| Deployed on | Rollout |
| September 19, 2025 | All MODX Cloud Platforms |
What is changing?
We've deployed a new, more robust version of our server-side Web Application Firewall (WAF) throughout MODX Cloud. This is now the primary line of defence for all sites hosted on MODX Cloud, automatically filtering out malicious traffic—bots, scrapers, LLMs, vulnerability scanners—before it hits your sites. The WAF works automatically, so you don't need to make any changes on your end.
For customers looking for additional protection and performance improvements, Cloud Edge remains available as an optional upgrade with enhanced WAF capabilities and CDN benefits.
Why we're making this change
Malicious traffic has been increasing significantly. According to industry research, more than half of all internet traffic now comes from non-human sources, with bad bots alone accounting for 37% of all traffic.[^1] This volume has been growing for six consecutive years.
Before we deployed the WAF, this bot and scraper traffic caused frequent problems:
- Server slowdowns and outages
- Sites becoming unavailable during bot attacks
- Spikes in error rates (502/504 errors) when site workers got saturated
- Reduced performance for legitimate visitors
We needed a stronger defence layer to protect performance, reliability, and your user experience.
What the results look like so far
Since launching the enhanced WAF:
- Traffic across our platforms is down 40–60%, especially in the high-noise bot and scraper bands
- There are far fewer 502/504 errors
- Platform stability is much smoother with less load spiking during attack or scanning events
What you need to know
Most traffic flows normally
The WAF is live for all customers and requires no configuration. Most visitors—including search engines—experience no difference, and the majority of traffic flows normally without extra friction.
Rare exceptions: CAPTCHAs and blocks
A small number of visitors may encounter a CAPTCHA challenge or, more rarely, be blocked. This happens when:
- The visitor's IP address has a poor reputation score
- The IP address was previously used for malicious activity
- The visitor is using a VPN or proxy service (these share IP addresses among many users, making it difficult to distinguish between legitimate users and malicious actors)
In the first four days after launch, there were only six reports of blocked IPs out of tens of millions of visits.
What visitors should do
If you see a CAPTCHA:
- Complete the CAPTCHA challenge to access the site
- If using a VPN, try switching to a different exit node or temporarily disabling the VPN
- If you cannot complete the CAPTCHA, contact MODX Cloud support
If you're blocked entirely: Contact MODX Cloud support with the IP address shown on the block screen. We can review and restore access quickly, typically within minutes.
SEO and monitoring tools
Tools like SEMRush, Screaming Frog, accessibility scanners, and 404 checkers may trigger blocks or CAPTCHAs if they make requests too quickly or exhibit behaviour that appears malicious.
If you use these tools: Contact MODX Cloud support before running scans. We can configure access for known service IP addresses. Note: We cannot allow access based on User Agent strings alone, as these are easily spoofed by malicious traffic.
Frequently asked questions
Will this affect my SEO or regular traffic?
For the vast majority of users: no. Search engines and normal visitor traffic pass through without any noticeable effect. If you believe your legitimate traffic or SEO visibility has been impacted, contact us and we'll investigate.
What if the WAF blocks something critical to my site?
Contact MODX Cloud support immediately. We can review the rules, allowlist specific IPs where warranted, adjust sensitivity if needed, or provide guidance on behaviour adjustments.
What about false positives?
False positives are rare but can happen when ISPs reassign IPs that were previously flagged as abusive, or when tools make very rapid requests. If you encounter a false positive, contact support with the IP address and time, and we'll resolve it quickly.
Learn more
For detailed information about how the WAF works, what visitors might encounter, and comprehensive troubleshooting steps, see our support article: Understanding MODX Cloud's Web Application Firewall (WAF).
References
[^1]: Imperva, "2025 Bad Bot Report: The Rapid Rise of Bots and the Unseen Risk for Business," accessed January 22, 2026, https://www.imperva.com/resources/resource-library/reports/2025-bad-bot-report/.