web attacks

Websites are the main weakness of shared servers. Many botnets specifically target and exploit vulnerabilities in websites to take over the server and use it to launch their automated attacks.

Legacy CMSs (WordPress, Joomla, Drupal, Magento, etc.) make servers more vulnerable to many different types of cyberattacks, such as SQL injection, cross-site scripting (XSS), remote and local file injection, and more. Quickly cleaning up infected files can become a full-time job for IT teams managing shared servers, confusing their support teams with requests.



website glitch

Spam comments on forums and blogs

Daily cleaning of the affected sites through the specialized team

The power of Defending Web Attacks in the life of a host

Shared hosting companies have special needs when it comes to server security. With hundreds or thousands of domains hosted on a single server, it can be difficult to filter out malicious requests while allowing real visitors to connect to the hosted sites.

The most effective way to prevent cyber attacks on websites is at the application layer using the Web Application Firewall (WAF). HYYAT WAF works between your visitors’ web browsers and your web server.

It is a very fast reverse proxy that filters all incoming web requests, and automatically rejects any attacks.

HYYAT WAF makes it easy to manage all your firewall settings from one location, and you can also configure the filter level by domain.

With domain-based patterns, you can change the level of restriction by domain or by URL, blocking malicious traffic and allowing real traffic to reach every hosted site. This unique feature is only available with Hayat Host and makes life a lot easier when managing shared servers.

To keep you safe from the latest threats, we are constantly patching new types of CMS vulnerabilities by adding new WAF rules to the rules. We also include automatic false positive reports that allow you to adjust settings if necessary, and we guarantee a low false positive rate with predefined rules.

How do we differ from other web attack solutions?


low positives

تضمن مجموعة القواعد المحددة مسبقًا معدلًا إيجابيًا كاذبًا منخفضًا للغاية. تتوفر إحصائيات إيجابية كاذبة لكل نمط مجال.


Full transparent agent

The HYYAT WAF unit is easy to use and requires no prior configuration or ongoing intervention.

هجمات الويب

fixed patches

We are constantly working on creating new WAF rules to patch different types of vulnerabilities from day to day zero in CMS.

هجمات الويب

field patterns

Besides the server-based settings, you can set the level of filtering and strictness for each domain.


Since HYYAT WAF is a reverse local proxy, it can be used with any backend server. We regularly test this module with Apache, NGINX and Litespeed servers to ensure compatibility. Our clients have also had great results with other types of back-end servers, such as nodeJS as well.

You can find more technical details about HYYAT WAF on our documentation site. If you have any questions or need assistance, feel free to contact our team via the chat in the Hayat Host dashboard or simply by opening our mention via the following link: Click here

After several months of testing, we have developed a predefined set of rules that strike the perfect balance between maximum protection and minimum false positives. We also thoroughly test each new WAF rule before it is released and our system constantly analyzes each rule to keep the false positive rate low. The false positive rate is determined by the number of successful CAPTCHA challenges.

There are 3 predefined rule sets available with different severity levels, and you can also create custom rule set templates. Rules can be managed for the entire server or you can create exceptions to configure WAF rules with specific domains and URLs. We will help you do that

All rights reserved to Hayat Host 2023