Overview• Comodo Vulnerability Scan Results• Malware Scan Results• Cyber Security Operation Center Results• Content Delivery Network Metrics• Configure Firewall Rules • Run Executive Scans • Website Configuration

• Configure FTP Settings • Configure a Website for cWatch Scanning • SSL Configuration • Configure CDN Settings• Configure WAF Settings

• The Settings Interface

• Upgrading Licenses for Domains

• Manage Your Profile

• Getting Support

1.1 Purchase a LicenseFour types of cWatch license are available:

• Basic

• Pro

• Premium

For more details on the services offered with each, see License Types.

• You can purchase licenses at https://cwatch.comodo.com/plans.php, or from the cWatch management console after logging in at https://login.cwatch.comodo.com/login.

• Licenses are charged per–website. Sub–domains are not covered if you buy a license for a primary domain like example.com. Each sub–domain must be purchased as a separate license.

• You can add multiple license types to your account if you wish to implement different protection levels on different websites.

• You can associate websites with licenses in the cWatch interface. See Add Websites for more details.

To purchase a license:


https://login.cwatch.comodo.com/loginhttps://cwatch.comodo.com/plans.php


• Choose a license type at https://cwatch.comodo.com/plans.php.. See License Types for more details about the features of each license.


https://cwatch.comodo.com/plans.php


• Select the license period and enter the number of websites (domains) you want to cover with the license.

• Next, enter your details:

• If you already have a Comodo account, select 'Existing Comodo User' and enter your username and password.

• If you don't have a Comodo account, select 'New Comodo User'. Enter your email address and a password to create a new account.

• Complete the payment details section.

• Read the 'End User License/Subscriber Agreement' and tick the checkbox to agree.

• Click 'Continue'. After your order has been successfully processed, you will see the following order confirmation screen:

• Your licenses are now active. You will also receive a confirmation email with your order details.

• Existing customers should next login to their cWatch account and start registering their domains.

• New users will first need to activate their Comodo account by following the link in the account verification email.

• Register your domains:

• Login at https://login.cwatch.comodo.com/login• Click the 'Add Site' button at top–right to get started

• See Add Websites for more help with adding and configuring websites.


https://login.cwatch.comodo.com/login


1.2 License TypescWatch offers different levels of monitoring, protection, management and CDN services to websites depending on the type of license. Four license types are available:

• Basic

• Pro

• Premium

You can purchase different license types for specific websites depending on the level of protection you require for each. For more details on associating websites with respective license subscriptions, see Add Websites.

The following table shows the features and services that are available with each license type:

Feature/Service Basic Pro Premium

Number of Websites (Unlimited Web Pages) 1 site 1 site 1 site

Detection & Removal of Known & Unknown MalwareStand–alone File | Embedded in Script | Database

Immediate Immediate Immediate

Security Information and Event Management (SIEM)and 24/7 Cyber Security Operations Center (CSOC)

CSOC Analyst

Malware Scan Detection / Block Spam & Website Filtering Malware Detection Scan Every 24 hours Every12 hours Every 6 hours

Vulnerability (OWASP) Detection Scan Every 24 hrs Every 12 hrs Every 6 hrs

Web Application Firewall (WAF) Fine Grained Control

Bot Protection Scraping Protection Content Delivery Network (CDN) Layer 7 DDoS Protection

Layer 3, 4, 5 & 6 DDoS Protection

30 Days Money Back Guarantee

1.3 Add Websites• The cWatch console lets you add and configure websites for cWatch protection and for acceleration via the

content delivery network (CDN).

• The number of sites that can be added to your account depends on your license. See Purchase a License for details about license types.



• After enrollment, you can configure threat monitoring and CDN settings for each website. See Website Configuration for more details.

To add a new domain

• Login to cWatch at https://login.cwatch.comodo.com/login with your username and password.

The dashboard will appear by default

• Click 'Add Site' at top–right to start the 'Add Websites' wizard:

The wizard contains three steps:

• Step 1 – Register your website

• Step 2 – Select License

• Step 3 – Finalization

Step 1 – Register your website• Enter the name of the website you wish to register. Do not include 'www' at the start.

• Click 'Continue Setup' to move to the next step.




Step 2 – Select LicenseNext, choose the license type you wish to activate on the site.

• cWatch features and CDN traffic limits vary according to license type. See License Types for more details. Alternatively, click Click 'Learn more' in the 'Select License' screen.

• The drop–down displays all licenses that you have purchased.

• Choose the type of license you wish to associate with the domain you entered in step 1

• Click 'Finish' to proceed

• See Purchase a License if you need help to buy more licenses



Step 3 – FinalizationThe final step allows you to configure your DNS settings.

• cWatch will generate a CNAME DNS record for the website you just enrolled

• You need to add this record to the DNS entry for your domain to route your site traffic through the CDN.

• To view the CNAME details:

• Click the website name in the main menu on the left

• Click 'Settings' > 'Domain'• Your web host may be able to help you with this step. Guidance is also available at

https://support.google.com/a/topic/1615038?hl=en.


https://support.google.com/a/topic/1615038?hl=en


Tip: You can skip this step for now and can add the CNAME entry to the DNS records later. The CNAME entry will be available in the 'CDN Settings' area of the website. See Domain Configuration Instructions for more details.



• Click 'Get Started'.

Your new website will be added to your account. All features will be activated as per the license chosen for the site.

• Repeat the process to add more websites.

1.4 Login to the Admin ConsoleYou can login into the cWatch console at https://login.cwatch.comodo.com/login using any browser:




• If you are logging–in for the first time, use the username and password given in the cWatch account creation email. We strongly recommend you change your password after first login for security reasons.

2 The Main Interface• The cWatch dashboard contains an at–a–glance summary of the security of your monitored websites.

• Links to all major areas of the interface are shown on the left. The right–hand pane displays data for the selected item.

• Settings, profile options and the logout button are shown at the top–left:



Lists all domains which you have added to cWatch.

• Manage Settings – configure malware scans, FTP, CDN and more. See The Settings Interface for more details.

• Manage DNS – Add DNS records in order to route traffic through the content delivery network. See Manage DNS Settings for more details.

Your profile. Change your contact details, alert settings and password. See Manage Your Profile for more details.

Logout of cWatch.

The left–hand menu contains a link to the dashboard and shows all domains added to your account. Click a domain name to reveal domain options:



• Dashboard – Overall statistics on all domains that are protected and managed.

• Click a domain name to open the following menu items:

• Alert – Shows all notifications about malware and vulnerabilities discovered on the website. See View Alerts for more details.

• Overview – Summary of security status and CDN performance. See Website Overview for more details.

• Vulnerabilities – All threats in the OWASP top ten that have been blocked by cWatch. You can run on–demand vulnerability scans on the website at anytime. See Comodo Vulnerability Scan resultsfor more details.

• Malware – The results of the last ten malware scans run on the domain. You can also run scans, remove malware or add items to the whitelist from here. See Malware Scan Results for more details.

• COSC – Real–time analysis of attack patterns on your website from the Comodo Security OperationsCenter. See Cyber Security Operation Center Results for more details.

• CDN Metrics – Data about your content delivery network traffic. This includes total usage, data throughput and the locations from which your trafficoriginated. See Content Delivery Network Metrics to find out more.

• Firewall Rules – Create your own custom Firewall rule. See Configure Firewall Rules for more information.

• Executive Scan – Run a scan on your sites to check and fix security vulnerabilities. See Run Executive Scans for more details.

• Settings – View and configure cWatch protection settings for your website. See Website Configuration to learn more.

Help and Support:The footer contains copyright information, terms and conditions and support links.

• Click the 'Terms and Conditions' link to view the cWatch EULA.

• Click 'Help' to view the cWatch guide at https://help.comodo.com/topic–285–1–848–11000–Introduction–to–Comodo–cWatch–Web–Security.html.

• Click the 'Chat with us' button for instant support from technicians at Comodo. See Get Support for more details.


https://help.comodo.com/topic-285-1-848-11000-Introduction-to-Comodo-cWatch-Web-Security.htmlhttps://help.comodo.com/topic-285-1-848-11000-Introduction-to-Comodo-cWatch-Web-Security.htmlhttps://help.comodo.com/topic-285-1-848-11000-Introduction-to-Comodo-cWatch-Web-Security.htmlhttps://help.comodo.com/topic-285-1-848-11000-Introduction-to-Comodo-cWatch-Web-Security.html


3 The DashboardThe dashboard shows a top–level summary of the security of all protected websites and sub–domains on your account. This allows you to quickly identify issues and effectively track the risks associated with your sites. Further details on each domain are listed underneath the main graphics.

• Click 'Dashboard' on the left to open the dashboard.

• Click 'Simple View' or 'Advanced View' at top–right to change the level of detail shown on the dashboard.

Attacks Blocked – Shows the number of attacks prevented by cWatch on registered websites.

• Place your mouse over a sector to view the quantity of attacks blocked on a particular domain as a percentage of overall attacks.

• Click on a sector to view the attack details page for that website. See Cyber Security Operation Center Results for more info.

Malware – Shows how many pieces of malware have been identified by cWatch on registered websites.

• Place your mouse over a sector to view the quantity of malware



found on a particular website as a percentage of overall discovered malware.

• Click on a sector to view the Malware Scan Results page for that website. See Malware Scan Results for more info.

Vulnerabilities – Shows the number of vulnerabilities identified by cWatch on registered websites.

• Place your mouse over a sector to view the quantity of vulnerabilities identified on a particular website as a percentage of overall discovered vulnerabilities.

• Click on a sector to open the 'Vulnerabilities' page for that website. See Comodo Vulnerability Scan Results for more details.

There are two ways to view the dashboard:

Simple View Displays overall statistics on all domains in terms of 'License Type' , 'License Expiry' and their 'Latest Scans'.



Dashboard – Simple View

Column Header Description

Site Name of the website.

• Click the '+' icon beside a site name to view a summary of the site's security status. Security features are arranged by license type. See 'View Security Status of a Website' for more details

License Type The type of license on the domain. See License Types for more details on the features of each license.

Expiration Date The expiry date of the currently active license.

Last Vulnerability Scan Date and time of the most recent vulnerability scan on the site.

• cWatch regularly scans your websites to protect them against the types of vulnerabilities published in the Open Web Application Security Project (OWASP) top ten list.

• Any threats discovered will be automatically blocked. You can also run on–



demand scans on the website as required.

• Scan results are shown in the 'Vulnerabilities' page for the site (click the domain name on the left and select 'Vulnerabilities' from the menu).

See Comodo Vulnerability Scan Results for more details.

Last Malware Scan Date and time of the most recent virus scan on the site.

• cWatch scans all files on websites enabled for malware scanning.

• You can set a schedule for these scans and can also run on–demand scans when required.

• The results of the scans are displayed in the 'Malware Scan' page. See Malware Scan Results for more details.

View Security Status of a Website• Click the '+' icon beside a website name to open its security status details pane.

Each tile shows the security status of features covered by the various license types. The number of tiles you see depends on the website's active license type.

License Type Tiles Displayed

Starter Starter

Pro Starter and Pro



Premium Starter, Pro and Premium

Advanced ViewThe 'Advanced View' shows security statistics according to your license type. The higher the license type you have, the more security components you will see.

For example:

• If your domain has a 'Starter' license, then 'Advanced View' will only show details of starter license security components.

• If your domain has the 'Pro' license type, then you will see the status of both starter and pro security components.

• 'Premium' licenses contain the full complement of security components.

Similar to the 'Simple' view, you can view more information on each website by clicking the plus symbol beside the domain name.



Add SiteAllows you to add a new domain to your website. See Add Websites for more details.

4 Website Data and Settings• cWatch displays panoramic data about all events occurring on your website.

• These include attacks monitored and blocked, the results of malware and vulnerability scans, and attacks identified from logs based on correlation rules.

Click a website on the left to open the following options:



• Alert – View any alerts generated after a cWatch scan on the site. You can schedule a malware scan if one has not been set. See View Alerts for more details.

• Overview – Summary of security status and CDN performance. See Website Overview for more details.

• Vulnerabilities –

• Scan your site for OWASP top–ten threats. You can also enable or disable automatic weekly scans.

• Run a WordPress scan to identify vulnerabilities in your WordPress site, plugins, themes and more.

• You can run on–demand vulnerability/WordPress scans on the site at anytime.

• See Comodo Vulnerability Scan results for more details.

• Malware – Shows the results of malware scans on the website. You can also run new scans from this area. Before you can run a malware scan you first need to download a PHP file from settings. See Malware Scan Results for more details.

• CSOC – Granular details about attacks identified on your website. This includes their origin, the trend of attacks over time, attacks blocked by cWatch and top ten target URLs. See Cyber Security Operation Center Results for more details.

• CDN Metrics – Information about your traffic usage over the Content Delivery Network (CDN). See Content Delivery Network Metrics for more details.

• Firewall Rules – Create your own custom firewall rule.See Configure Firewall Rules for more information.

• Executive Scan – Run a scan on your sites to check and fix security vulnerabilities. See Run Executive Scans for more details.

• Settings – View and configure cWatch protection settings for your website. See Website Configuration to know more.

4.1 View AlertscWatch alerts are generated when malware or vulnerabilities are detected on your domains.

To view alert messages:

• Click on a website name in the left–hand menu then click 'Alert'.



Alerts are sorted into various categories, including 'Vulnerabilities', 'Malware found' and 'Attacks'.

For example:

• 'Malware scan is not scheduled yet' – Shown if you have not yet run a scan on the site.

4.2 Website OverviewThe 'Overview' page summarizes security, traffic and visitor activity on your website.

To open the page

• Select a website on the left and choose 'Overview'



• Page Views Count – Displays the number of times your web–pages were viewed by your visitors.

• You can choose the time period using the slider at top–right. • Select a portion of the graph to zoom–in

• Place your mouse on the graph to view the number of views at that point in time.

Cyber Security Operation Center• Shows key information from cWatch security modules, including 'Web Application Firewall', 'Malware

Removal', 'Blacklist Removal' and 'Virtual Patching'.

• The number of tiles you see depends on your cWatch license.



– The website is safe. No actions need be taken at this point.

– The website is at risk.

• Click the '!' icon to open the malware details page. From here you can delete the malware or add it to the whitelist.

– The website has not yet been scanned.

Malware ScanThe results of malware scans on your domain in four tiles: 'Trojware & Backdoor', 'Potentially Unwanted Application', 'Defacement & Exploit' and 'Others'. The number of tiles you see depends on your cWatch license.

– No malware detected. No actions need be taken at this point.

– Malware found on the site.



VulnerabilitiesThe results of scans on your domain for the top 10 OWASP threats. Cwatch automatically blocks any OWASP threats it finds. The number of threats found in each category is shown in a separate tile:



– The site is clear of vulnerabilities. No actions need be taken at this point.

– The site has vulnerabilities.

• Click the '!' icon to open the OWASP Top 10 vulnerabilities page. You can also run on–demands scan, and schedule weekly scans from here.


Content Delivery NetworkLive data about your CDN service usage. You can configure your website to use the CDN service by adding a CNAME to your DNS record.

• If you have not yet configured the CNAME record then no data will be shown here. Click the yellow

information icon to start the configuration process.

• The CNAME record for your website is generated by cWatch and can be found in 'Settings' > 'CDN Settings'. See Configure CDN Settings for more details.

• See Content Delivery Network Metrics for more details about CDN statistics.

4.3 Comodo Vulnerability Scans • Click on a website in the left–hand menu

• Select 'Vulnerabilities' from the expanded menu

CWatch is designed to perform two types of vulnerability scans:

• OWASP Top Ten threats



• WordPress vulnerabilities

OWASP Top Ten Threat cWatch periodically scans your websites against the types of vulnerabilities published in the Open Web Application Security Project (OWASP) top ten list. It automatically blocks any of these threats that it discovers.

• The 'OWASP Top 10' tab shows the last ten scheduled and manual scans run on the website. Each row shows the number of vulnerabilities blocked and their security risk levels.

• The scan results also show the number of threats in each OWASP category that were blocked by cWatch. You can view descriptions on each vulnerability category

• You can also enable weekly scans and run an on–demand scan on the domain.

Background. OWASP is an online community that collects critical domain security issues worldwide and periodically publishes the top ten vulnerability categories. These categories help to protect websites against againstserious web–app security flaws. cWatch checks whether your registered domains are vulnerable to the tests in the OWASP top ten and allows you to take remedial actions on those that fail.

WordPress VulnerabilitiesA dedicated scan that searches for specific vulnerabilities in WordPress websites. It scans the core site, plugins, themes and more, identifying the vulnerabilities in the current version that you are using. Based on the scan results, you can update your WordPress website accordingly.

• The 'WordPress Scan' tab shows the results of the last run scan.

• Scan your website on a daily basis and / or

• Schedule a weekly scan

See the sections below for more details:

• OWASP Top 10 Vulnerability Scan

• WordPress Vulnerabilities Scan

4.3.1 OWASP Top 10 Vulnerability Scan• You can view 'OWASP Top 10' scan results of the last ten scheduled and manual scans run on the website.

Each scan row show the number of vulnerabilities blocked and their security risk levels.

• You can also run an on–demand scan and / or schedule a weekly scan

To open the OWASP Top 10 page

• Click on a registered domain on the left and choose 'Vulnerabilities'

• By default, the 'OWASP Top 10' tab will open:



OWASP Top 10 Vulnerability Scans – Column Descriptions


Scan Date Date and time at which the scan was run.

High, Medium, Low and Information

Number of vulnerabilities found in each risk level.

OWASP Score The number of OWASP top–10 threat categories passed by your site.

To start an on–demand scan

• Click 'Start Scan'



The vulnerability scan on the domain will start. Alerts will be generated if any vulnerabilities are found. You can view the details about detected vulnerabilities in the 'OWASP Top 10 Vulnerabilities' interface.

To configure schedule scans

By default, the scheduled weekly scan is switched off.

• Click the button to toggle between 'On' and 'Off' states

If you enable the scheduled scan, the weekly scans will start next day same time and every week on the same day and time after that. For example, if you switch on the scheduled scan on Friday at 6:00 PM, the weekly scans will runon all Saturdays at 6:00 PM until you reconfigure the schedule.

Viewing Detailed Scan Results of a Selected Scan• Click a row from the table of scans to view its investigation details



• The pie chart shows a breakdown of vulnerabilities of different risk levels and overall security status.

• The list below the pie chart shows the total number of threats identified and blocked in each of the top ten OWASP vulnerability categories.

• Select an attack category to view the description of it.



Note: Manual vulnerability removal feature is only available for domains with a premium license.

4.3.2 WordPress Vulnerabilities Scan• Click on a website in the left–hand menu

• Select 'Vulnerabilities' from the expanded menu

• Open the 'WordPress Scan' tab

WordPress scans audit your website for malware and vulnerabilities known to affect WordPress sites, plugins and themes.

• The results of the last twenty scheduled and manual scans are shown. Each scan row shows the number ofvulnerabilities found and their risk level.

• You can also run an on–demand scan and / or schedule a weekly scan

To open the WordPress Scan page

• Click on a registered domain on the left and choose 'Vulnerabilities'

• Click 'WordPress Scan'



WordPress Vulnerability Scans – Column Descriptions



Word Press Version The WordPress version that was scanned.

Status Indicates whether the website has vulnerabilities or not.

• Secure – No vulnerabilities detected.

• Vulnerable – Detected vulnerabilities. Click on the row to view the vulnerabilities details.

• Failed – Scan did not run for some reason.

If the site doesn't contain WordPress, then an alert will displayed – 'WordPress not found'

To start an on–demand scan




• cWatch will begin scanning the domain for WordPress vulnerabilities.

• Alerts will be generated if any vulnerabilities are found. Click anywhere in a row to view details about detected vulnerabilities.

To configure schedule scans

By default, the scheduled weekly scan is switched off.

• Click the button to toggle between 'On' and 'Off' states

Weekly scans will start the next day and will run at the same day/time every week after that. For example, if you enable the weekly scan at 6:00 PM on Friday, the scans will run on Saturdays at 6:00 PM.

Viewing Detailed Scan Results of a Selected Scan• Click a scan row in the table to view its results:



Vulnerability results are available for the following WordPress components:

• WordPress Core

• WordPress Plugins

• WordPress Theme

Click on a vulnerability to view further details:



• The details panel contains information about the version affected by the vulnerability along with links to a version which fixes the issue.

4.4 Malware Scan Results• Click on a website in the left–hand menu

• Select 'Malware' from the expanded menu

To configure your website for malware scans you need to:

• Download a .php configuration file from the cWatch console

• Save it on each registered website that you wish to protect

See Configure the Website for cWatch Scans for more details.

• cWatch will then run scheduled scans all files hosted on the website.

• cWatch uses a range of malware detection mechanisms to identify threats on your website:

• Comodo Cloud – Identifies malware using our cloud based file lookup system (FLS)

• CWW – Uses heuristic technologies to identify malware

• Dynamic – Uses signature based malware detection

• The 'Malware Scan' page shows the last ten scheduled and manual scans run on the site. Each scan row show the number of files scanned, the number of malicious files found and the number of those files which were automatically deleted. The last column show the overall infection status of the site.

• The page also allows you to run on–demand malware scans on the website.

Note: Manual malware removal is available only for websites with 'Pro' and 'Premium' licenses.

• Click on a registered website on the left and choose 'Malware' to open the 'Malware Scan' page.

Malware Scans – Column Descriptions



Total Files Scanned The number of files scanned.



Malware Found The number of malicious files found by the scan.

Removed Automatically The number of malware files that were automatically deleted by cWatch.

Items that could not be removed by cWatch should be manually removed from your website.

Status The infection status of the domain.

– No malware found on the site. No actions need be taken at this point.

– The domain contains malware.


– The domain has not yet scanned.

• Click a row in the table of scans to view malware identified during the scan

Malware Found – Column Descriptions


Detection Threat classification. Whether the item is 'Malicious' or 'Suspicious'.

Malware Name Official name of the item.

Path The location where the item was discovered on the web server.



Automatic Removal States whether or not the malware was deleted automatically by cWatch.

4.5 Cyber Security Operation Center Results• The Cyber Security Operation Center (CSOC) is a team of dedicated analysts at Comodo who monitor and

remediate threats discovered by Comodo's enterprise security solutions.

• The CSOC team monitors the event logs of registered websites and constantly updates security rules to deliver unrivaled, real–time protection to our users.

• CSOC generates alerts whenever it identifies and blocks an attack. These can be viewed in the 'Alerts' section of a site. See View Alerts for more details.

The CSOC interface contains a range of charts which show detailed statistics about attacks that were identified and blocked on your site.

• Click the name of a website on the left then choose 'CSOC' to open the results interface.

• The slider at top–right lets you choose the time period for which you want to view statistics.

WAF BlockedThis chart shows a timeline of attacks blocked by the Web Application Firewall (WAF). The WAF is constantly updated with new firewall rules to ensure your sites are protected from the very latest threats.

• Place your mouse on the chart line to see the exact number of attacks blocked at that point in time.

• Click and drag on a point on the line to zoom in on a particular time range. Click 'Reset Zoom' to return to the original view.

DDOS Blocked



This chart shows a timeline of Distributed Denial–of–Service (DDoS) attacks blocked by cWatch, allowing you to easily track threat activity over time.

• Place your mouse on the chart line to see the exact number of attacks blocked at that point in time.

• Click and drag on a point on the line to zoom in on a particular time range. Click 'Reset Zoom' to return to the original view.

Threat Source



The 'Threat Source' chart shows a breakdown of blocked threats by source type. For example, this chart may show blocked traffic from blacklisted IPs and threats blocked by firewall rules.

• Place your mouse over a sector to see the total number of attacks from a particular source type.

Threat Category

The 'Threat Category' chart shows blocked threats by threat category. For example, this chart might show categoriessuch as cross site request forging, form submission validation errors and threats identified by heuristic rules.

• Place your mouse over a sector to see the total number of attacks from a particular source type.

4.6 Content Delivery Network Metrics• Your cWatch license includes a content delivery network (CDN) service for your websites. The service will

improve page load–times for your customers and improve the reliability/uptime of your site.

• You can configure your websites to use the service by changing your domain's authoritative DNS to Comodo or adding a CNAME entry to your DNS records.

• Comodo Authoritative DNS name server (NS) details are provided in 'Settings' > 'Domain'. The CNAME entry is generated by cWatch. See Add Websites and Website Configuration for more details.

Once configured, the CDN service will:

• Accelerate performance by delivering your website content to your visitors from data centers closest to theirlocation. The amount of CDN traffic available for a website depends on the cWatch license active on it. See License Types for more details.

• Forward event logs to the Comodo CSOC team who will monitor the traffic to identify anomalous behavior and threats.

• Provide Comodo web application firewall protection for your domains. The CSOC team constantly improves



the Mod Security rules in Comodo web application firewall to provide cutting edge protection for our customers.

The Content Delivery Network (CDN) Metrics page for a website displays statistics on your CDN usage and traffic throughput.

• Click a website name on the left then choose 'CDN Metrics' .

• The slider at the top right allows you to choose the time period for which you want to view the statistics.

The page contains the following charts:

CDN Usage

The 'CDN Usage' pie chart shows how much CDN data your website has used of your plan quota.

• Place your mouse on a sector to view the precise amount of dataused/remaining.

Request and Bandwidth by Edge LocationThe 'Request and Bandwidth by Edge Location' map shows the regions from which your traffic originated. You can also view the number of access requests from each region.



• Click on an regional hot–spot to view the traffic and number of access requests from that region.

Request and Bandwidth by RegionThis graph shows the number of website requests and the amount of data used by each continent.




• The yellow line graph shows the number of requests from different continents

• Place your mouse on the line to view the number of requests from the respective continent

• The green bar graph shows the bandwidth usage from different continents

• Place your mouse on a bar to view the precise traffic bandwidth from the respective continent

Status Codes by TypesShows the different HTTP status codes sent to your visitors in response to their page requests.



• 2xx = Success

• 3xx = Redirection

• 4xx = Client errors

• 5xx = Server errors


• Place your mouse on the graph to view the number of responses of that type returned at that time point

Status Code Distribution by PercentageShows the percentage of HTTP response status codes generated by your site within the set time period. HTTP status codes are as follows:

• 1xx Informational responses.

• 2xx Success.

• 3xx Redirection.

• 4xx Client errors.

• 5xx Server errors.

• You can choose the time period using the slider at top–right. • Place your mouse on a sector the to view the number of responses of that type

Status Code DetailsThe 'Status Code Details' pane displays the precise HTTP response status codes returned within the selected time period.

A detailed explanation of each code is available at https://en.wikipedia.org/wiki/List_of_HTTP_status_codes.


https://en.wikipedia.org/wiki/List_of_HTTP_status_codes


• You can choose the time period using the slider at top–right. • Use the search box at the right to search for a particular status code

• Click any column header to sort the items in alphabetical ascending/descending order of entries in that column.

Top File Types by RequestsThe 'Top File Types by Requests' graph shows the numbers of different file types requested by your website visitors over the set time period.

• You can choose the time period using the slider at top–right.

• Place your mouse on a bar to view the exact number of files of that type served to your visitors.



• Select a portion of the graph to zoom–in

File Size Distribution by PercentageThe 'File Size Distribution by Percentage' graph shows the numbers of files of different file sizes requested by and served to your visitors from your website.

• You can choose the time period using the slider at top–right.• Place your mouse on a bar to view the exact number of files of that size range delivered to your

visitors. • Select a portion of the graph to zoom–in

All File TypesThe 'All File Types' pane displays the exact numbers of different types of files delivered to your visitors from your website within the selected time period.



• You can choose the time period using the slider at top–right. • Use the search box at the right to search for a particular file type.

• Click any column header to sort the items in alphabetical ascending/descending order of entries in that column.

4.7 Configure Firewall Rules CWatch allows you to define your own custom Web Application Firewall (WAF) rules according to your requirements.These are in addition to the firewall rules built–in to cWatch. Please note WAF status should be enabled for the custom firewall rules to work. See Configure WAF Settings for more information.

• Custom firewall rules can be configured for conditions such as IP, IP range and so on

• You can configure the rule to take various actions based on your conditions. For example, block traffic if originating from Afghanistan.

• You can add multiple conditions to a rule. For example you can configure a rule to block traffic from a specific IP originating from a specific country.

• Messages will be displayed to site visitors for actions such as block, captcha.

• Rules are prioritized based on the action in the rule. The priorities are:

• 1. Monitor

• 2. Allow

• 3. Block

• 4. Captcha

To open the Firewall Rules interface

• Click a website name on the left then choose 'Firewall Rules' .

Custom WAF Rules – Column Descriptions




Rule ID An auto–generated number for each rule

Rule Name The label provided when creating the rule.

Type The condition type. For example IP, IP Range, Country

Details The parameter of the condition. For example, if 'Country' is condition, this column will show the two letter country code of the country covered by the rule.

Action The selected action for the rule.

Buttons

– Edit the firewall rule

– Remove the rule

– Enable / disable the rule

To add a new WAF rule

• Click 'Add New Rule' at the top right

• Rule Name – Provide an appropriate name for the rule.

• Condition 'If' – The drop–down lists the built–in conditions:

• IP – Enter a specific IP

• IP Range – Enter an IP range, for example, 192.168.2.1,192.168.255

• URL – Provide the originating URL. If 'Exact Match' is enabled, the originating URL should fully match the parameter for the selected action to be executed.

• User Agent – Enter the 'User Agent' details in string format. If 'Exact Match' is enabled, the originating



User Agent should fully match the parameter for the selected action to be executed.• Header – The HTTP header field. Enter the header field value. If 'Exact Match' is enabled, the

originating header value should fully match the parameter for the selected action to be executed.• HTTP Method – Available options are: Post, Get, Head, Put, Delete, Patch and Options. Select the

HTTP method from the options.• File Type / Extension – Enter the file type / extension parameter. For example – pdf

• Content Type – Enter the content type, for example: application/json

• Country – Select the country from the drop–down

• Organization – Name of the organization with whom the IP was registered. For example, Google, Amazon, Facebook and so on. For example, if you enter Amazon, all IPs registered by Amazon will apply for the condition.

• Click the icon beside a condition to add another condition below. The same condition will be copied and listed below. Change the condition appropriately.

• Click 'Add Condition' to configure another condition for the rule. Note – the conditions are always 'And' meaning all the added conditions should be satisfied for the selected action to be executed.

• Action – 'Then the action is' field allows you to select the action that should be taken for the configured condition(s). The options available are:

• Monitor – The traffic originating from the source provided in the condition will be monitored. This action is particularly useful for testing out potential 'Captcha' and 'Block' rules. You can check what specific traffic will be affected before setting up a rule that might negatively impact customers.

• Allow – All traffic for bots and users are allowed.

• Block – All traffic for bots and user will be blocked. A blocked message will be displayed to the users.

• Captcha – Captcha rules requires an image based challenge question to be passed to allow a user to access the URL in the rule. The captcha images are generated randomly by cWatch secure server.

• Click 'Save' to add the new rule

Example 1

To allow for WordPress administration page:

• In the 'If' condition, select URL and enter the WP admin page

• Click 'Add Condition' and select IP then enter your IP address

• Click 'Save'

Example 2

To block a specific IP from a specific country:

• In the 'If' condition, select IP, then specify the IP that you want to block

• Click 'Add Condition' and select 'Country' then select the country that you want to block.

• Click 'Save'

Please note the order of rule priority is dependent on the action configured and not on the order of rule in the interface. The WAF action priorities is given below:

• 1. Monitor

• 2. Allow

• 3. Block

• 4. Captcha



For example, if rule at the top blocks traffic from a particular IP and a rule below allows it, then the traffic will be allowed.

Please note WAF status should be enabled for the custom firewall rules to work. See Configure WAF Settings for more information.

4.8 Run Executive Scans cWatch provides businesses who handle credit cards online with a simple and automated way to stay compliant with the PCI DSS (Payment Card Industry Data Security Standard). PCI's meticulous network and application scans ensure cardholder information is kept secure from possible security breaches.

You need a separate license to use this feature. If you do not have a license, the interface will prompt you to buy one.

To open the Executive Scan interface

• Click a website name on the left then choose 'Executive Scan'.

• Click 'Use Executive Scan Option'

• If you do not have a license, then you can buy a license by clicking the 'Click to buy' button



You will be taken to the license purchase page. After purchase, the new license will automatically be added to your cWatch account.

• Click the license details below 'Use Executive Scan Option'

• The license will be updated in the cWatch interface and its details will be displayed.

From this interface you can:

• Run a on demand scan

• Schedule a scan

• Download scan results

• Renew Executive scan license

Run a on demand scan• Click a website name on the left then choose 'Executive Scan'.

• Make sure 'Only on Demand' is selected under 'Frequency'. If not, select it and click 'Update' below.

• If you schedule a scan then on–demand scan will not be available.




• The 'Executive Scan' will start. Once complete, the results will be available for download. See 'Download scan results' for more information.

Schedule a scan• Click a website name on the left then choose 'Executive Scan'.

• Select the scan frequency option in the 'Schedule Scan' section.

The available schedule options are:

• Daily – The scan will start every day from the next day same time.

• Monthly – The scan will start next day and then every month on the same day / time.

• Quarterly – The scan will start next day and then every quarter on the same day / time

• Click 'Update' when done.

• Please note the on–demand scan will not be available if you schedule a scan.

Download scan results• The results will be listed in the same screen once the scan is complete:



Executive Scan Results – Column Descriptions


Scan Date The scan date and time

Status Indicates the status of the scan whether completed or removed from the list

Scan Type Indicates the type of scan that was executed

Action Allows you to download or remove the result from the list.

• Click 'Download' under 'Action ' to view the results

The scan result will be downloaded in PDF to your default download location.

Renew 'Executive Scan License'• When the current 'Executive Scan' license is expired or nearing its expiry period, you can renew the license.

• Click 'Extend Executive Scan License' then 'Click to buy!'

You will be taken to the license purchase page. After a license is successfully subscribed, it will be automatically added to your cWatch account.

4.9 Website Configuration• Click a website name on the left and choose 'Settings' to open the interface.

The 'Settings' interface allows you to:

• Configure vulnerability and malware scanning on a website

• Configure FTP access so cWatch technicians can resolve issues on your website

• Register your website with the content delivery network

• Upload the SSL certificate used to secure the site if you are using HTTPS

• Configure CDN cache management settings for your website

• Configure custom Web Application Firewall (WAF) rules



The interface contains six tabs:

• FTP Settings – Configure FTP settings to allow Comodo technicians to connect to your site if required and remove malware. See Configure FTP Settings for more information.

• Malware Scan Settings – Configure the domain for vulnerability and malware scanning. See Configure the Website for cWatch Scanning for more details.

• Domain – View details on how to configure your DNS and nameservers (NS) in order to protect your domain using cWatch. See View Domain Configuration Instructions for more information.

• SSL Configuration – Specify whether your site uses HTTP or HTTPS. A complimentary SSL is offered by Comodo if you choose HTTPS protocol. You can also upload the SSL certificate that you use for the website to secure your site. See SSL Configuration for more details.

• CDN Settings – Configure CDN cache and CDN edge settings. See Configure CDN Settings for more details.

• WAF Settings – Configure Web Application Firewall policies. See Configure WAF Settings for more information.

4.9.1 Configure FTP Settings • cWatch includes a white–glove service whereby Comodo technicians will connect to your site and expertly

remove any infections or malware.

• In order for our technicians to access your site, you need to configure FTP settings in the cWatch interface.

To configure FTP settings:

• Click the website name on the left and choose 'Settings'

OR

• Click the settings icon above the navigation menu to open the 'Settings' interface, then 'Manage



Settings' link in the website row

The 'Settings' interface for the selected website will be displayed.

• By default, the FTP tab will be open:

s/FTP Settings – Table of Parameters

Parameter Description

s/FTP Hostname Enter the hostname of your FTP server

s/FTP Username/ FTP Password

Enter the username and password of the account to be used by cWatch to access the FTP server

s/FTP Directory Enter the path to the location of the website in the FTP server.

s/FTP Port Enter the port through which the website can be securely accessed.

• Click 'Connect and Save'

After successful validation, our technicians will be able to access your site if you request them to remove malware.

4.9.2 Configure a Website for cWatch Scans• You need to upload a .php file to your website to enable automatic malware scans.

• cWatch will verify the file at the location you specify and commence scanning.

• You can opt for automatic removal of malware threats identified at the end of every scan.

You also have the option to request Comodo technicians access your site to:



• Investigate threats identified by each scan and remove any malware.

• Remove any vulnerabilities identified by scans.

Note: You need to provide your FTP server details for our technicians to access your website. See Configure FTP Settings for help with this.

To configure your website for scanning and malware removal

• Click the website name on the left and choose 'Settings'

OR

• Click the settings icon above the left–menu then 'Manage Settings' link in the website row

The 'Settings' interface for the selected website will open:



• Click the 'Malware Scan Settings' tab

Scan Settings:

• Download the PHP file in step 1.)

• Upload the file to the root folder of your website. The file should be publicly accessible.

• Enter the URL of the uploaded file in the text field.

• Click 'Save and Verify' to run the check.

Malware Removal Settings:

• Enable 'Switch On for automatic malware removal' if you want discovered malware to be removed by Comodo technicians.



You need to provide your FTP server details for our technicians to access your website. See Configure FTP Settings for help with this.

• After uploading the PHP file to the root folder, enter the URL of the file in the text field and click 'Save and verify'

• cWatch will access the .php file and begin scanning your website according to a schedule.

Your domain will be scanned in 12 hour intervals and the results will be displayed in the 'Malware' page of the domain. See Malware Scan Results for more details.

4.9.3 Domain Configuration Instructions

Important Note – If you are using an SSL certificate on your website, you must configure SSL settings in cWatch toavoid interruptions to HTTPS traffic. See SSL Configuration for more details.

After adding a website to cWatch, you next have to configure DNS settings. You need to do this in order to enable cWatch protection, the content delivery network and the Web Application Firewall (WAF). There are two ways this



can be done:

• Change your domain's authoritative DNS servers to Comodo

• Enter DNS records explicitly

Option A – Change your domain's authoritative DNS servers to Comodo

Important Note – After changing your domain's authoritative DNS servers to Comodo, you have to use cWatch to manage your DNS. For example, changes to your MX records must be done in cWatch and can no longer be done in your web host's DNS management page. See 'Manage DNS Records' in 'The Settings Interface' for more information.

• Click the settings icon above the navigation menu

The main settings page will open:

• Click 'Manage DNS' under Settings in the row of the added website

For the first time the DNS registration alert will be displayed:



After few minutes the registration process will be complete.

• Open the main settings page again and click 'Manage DNS' under 'Settings' in the row of the added website

You can find the nameservers details that should be configured for the website.

• Note the nameservers details

• Go to your website's DNS management page and enter the nameservers that you noted

• See https://support.google.com/domains/answer/3290309?hl=en if you need more help regarding changing nameservers

• Once the nameservers have been updated successfully in your DNS management page, you can view the status in the cWatch interface.

• To view the nameserver update status, open the main settings page and click 'Manage DNS' under the settings column in the website row


https://support.google.com/domains/answer/3290309?hl=en


OR

• Click the website name on the left menu, then 'Settings' > 'Domain' tab

You can view the nameservers update status under option A.

• It may take up to 24 hours for the DNS changes to be processed globally.



• Please note there will no downtime on your website when you switch your name servers.

Important Note – After pointing your name servers to Comodo, you have to use cWatch to manage your DNS records. For example, changes to your MX records must be done in cWatch and can no longer be done in your webhost's DNS management page. See 'Manage DNS Records' in 'The Settings Interface' for more information.

Option B – Enter DNS records explicitly

Important Note – If you are using an SSL certificate on your website, you must configure SSL settings in cWatch toavoid interruptions to HTTPS traffic. See SSL Configuration for more details.

In order to enter DNS records explicitly, you should first note the 'CNAME' and 'A' records from the cWatch interface. After adding a website, these details are auto–generated and available in the 'Settings' > 'Domain' tab.

• Click the settings icon above the navigation menu to open the main settings page and click 'Manage Settings' in the website row that you want to configure the DNS settings

OR

• Click the website name on the left menu, then 'Settings'

The settings page for the selected website will open:

• Click the 'Domain' tab and scroll down to option B – Enter DNS Records Explicitly



• Note down the 'CNAME' and 'A' records

• Go to your website's DNS management page and enter the 'CNAME' and 'A' records

• If you need more help regarding adding 'CNAME' and 'A' records, visit https://support.google.com/a/topic/1615038?hl=en

• DNS propagation may take around 30 minutes depending on your hosting.

• Please note there will be no downtime on your site during these changes

Once the records have been updated successfully, you can view the status in the cWatch interface.

• Click the settings icon above the navigation menu to open the main settings page and click 'Manage Settings' in the website row that you want to configure the DNS settings

OR


The settings page for the selected website will open:


https://support.google.com/a/topic/1615038?hl=en


• Click the 'Domain' tab and scroll down to option B – Enter DNS Records Explicitly

• You can view the confirmation under the 'Status' column.

4.9.4 SSL Configuration • An SSL/TLS certificate is placed on a website to authenticate the domain owner and encrypt all data that

passes between the user's browser and the web server.

• Sites that use an SSL certificate have a URL that begins with HTTPS. For example, https://www.example.com

• Comodo strongly recommends you use an SSL certificate on your site.

There are two ways to enable HTTPS security with cWatch Web.


https://www.example.com/


• Complimentary SSL

• Bring Your Own SSL (Recommended)

Option A – Complimentary SSL

• In order to obtain your free SSL certificate, you must first change your domain's authoritative DNS servers to Comodo. Click here to find out how.

• Note. The complimentary certificate will not secure the connection between your server (where your site is hosted) and the cWatch Web CDN (where your website will be cached).

• Click here to find out how to install the complementary SSL certificate

Option B – Bring your Own SSL

• Recommended for customers

• Ensures complete protection and security of traffic between your origin server and the cWatch CDN edge servers

• Eliminates privacy risks & vulnerabilities such as eavesdropping and Man–in–the–Middle attacks

• Click here to find out how to upload your own SSL certificate to cWatch

Install Complementary SSL Certificate• Click the settings icon above the navigation menu to open the main settings page and click 'Manage

Settings' in the website row that you want to configure the SSL settings

OR


In the settings page, click the 'SSL' tab:

• Choose 'Enable HTTPS' under 'Choose Your Protocol' and click 'Update protocol'

• Scroll down to 'Option A: Complimentary' section.



• Click 'Active Basic SSL Now'

• You will see the following alert to indicate certificate provisioning has started:

• The process will take a few minutes to complete.



• The certificate will be installed on the CDN edge servers and will encrypt traffic between the CDN and end–user clients.

• Please note that the traffic between your web–server and the CDN will not be encrypted. You need to upload your own certificate to encrypt this traffic. See 'Upload your own SSL Certificate' for more details.

Upload your own SSL Certificate

• Click the settings icon above the navigation menu to open the main settings page and click 'Manage Settings' in the website row that you want to configure the SSL settings

OR


In the settings page, click the 'SSL' tab:



• Choose 'Enable HTTPS' under 'Choose Your Protocol' and click 'Update protocol'

• Scroll down to 'Option B: Bring Your Own SSL' section.



The form for adding your SSL certificate will appear.

SSL Protection Settings – Table of Parameters


Name Enter a descriptive name for the certificate. This will be used to identify it in cWatch.

Certificate Paste the content of your certificate. For example, the content you are looking for will look something like this:

–––––BEGIN CERTIFICATE–––––MIICUTCCAfugAwIBAgIBADANBgkqhkiG9w0BAQQFADBXMQswCQYDVQQGEwJDTjELMAkGA1UECBMCUE4xCzAJBgNVBAcTAkNOMQswCQYDVQQKEwJPTjELMAkGA1UECxMCVU4xFDASBgNVBAMTC0hlcm9uZyBZYW5nMB4XDTA1MDcxNTIxMTk0N1oXDTA1MDgxNDIxMTk0N1owVzELMAkGA1UEBhMCQ04xCzAJBgNVBAgTAlBOMQswCQYDVQQHEwJD



TjELMAkGA1UEChMCT04xCzAJBgNVBAsTAlVOMRQwEgYDVQQDEwtIZXJvbmcgWWFuZzBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQCp5hnG7ogBhtlynpOS21cBewKE/B7jV14qeyslnr26xZUsSVko36ZnhiaO/zbMOoRcKK9vEcgMtcLFuQTWDl3RAgMBAAGjgbEwga4wHQYDVR0OBBYEFFXI70krXeQDxZgbaCQoR4jUDncEMH8GA1UdIwR4MHaAFFXI70krXeQDxZgbaCQoR4jUDncEoVukWTBXMQswCQYDVQQGEwJDTjELMAkGA1UECBMCUE4xCzAJBgNVBAcTAkNOMQswCQYDVQQKEwJPTjELMAkGA1UECxMCVU4xFDASBgNVBAMTC0hlcm9uZyBZYW5nggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADQQA/ugzBrjjK9jcWnDVfGHlk3icNRq0oV7Ri32z/+HQX67aRfgZu7KWdI+JuWm7DCfrPNGVwFWUQOmsPue9rZBgO

–––––END CERTIFICATE–––––SSL Chain Certificate If your certificate contains an intermediate certificate then paste it here. If not, leave this

field blank.

Certificate Key Paste the private key of your certificate

• Click 'Upload your SSL Certificate'

The SSL certificate will be uploaded on 'Edge Servers' of CDN. Once done the traffic between CDN and the client(s) will be encrypted. Since the SSL is already installed on the customer's website, the communication between origin and CDN is also encrypted.

4.9.5 Configure CDN Settings• The Cyber–Secure Content Delivery Network (CDN) accelerates site performance and adds security to

your websites.

• Make sure you have configured the DNS settings of your website to use the CDN. See 'Domain Configuration Instructions' for more information.

• The amount of CDN traffic available for a domain depends on the cWatch license active on the domain. SeeLicense Types for more details.

• You should also select the SSL certificate used on your site if it uses HTTPS. See 'SSL Configuration' for more details.

Once configured, the CDN service will:

• Accelerate performance by delivering your website content to your visitors from data centers closest to theirlocation.

• Forward event logs to the Comodo CSOC team who will monitor your traffic to identify anomalous behavior and threats.

• Provide Comodo web application firewall (CWAF) protection for your domains. The CSOC team constantly improves the Mod Security rules in the firewall to provide cutting edge protection for our customers.

To open the CDN Settings page

• Click the 'Settings' cog icon underneath your username

• Click 'Manage Settings' in the row of the site whose DNS settings you want to configure.

• Open the 'CDN' tab



OR

• Click on the website you wish to configure in the left–hand menu then choose 'Settings'

• Open the 'CDN' tab

Cache Settings

Cache Settings – Table of Parameters


Set Default Cache Time Define how long content fetched from your web servers by the CDN should remain in the CDN cache.

This is useful if your website's cache control headers (CCH) are not used or ignored by the browser on your visitors computer.

Background Note: Cache Control Headers are used to specify how long content fetched from site should remain in the browser's cache. The local cache is used by the browser torender the site when it is re–visited by the user, avoiding the need to fetch the content again from the server.

Cache Control Header The validity period of the CCH on the end–user's web browser.

This defines how long cached content in the web browser can be reused without checkingthe web server for updates.

Use State Select 'Serve expired content' if you want the CDN to deliver cached content when:

• The CDN is currently checking the website for updated content

• Your website is down.

Query String Treat as separate cachable item' – web–pages with query string parameters (e.g. '?q=something') will be cached as separate files.



This will instruct the CDN to update cached files whenever the original pages are updated.

Ignore Cache 'Ignore max age set by the origin' – Visitor's browsers will ignore the time to live (TTL) and header expiry settings of your web–pages.

Web browsers will use the 'Set default cache time' setting for the cache time.

• Click 'Update Cache Settings' for your changes to take effect.

Purge Files

Purge CDN Cache on Edge Servers

Purge Individual Files Allows you to remove specific files from the cache so that the CDN is forced to check your website the next time the files are requested.

• Enter the URI of the file in the text box and click the green '+' button

• Repeat the process to add more files

• Click 'Purge'

Purge All Files Allows you to remove all files from the cache so that the CDN is forced to check your website the next time the files are requested.

• Click 'Purge'

Site Settings

• Origin IP Resolution – Choose whether or not the CDN should use DNS servers to resolve the IP address of your web server. This depends on whether your server uses a static or dynamic IP address.



• If your server uses a static IP address, enable 'Origin IP Resolution'. The CDN will fetch your IP address by domain look–up, save it and display it in the 'Origin IP' field. The CDN will use this IP address to fetch the files from your web server. This will save time for content delivery to your website visitors.

• If your server uses dynamic IP address, disable this option. The CDN will use DNS services to resolve your IP address.

• Custom Host Header – If the host header for your site is different to the domain name, enter the custom host header in this field.

• Click 'Update' for your settings to take effect.

Edge Settings

Edge Settings – Table of Parameters


Gzip Compression – Server compressed files with GZip

Reduces the size of files for faster network transfers. Optimizes bandwidth usage and increases transfer speeds to browsers.

Content Disposition – Force Files to download

Forces the files to download instead of showing the content in the browser

Remove Cookies – Ignore cookies in requests

CDN ignores header cookies

Pseudo Streaming – Enable pseudo stream seeking

Allows your site to play media files (FLV and MP4 files only with H. 264 encoding)

Add XFF Header – Add X–Forwarded for HTTP Header

Identifies the actual client source IP address.

Add CORS Header – Allow Cross Origin Resource Sharing

Adds 'Access–Control–Allow–Origin' header to responses



Enable WebP – Allow separate caching for WebP f

cwatch web security administrator guide · content delivery network (cdn) service accelerates site...

Documents