{"id":109,"date":"2025-11-02T22:18:13","date_gmt":"2025-11-02T22:18:13","guid":{"rendered":"https:\/\/www.jolt.co.uk\/kb\/?p=109"},"modified":"2025-11-02T22:30:19","modified_gmt":"2025-11-02T22:30:19","slug":"using-jolt-control-panels-sentry-security-feature","status":"publish","type":"post","link":"https:\/\/www.jolt.co.uk\/help\/using-jolt-control-panels-sentry-security-feature\/","title":{"rendered":"Using Jolt Control Panel&#8216;s Sentry security feature"},"content":{"rendered":"\n<h2 class=\"wp-block-heading\">What is Sentry? <\/h2>\n\n\n\n<p>Sentry is a Jolt Control Panel security feature that helps defend against <strong>Denial of Service<\/strong> attacks, <strong>unwanted crawling<\/strong> by bots or <strong>malicious behaviour<\/strong> (e.g. spamming, carding, fraudulent orders, vulnerability scanning).  <\/p>\n\n\n\n<p>Sentry detects potentially unwanted automated activity by checking the behaviour of the visitor&#8217;s browser. <\/p>\n\n\n\n<p>If you are familiar with Cloudflare&#8217;s ecosystem, it&#8217;s comparable to <a href=\"https:\/\/developers.cloudflare.com\/fundamentals\/reference\/under-attack-mode\/\">Cloudflare&#8217;s &#8220;Under Attack&#8221; mode<\/a>, but it does not require any additional setup. <\/p>\n\n\n\n<h2 class=\"wp-block-heading\">When <span style=\"text-decoration: underline\">should<\/span> Sentry be used? <\/h2>\n\n\n\n<p>Sentry is a <strong>high level of security<\/strong> and should only be used in an <strong>emergency<\/strong> situation, but it can also be used as a long-term security enhancement with careful configuration. <\/p>\n\n\n\n<p>If an attack cannot be easily blocked, Sentry can help stabilise the site or stop the unwanted activity until further protections can be put in place. <\/p>\n\n\n\n<p>Enabling Sentry is recommended for the following situations:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Aggressive number of requests from many different IPs (e.g. a Denial of Service attack or unwanted crawling)<\/li>\n\n\n\n<li>Fraudulent orders being placed through your website<\/li>\n\n\n\n<li>Form spam (e.g. contact or registration forms)<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">When should be Sentry <span style=\"text-decoration: underline\">not<\/span> be used? <\/h2>\n\n\n\n<p>Sentry shouldn&#8217;t be used in the following situations:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Legitimate but aggressive crawling by a friendly bot (e.g. Google)<\/li>\n\n\n\n<li>An attack by a single or limited range of IP addresses<\/li>\n<\/ol>\n\n\n\n<h3 class=\"wp-block-heading\">Legitimate crawling<\/h3>\n\n\n\n<p>It&#8217;s possible for legitimate crawlers (e.g. Google, Bing, ChatGPT etc) to become &#8220;trapped&#8221; in your site&#8217;s dynamic features such as product filters, checkout process or calendars \u2013 anything where there are many permutations or combinations. <\/p>\n\n\n\n<p>As Sentry <strong>automatically trusts friendly bots<\/strong>, it won&#8217;t block this activity and we recommend addressing this behaviour through <code><strong>robots.txt<\/strong><\/code> instead. <\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Small or basic attacks<\/h3>\n\n\n\n<p>If there is an attack from one or a limited range of IPs, it&#8217;s simpler to block the IP addresses under <strong>Security<\/strong> in JCP. <\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Can Sentry cause issues? <\/h2>\n\n\n\n<p>Yes, Sentry will check <strong>all requests<\/strong> and as designed, will not allow automated requests through unless it&#8217;s a <strong>trusted source<\/strong>.<\/p>\n\n\n\n<p>Primarily this will impact your site&#8217;s integrations, anything that connects to your site&#8217;s API. For example, when a customer makes a payment on your site, your payment provider may send a notification to your site \u2013 this request may be blocked by Sentry. <\/p>\n\n\n\n<p class=\"banner-warning\">\u26a0\ufe0f Before enabling Sentry, you should ensure that any third-party integrations are added as exemptions.  <\/p>\n\n\n\n<h2 class=\"wp-block-heading\">What is a trusted source? <\/h2>\n\n\n\n<p>To help improve Sentry&#8217;s &#8220;out of the box&#8221; compatibility with your website, we have curated a list of <strong>trusted sources<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>All major search engine crawlers \u2013 Sentry should not affect your search<\/li>\n\n\n\n<li>All major social networks<\/li>\n\n\n\n<li>JCP&#8216;s Trusted IPs (under <strong>Security<\/strong>)<\/li>\n\n\n\n<li>Payment gateways\n<ul class=\"wp-block-list\">\n<li>Stripe<\/li>\n\n\n\n<li>PayPal<\/li>\n\n\n\n<li>Opayo \/ Elavon<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Brevo<\/li>\n\n\n\n<li>Royal Mail Click &amp; Drop<\/li>\n\n\n\n<li>Jetpack<\/li>\n\n\n\n<li>CDNs\n<ul class=\"wp-block-list\">\n<li>Cloudflare<\/li>\n\n\n\n<li>BunnyCDN<\/li>\n\n\n\n<li>Fastly<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Monitoring services\n<ul class=\"wp-block-list\">\n<li>Uptime Robot<\/li>\n\n\n\n<li>StatusCake<\/li>\n\n\n\n<li>Pingdom<\/li>\n\n\n\n<li>Jolt&#8216;s monitoring<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n<p>If you feel something is missing from Sentry&#8217;s trusted source list, please don&#8217;t hesitate to contact us at <a href=\"https:\/\/www.jolt.co.uk\/support\/\">www.jolt.co.uk\/support\/<\/a> and we&#8217;ll be happy to consider adding your recommendation to Sentry. <\/p>\n\n\n\n<h2 class=\"wp-block-heading\">How do I add exemptions, or rules?<\/h2>\n\n\n\n<p>If Sentry is blocking something it shouldn&#8217;t, you can currently make the requests exempt by creating <strong>rules<\/strong> that match against the visitor&#8217;s IP address, page (URI), User Agent or a query string argument.<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Login to the Jolt Control Panel<\/li>\n\n\n\n<li>Navigate to <strong>Sites<\/strong> and select the site<\/li>\n\n\n\n<li>Select the <strong>Security<\/strong> tab<\/li>\n\n\n\n<li>Under the <strong>Sentry <\/strong>section, select the <strong>Advanced <\/strong>tab<\/li>\n<\/ol>\n\n\n\n<figure class=\"wp-block-image size-large is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"689\" src=\"https:\/\/kb.jolt.co.uk\/wp-content\/uploads\/sites\/5\/2025\/11\/image-1-1024x689.png\" alt=\"\" class=\"wp-image-112\" style=\"width:592px;height:auto\" srcset=\"https:\/\/kb.jolt.co.uk\/wp-content\/uploads\/sites\/5\/2025\/11\/image-1-1024x689.png 1024w, https:\/\/kb.jolt.co.uk\/wp-content\/uploads\/sites\/5\/2025\/11\/image-1-300x202.png 300w, https:\/\/kb.jolt.co.uk\/wp-content\/uploads\/sites\/5\/2025\/11\/image-1-768x517.png 768w, https:\/\/kb.jolt.co.uk\/wp-content\/uploads\/sites\/5\/2025\/11\/image-1-1536x1034.png 1536w, https:\/\/kb.jolt.co.uk\/wp-content\/uploads\/sites\/5\/2025\/11\/image-1-770x518.png 770w, https:\/\/kb.jolt.co.uk\/wp-content\/uploads\/sites\/5\/2025\/11\/image-1.png 1708w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<ol start=\"5\" class=\"wp-block-list\">\n<li>Under <strong>Create a new rule<\/strong>, select the rule type\n<ul class=\"wp-block-list\">\n<li>IP address \u2013 allow an IP (e.g. 198.51.100.5) or range IP addresses (e.g. 198.51.100.0\/24)<\/li>\n\n\n\n<li>URI (page) \u2013 allow <strong>or <\/strong>challenge a page (e.g. <code>checkout<\/code> or <code>api.php<\/code>)<\/li>\n\n\n\n<li>User Agent \u2013 allow a browser or service identifier<\/li>\n\n\n\n<li>Query string \u2013 allow a specific query string argument<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Enter the IP, URI, User Agent or argument that should be matched against the rule <\/li>\n\n\n\n<li>Click <strong>Save<\/strong><\/li>\n<\/ol>\n\n\n\n<p class=\"banner-tip\">\ud83d\udc49 As rules are <strong>loosely<\/strong> matched, you do not need to supply the exact page name, User Agent or query string when creating a rule<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">How to enable Sentry<\/h2>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Login to your Jolt Control Panel<\/li>\n\n\n\n<li>Navigate to <strong>Sites<\/strong> and select a site<\/li>\n\n\n\n<li>Select the <strong>Security <\/strong>tab and scroll to the <strong>Sentry<\/strong> section<\/li>\n\n\n\n<li>Select a <strong>Mode<\/strong> and click <strong>Update<\/strong><\/li>\n<\/ol>\n\n\n\n<figure class=\"wp-block-image size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"878\" height=\"884\" src=\"https:\/\/kb.jolt.co.uk\/wp-content\/uploads\/sites\/5\/2025\/11\/image-2.png\" alt=\"\" class=\"wp-image-117\" style=\"width:320px;height:auto\" srcset=\"https:\/\/kb.jolt.co.uk\/wp-content\/uploads\/sites\/5\/2025\/11\/image-2.png 878w, https:\/\/kb.jolt.co.uk\/wp-content\/uploads\/sites\/5\/2025\/11\/image-2-298x300.png 298w, https:\/\/kb.jolt.co.uk\/wp-content\/uploads\/sites\/5\/2025\/11\/image-2-150x150.png 150w, https:\/\/kb.jolt.co.uk\/wp-content\/uploads\/sites\/5\/2025\/11\/image-2-768x773.png 768w, https:\/\/kb.jolt.co.uk\/wp-content\/uploads\/sites\/5\/2025\/11\/image-2-770x775.png 770w\" sizes=\"auto, (max-width: 878px) 100vw, 878px\" \/><\/figure>\n\n\n\n<p class=\"banner-warning\">\u26a0\ufe0f Ensure you thoroughly test your website &amp; all core functionality after enabling Sentry<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Modes<\/h3>\n\n\n\n<p>Depending on the complexity of the attack, Sentry has multiple <strong>modes<\/strong> (or security levels) that can be used:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Transparent \u2013 invisible to the visitor, but not as effective<\/li>\n\n\n\n<li>Balanced \u2013 visitor sees a brief verification message before automatically redirected to the site<\/li>\n\n\n\n<li>Full \u2013 visitor is required to complete a CAPTCHA before proceeding <\/li>\n\n\n\n<li>Debug \u2013 logs requests that would be challenged (nothing is blocked)<\/li>\n<\/ul>\n\n\n\n<p>You can easily change between modes and we recommend starting on <strong>Transparent<\/strong> and allowing approximately 2-3 minutes for the server to stabilise before trying <strong>Balanced<\/strong>. <\/p>\n\n\n\n<p><strong>Full<\/strong> is the least user friendly and should only be used as a last resort. <\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Default action<\/h3>\n\n\n\n<p>By default, Sentry will <strong>challenge all requests<\/strong> (unless a trusted source), but in some circumstances, you may only want to protect specific pages.<\/p>\n\n\n\n<p> Toggling the <strong>Default action<\/strong> will <strong>allow all requests<\/strong>, allowing you to specify which pages should be protected e.g. <\/p>\n\n\n\n<figure class=\"wp-block-image size-large is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"334\" src=\"https:\/\/kb.jolt.co.uk\/wp-content\/uploads\/sites\/5\/2025\/11\/image-4-1024x334.png\" alt=\"\" class=\"wp-image-115\" style=\"width:466px;height:auto\" srcset=\"https:\/\/kb.jolt.co.uk\/wp-content\/uploads\/sites\/5\/2025\/11\/image-4-1024x334.png 1024w, https:\/\/kb.jolt.co.uk\/wp-content\/uploads\/sites\/5\/2025\/11\/image-4-300x98.png 300w, https:\/\/kb.jolt.co.uk\/wp-content\/uploads\/sites\/5\/2025\/11\/image-4-768x250.png 768w, https:\/\/kb.jolt.co.uk\/wp-content\/uploads\/sites\/5\/2025\/11\/image-4-770x251.png 770w, https:\/\/kb.jolt.co.uk\/wp-content\/uploads\/sites\/5\/2025\/11\/image-4.png 1288w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\">In this example, any requests to the site&#8217;s <strong>checkout<\/strong> would be checked by Sentry, anything else is allowed. <\/figcaption><\/figure>\n\n\n\n<p class=\"banner-note\">\ud83d\udca1  When the <strong>Default action<\/strong> is set to <strong>allow, <\/strong>URI (page) rules are inverted<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">How to disable Sentry<\/h2>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Login to your Jolt Control Panel<\/li>\n\n\n\n<li>Navigate to <strong>Sites<\/strong> and select a site<\/li>\n\n\n\n<li>Select the <strong>Security <\/strong>tab and scroll to the <strong>Sentry<\/strong> section<\/li>\n\n\n\n<li>Select a <strong>Disabled <\/strong>from the <strong>Mode <\/strong>menu and click <strong>Update<\/strong><\/li>\n<\/ol>\n","protected":false},"excerpt":{"rendered":"<p>What is Sentry? Sentry is a Jolt Control Panel security feature that helps defend against Denial of Service attacks, unwanted crawling by bots or malicious behaviour (e.g. spamming, carding, fraudulent orders, vulnerability scanning). Sentry detects potentially unwanted automated activity by checking the behaviour of the visitor&#8217;s browser. If you are&hellip;<\/p>\n","protected":false},"author":10,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[7,8],"tags":[],"class_list":["post-109","post","type-post","status-publish","format-standard","hentry","category-our-control-panel","category-security"],"_links":{"self":[{"href":"https:\/\/www.jolt.co.uk\/help\/wp-json\/wp\/v2\/posts\/109","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.jolt.co.uk\/help\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.jolt.co.uk\/help\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.jolt.co.uk\/help\/wp-json\/wp\/v2\/users\/10"}],"replies":[{"embeddable":true,"href":"https:\/\/www.jolt.co.uk\/help\/wp-json\/wp\/v2\/comments?post=109"}],"version-history":[{"count":23,"href":"https:\/\/www.jolt.co.uk\/help\/wp-json\/wp\/v2\/posts\/109\/revisions"}],"predecessor-version":[{"id":136,"href":"https:\/\/www.jolt.co.uk\/help\/wp-json\/wp\/v2\/posts\/109\/revisions\/136"}],"wp:attachment":[{"href":"https:\/\/www.jolt.co.uk\/help\/wp-json\/wp\/v2\/media?parent=109"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.jolt.co.uk\/help\/wp-json\/wp\/v2\/categories?post=109"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.jolt.co.uk\/help\/wp-json\/wp\/v2\/tags?post=109"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}