{"id":71764,"date":"2019-02-05T11:09:13","date_gmt":"2019-02-05T17:09:13","guid":{"rendered":"https:\/\/wpengine.com\/?post_type=support&#038;p=71764"},"modified":"2025-10-06T10:34:09","modified_gmt":"2025-10-06T16:34:09","slug":"ges","status":"publish","type":"support","link":"https:\/\/wpengine.com\/support\/ges\/","title":{"rendered":"Global Edge Security (GES)"},"content":{"rendered":"\n<p>Global Edge Security (GES) is an enterprise-grade performance and security product extension that can be purchased for any WP Engine hosting plan. With GES you will receive several features powered by Cloudflare: <a href=\"#waf\">managed Web Application Firewall (WAF)<\/a>, <a href=\"#ddos\">advanced DDOS Mitigation<\/a>, <a href=\"#cdn\">Cloudflare CDN<\/a>, and <a href=\"#ssl\">automatic SSL Installation<\/a>.<\/p>\n\n\n\n<p>Not sure what the differences between GES and our other network types are? <a href=\"https:\/\/wpengine.com\/support\/network\/\">Check out our network comparison guide<\/a>.<\/p>\n\n\n\n<p>Global Edge Security can be purchased as a product extension for Shared plans from the&nbsp;<em><a href=\"https:\/\/my.wpengine.com\/plans?_gl=1*nbvm0n*_ga*NjY3MzcyNTI1LjE3MDYwNDgzMzc.*_ga_9HX6WG40N2*MTcxMTcyNzc4MC4xMDEuMS4xNzExNzMyMzcxLjAuMC4xMTQ3ODY3NTU0\">Modify Plan<\/a><\/em>&nbsp;page. Premium plans can purchase GES as a product extension by speaking with their Account Manager or the WP Engine Sales team. GES is included with Secure Hosting plans. <a href=\"https:\/\/wpengine.com\/support\/change-plan-user-portal\/\">Learn more about purchasing product extensions.<\/a><\/p>\n\n\n\n<div style=\"color:#32373c;background-color:#00d1b2\" class=\"wp-block-genesis-blocks-gb-notice gb-font-size-18 gb-block-notice\" data-id=\"3b0649\"><div class=\"gb-notice-title\" style=\"color:#fff\"><p>Note<\/p><\/div><div class=\"gb-notice-text\" style=\"border-color:#00d1b2\">\n<p>After March 2025, all <a href=\"https:\/\/wpengine.com\/agency-hosting-plans\/#plans\" target=\"_blank\" rel=\"noreferrer noopener\">Agency plan<\/a> accounts are required to use either our <a href=\"https:\/\/wpengine.com\/support\/advanced-network\/\" target=\"_blank\" rel=\"noreferrer noopener\">Advanced Network<\/a> or Global Edge Security (GES) for DNS.<\/p>\n<\/div><\/div>\n\n\n\n\n\n<hr class=\"wp-block-separator has-css-opacity\"\/>\n\n\n\n<a name=\"waf\"><\/a>\n\n\n\n<h2 class=\"wp-block-heading\">Managed Web Application Firewall (WAF)<\/h2>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"477\" src=\"https:\/\/wpengine.com\/support\/wp-content\/uploads\/2023\/09\/cloudflare_waf_reject_attackers-1024x477.png\" alt=\"\" class=\"wp-image-124064\" srcset=\"https:\/\/wpengine.com\/support\/wp-content\/uploads\/2023\/09\/cloudflare_waf_reject_attackers-1024x477.png 1024w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2023\/09\/cloudflare_waf_reject_attackers-300x140.png 300w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2023\/09\/cloudflare_waf_reject_attackers-768x358.png 768w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2023\/09\/cloudflare_waf_reject_attackers.png 1176w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>Our Enterprise-grade Web Application Firewall blocks the most common vectors for website attacks:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><b>Cross-Site Scripting (XSS)<\/b> &#8211; These types of attacks happen an attacker injects malicious code into a legitimate (but vulnerable) application. Attackers can manipulate JavaScript and HTML to trigger the malicious code or scripts. In this way, the vulnerable application or website is used as the \u201cvehicle\u201d to execute the script on the end user.<\/li>\n\n\n\n<li><strong>SQL Injection<\/strong> &#8211; SQL injection attacks happen when an attacker attempts to input meta characters into a vulnerable web-based form with malicious intent, and these attacks affect database-driven sites (which include WordPress\u00ae).<sup><a href=\"#legal-disclaimer\">1<\/a><\/sup><\/li>\n\n\n\n<li><strong>Cross-Site Request Forgery (CSRF)<\/strong> &#8211; Cross-Site Request Forgery involves taking over or impersonating a user\u2019s browser session by hijacking the session cookie. CSRF attacks can trick users into executing malicious actions the attacker wants, or into taking unauthorized actions on the website. In this example, the session cookie is the \u201cvehicle\u201d an attacker uses to impersonate a legitimate user.<\/li>\n<\/ul>\n\n\n\n<p>Cloudflare\u2019s edge servers also use the <b>OWASP ModSecurity rule set<\/b> at the edge, protecting your website from the OWASP top-10 vulnerabilities at all times. And, the automated <b>Browser Integrity Check<\/b> will evaluate request headers to determine whether a request is coming from a real web browser or not.<\/p>\n\n\n\n<p>In addition to the security vectors outlined above, our WAF powered by Cloudflare takes advantage of a unique set of security rules defined by Cloudflare through years of experience identifying and mitigating attacks.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-css-opacity\"\/>\n\n\n\n<a name=\"ddos\"><\/a>\n\n\n\n<h2 class=\"wp-block-heading\">Advanced DDoS Mitigation<\/h2>\n\n\n\n<p>DDoS stands for <i>Distributed Denial of Service<\/i> and is a term used to describe attacks on the Network, Transport, and Application layers of the <a href=\"https:\/\/en.wikipedia.org\/wiki\/OSI_model\">Open Systems Interconnection (OSI) model<\/a>.<\/p>\n\n\n\n<figure class=\"wp-block-image is-resized\"><img decoding=\"async\" src=\"https:\/\/wpengine.com\/wp-content\/uploads\/2018\/08\/OSI_application_layers_GES.png\" alt=\"\" class=\"wp-image-41255\" style=\"width:662px;height:572px\"\/><\/figure>\n\n\n\n<p>The <b>Network Layer<\/b> determines the physical path request should take through the internet (using IP and ICMP protocols), and the <b>Transport Layer<\/b> is responsible for transmitting and assembling packets of data between two endpoints (using TCP and UDP protocols). Attacks at these layers were more popular in past years and are intended to render your site inaccessible. These types of requests are automatically and silently dropped at the Cloudflare Edge network before ever reaching your WP Engine server.<\/p>\n\n\n\n<p><b>Application Layer<\/b> attacks have become more prevalent in recent years, and are attacks based on HTTP, SMTP, SSH, or FTP protocols. This layer is responsible for human and computer interaction, and attacks of this type specifically target an application, or website. Most often Application Layer attacks are caused by botnets, or large networks of malware-infected machines, being directed to send large requests in extreme quantities to a website with the intention of getting past security measures in order to take malicious actions. Cloudflare\u2019s Edge servers use intuitive detection to determine whether a request for your website is legitimate, and block attacks at this level automatically. This means only legitimate traffic makes it back to the WP Engine origin server where your content is hosted.<\/p>\n\n\n\n<p><b>Origin IP Protection<\/b> is another way Cloudflare prevents and mitigates DDoS attacks. By nature of routing through Cloudflare\u2019s network, the IP address of your WP Engine server is obfuscated and a Cloudflare IP address is presented instead when users inspect your website. This prevents bad actors from sending traffic directly to your origin server at WP Engine, where your web content is hosted. Instead, Cloudflare mitigates the attack in their edge network before those bad requests ever make it to WP Engine. And, unlike other DDoS protection solutions, Cloudflare provides unmetered DDoS protection&#8211;meaning they don\u2019t cap attack size or charge overages.<\/p>\n\n\n\n<a name=\"cdn\"><\/a>\n\n\n\n<hr class=\"wp-block-separator has-css-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">Cloudflare CDN<\/h2>\n\n\n\n<p>In addition to the security measures offered by the Global Edge Security product, Cloudflare CDN adds performance and caching benefits. WP Engine\u2019s finely tuned caching rules will also apply at the Cloudflare Edge network. This means pages can be served to users around the world faster, sending fewer requests to the WP Engine origin server.<\/p>\n\n\n\n<p><a href=\"https:\/\/www.cloudflare.com\/network\/\" target=\"_blank\" rel=\"noreferrer noopener\">Read more about this global network on Cloudflare.<\/a> (<em>Note: WP Engine does not currently support Mainland China zones.<\/em>)<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/wpengine.com\/wp-content\/uploads\/2018\/08\/cloudflare_edge_map.png\" alt=\"\" class=\"wp-image-41257\"\/><\/figure>\n\n\n\n<a name=\"ssl\"><\/a>\n\n\n\n<hr class=\"wp-block-separator has-css-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">Cloudflare Polish<\/h2>\n\n\n\n<p>WP Engine enables Cloudflare Polish by default on all Global Edge Security zones. Cloudflare Polish speeds up your website by reducing image size in a few different ways: removing metadata, applying lossless file compression, and adding the WebP file format.<\/p>\n\n\n\n<p>WebP is a next gen image format providing advanced lossless compression for images. Cloudflare Polish generates a WebP version of each image and caches it, then delivers that image to the user only if their browser supports it. According to Cloudflare &#8220;WebP lossless images are approximately 26 percent smaller than PNGs.&#8221;<\/p>\n\n\n\n<p>The best part is, you don&#8217;t have to do or pay anything extra! Just configure GES like normal and we&#8217;ll automatically apply this huge performance enhancement to your website.<\/p>\n\n\n\n<p><a href=\"https:\/\/blog.cloudflare.com\/introducing-polish-automatic-image-optimizati\/\" target=\"_blank\" rel=\"noreferrer noopener\">Learn more about Polish on Cloudflare&#8217;s blog<\/a>.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-css-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">Automatic SSL Installation<\/h2>\n\n\n\n<p>WP Engine\u2019s Global Edge Security offering will automatically install the SSL certificates added in the WP Engine User Portal on the Cloudflare Edge servers. In this way both the connection between the end-user\u2019s web browser and Cloudflare will be encrypted, as well as the connection between Cloudflare and WP Engine.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/wpengine.com\/wp-content\/uploads\/2018\/08\/cloudflare_ssl_encryption.png\" alt=\"\" class=\"wp-image-41256\"\/><\/figure>\n\n\n\n<p>This integration means end-users will see the SSL certificate installed through WP Engine when visiting your website, rather than a shared or dedicated Cloudflare SSL certificate. The SSL integration between the Global Edge Security product and WP Engine is automatic, and ensures your website is encrypted from end-to-end.<\/p>\n\n\n\n<div style=\"color:#32373c;background-color:#00d1b2\" class=\"wp-block-genesis-blocks-gb-notice gb-font-size-18 gb-block-notice\" data-id=\"10de4b\"><div class=\"gb-notice-title\" style=\"color:#fff\"><p>NOTE<\/p><\/div><div class=\"gb-notice-text\" style=\"border-color:#00d1b2\">\n<p>When pointed to Global Edge Security, SSL is automatically applied at Edge,&nbsp;so you will not need to add one. On GES, third-party SSL may be applied, if needed.<\/p>\n<\/div><\/div>\n\n\n\n<hr class=\"wp-block-separator has-css-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">Limitations<\/h2>\n\n\n\n<p>Using a secondary WAF (EX: Sucuri) with GES is <strong>not<\/strong> recommended. Two firewall layers causes a complexity that leads to slow performance and inhibits any troubleshooting our team can assist with.<\/p>\n\n\n\n<p>Additionally, when using the Global Edge Security product from WP Engine, your CDN, WAF, and DDoS configuration rules are automatically configured. While there is no configuration needed on your end, WP Engine cannot add special customizations to these rules for individual sites or accounts&#8211;the rulesets and configurations are fine-tuned with performance and Defense-in-Depth in mind for the protection of your websites. If your websites require a high level of customization for Cloudflare settings, or specifically need access to the Cloudflare network in China, you may want to speak to your Account Manager about other Cloudflare options instead.<\/p>\n\n\n\n<a name=\"enable\"><\/a><a name=\"Configure_GES\"><\/a>\n\n\n\n<hr class=\"wp-block-separator has-css-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">Enable GES<\/h2>\n\n\n\n<p>Global Edge Security is enabled per domain from the User Portal. If the product extension has not yet been purchased, this can be done from the <a href=\"https:\/\/my.wpengine.com\/products\" target=\"_blank\" rel=\"noreferrer noopener\">Products page<\/a>.<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>From the <a href=\"https:\/\/my.wpengine.com\/sites\">Sites page<\/a>, click the environment name<\/li>\n\n\n\n<li>Select <strong>Domains<\/strong> (You may have to expand the <strong>Manage<\/strong> dropdown section)<\/li>\n\n\n\n<li>Locate the domain name, and open the <strong>three dot menu<\/strong> icon to the right<\/li>\n\n\n\n<li>Select <strong>Switch Network<\/strong><\/li>\n\n\n\n<li>Choose whether or not to include the www\/non-www domain in this network switch<\/li>\n\n\n\n<li>Confirm that this domain will be switched to Global Edge Security<\/li>\n<\/ol>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"580\" src=\"https:\/\/wpengine.com\/support\/wp-content\/uploads\/2024\/07\/switch-network-1024x580.png\" alt=\"Screenshot of the Domains page in the WP Engine User Portal showing where to Switch Network for a domain\" class=\"wp-image-125254\" srcset=\"https:\/\/wpengine.com\/support\/wp-content\/uploads\/2024\/07\/switch-network-1024x580.png 1024w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2024\/07\/switch-network-300x170.png 300w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2024\/07\/switch-network-768x435.png 768w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2024\/07\/switch-network-1536x870.png 1536w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2024\/07\/switch-network-1500x850.png 1500w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2024\/07\/switch-network.png 1654w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<div style=\"color:#32373c;background-color:#00d1b2\" class=\"wp-block-genesis-blocks-gb-notice gb-font-size-18 gb-block-notice\" data-id=\"10de4b\"><div class=\"gb-notice-title\" style=\"color:#fff\"><p>NOTE<\/p><\/div><div class=\"gb-notice-text\" style=\"border-color:#00d1b2\">\n<p>Global Edge Security cannot be enabled for <a href=\"https:\/\/wpengine.com\/support\/transfer-wp-engine-environment\/\">transferable environments<\/a>.<\/p>\n<\/div><\/div>\n\n\n\n<a name=\"dns\"><\/a>\n\n\n\n<a name=\"cname\"><\/a><a name=\"Locate_DNS_Values\"><\/a>\n\n\n\n<h3 class=\"wp-block-heading\">Point DNS<\/h3>\n\n\n\n<p>After switching a domain to the Global Edge Security network, DNS records must be pointed to complete network activation. The Global Edge Security DNS Details will be displayed automatically when switching networks, or <a href=\"https:\/\/wpengine.com\/support\/point-domain\/\">learn how to view DNS Details again here<\/a>.<\/p>\n\n\n\n<p>There are two options when pointing DNS:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/wpengine.com\/support\/point-domain\/\">Point DNS to GES using CNAME flattening.<\/a>\n<ul class=\"wp-block-list\">\n<li>The Global Edge Security CNAME is a unique string for each environment that includes &#8220;wpeproxy.com&#8221; (EX: <code>12345.wpeproxy.com<\/code>). <a href=\"https:\/\/wpengine.com\/support\/point-domain\/\">Learn how to view GES DNS details again here<\/a>.<\/li>\n\n\n\n<li>If you already have CNAME flattening configured, simply replace the current WP Engine CNAME with the new GES CNAME.<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><a href=\"https:\/\/wpengine.com\/support\/point-domain\/\">Point DNS to GES using two A records.<\/a>\n<ul class=\"wp-block-list\">\n<li>While CNAME flattening is preferred, A records are supported. To ensure maximum load balancer accessibility, two A records should be configured for any domain pointed via A record, using two separate IP addresses. Although rare, these IP addresses are subject to change for security purposes. <a href=\"https:\/\/wpengine.com\/support\/point-domain\/\">Learn how to view GES DNS details again here<\/a>.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n<a name=\"verify\"><\/a>\n\n\n\n<div style=\"color:#32373c;background-color:#00d1b2\" class=\"wp-block-genesis-blocks-gb-notice gb-font-size-18 gb-block-notice\" data-id=\"10de4b\"><div class=\"gb-notice-title\" style=\"color:#fff\"><p>NOTE<\/p><\/div><div class=\"gb-notice-text\" style=\"border-color:#00d1b2\">\n<p><a href=\"https:\/\/wpengine.com\/support\/add-domain-in-user-portal\/#Domain_Status\">Learn how to check Domain Statuses to confirm proper GES configuration here.<\/a><\/p>\n<\/div><\/div>\n\n\n\n<a name=\"cache\"><\/a>\n\n\n\n<hr class=\"wp-block-separator has-css-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">GES Cache<\/h2>\n\n\n\n<p>By default, GES has static assets cache expiration set to 365 days. If cache expiration needs to be modified, reach out to&nbsp;<a href=\"https:\/\/my.wpengine.com\/support\">WP Engine Support<\/a>. If you&#8217;ve made changes to your site but are not seeing them reflected when using Global Edge Security, it&#8217;s very likely that the network cache needs to be purged.<\/p>\n\n\n\n<p>To clear domain network caches, including Global Edge Security network cache:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>From the <a href=\"https:\/\/my.wpengine.com\/sites\">Sites page<\/a>, select the&nbsp;<strong>environment name<\/strong><\/li>\n\n\n\n<li>Click&nbsp;<strong>Domains<\/strong><\/li>\n\n\n\n<li>Expand the <strong>3 dot&nbsp;menu&nbsp;icon<\/strong> to the right of the domain<\/li>\n\n\n\n<li>Select&nbsp;<strong>Clear cache<\/strong><\/li>\n<\/ol>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"528\" src=\"https:\/\/wpengine.com\/support\/wp-content\/uploads\/2023\/05\/clear-domain-caches-1024x528.png\" alt=\"\" class=\"wp-image-123782\" srcset=\"https:\/\/wpengine.com\/support\/wp-content\/uploads\/2023\/05\/clear-domain-caches-1024x528.png 1024w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2023\/05\/clear-domain-caches-300x155.png 300w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2023\/05\/clear-domain-caches-768x396.png 768w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2023\/05\/clear-domain-caches-1536x791.png 1536w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2023\/05\/clear-domain-caches-1500x773.png 1500w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2023\/05\/clear-domain-caches.png 1931w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<div style=\"color:#32373c;background-color:#00d1b2\" class=\"wp-block-genesis-blocks-gb-notice gb-font-size-18 gb-block-notice\" data-id=\"10de4b\"><div class=\"gb-notice-title\" style=\"color:#fff\"><p>NOTE<\/p><\/div><div class=\"gb-notice-text\" style=\"border-color:#00d1b2\">\n<p>Alternatively, <strong>Clear Network Caches<\/strong> on the <em>Cache<\/em> page of the User Portal will also clear GES caches. <a href=\"https:\/\/wpengine.com\/support\/cache\/#User_Portal\">Learn more here.<\/a><\/p>\n<\/div><\/div>\n\n\n\n<a name=\"errors\"><\/a>\n\n\n\n<hr class=\"wp-block-separator has-css-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">GES Errors<\/h2>\n\n\n\n<p>If you are using WP Engine\u2019s Global Edge Security product extension you may see new errors. Read on to learn how to interpret the error pages, and troubleshooting steps to resolve errors.<\/p>\n\n\n\n<p><strong>Unknown Error<\/strong><\/p>\n\n\n\n<p>This section will help you if you encounter the following error:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><b>Web server is returning an unknown error<\/b><br><i>There is an unknown connection error between Cloudflare and the origin web server. As a result, the page cannot be displayed. <\/i><br><i>Ray ID: 1234567890-DFW<\/i><br><i>Your IP Address: 123.45.67.890<\/i><br><i>Error reference number: 520<\/i><br><i>Cloudflare Location: DFW<\/i><\/pre>\n\n\n\n<p>This error appears when there is a connection error between Cloudflare and the WP Engine origin server. While this error can mean several things, some common causes include:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>The connection was reset<\/li>\n\n\n\n<li>Response headers were too large (generally indicates a deeper problem with the website)<\/li>\n\n\n\n<li>Invalid or empty response from the WP Engine origin server<\/li>\n\n\n\n<li>No response headers were sent<\/li>\n\n\n\n<li>Presence of multiple \u201cContent-Length\u201d headers<\/li>\n<\/ul>\n\n\n\n<p>The 520 Unknown Error is typically caused by something at the application layer, indicating a website-level issue rather than a server-level issue. Try visiting the site while using a <a href=\"https:\/\/wpengine.com\/support\/emulate-dns-change-with-the-hosts-file-trick\/\">hosts file trick<\/a> to point your domain directly to the WP Engine IP address showing in your User Portal, and see if a different error exists which might be causing this. For more help, contact WP Engine support via 24\/7 Live Chat in your <a href=\"https:\/\/my.wpengine.com\/\">User Portal<\/a>.<\/p>\n\n\n\n<p><strong>Web Server is Down<\/strong><\/p>\n\n\n\n<p>This section will help you if you encounter the following error:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><strong><i>Web server is down<\/i><\/strong><br><i>The web server is not returning a connection. As a result, the web page is not displaying. <\/i><br><i>Ray ID: 1234567890-DFW<\/i><br><i>Your IP Address: 123.45.67.890<\/i><br><i>Error reference number: 521<\/i><br><i>Cloudflare Location: DFW<\/i><\/pre>\n\n\n\n<p>This error occurs when the Cloudflare server received a \u201cconnection refused\u201d response from the WP Engine origin server, or when the web server is down\/restarting. If the web server is down\/restarting, simply try the web page again in a few minutes.<\/p>\n\n\n\n<p>In the case of a \u201cconnection refused\u201d issue, usually this happens because a Cloudflare IP address has been rate-limited or denied on the WP Engine server or on the website directly through a security\/firewall plugin. WP Engine allows connections from Cloudflare IP addresses, indicating the issue is most likely to be a security plugin or firewall. Check your security settings for your website, or contact WP Engine Support via 24\/7 Live Chat in your <a href=\"https:\/\/my.wpengine.com\/\">User Portal<\/a> for more help.<\/p>\n\n\n\n<p><strong>Connection Timed Out<\/strong><\/p>\n\n\n\n<p>This section will help you if you encounter the following error:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><strong><i>Connection timed out<\/i><\/strong><br><i>The initial connection between Cloudflare's network and the origin web server timed out. As a result, the web page can not be displayed.<\/i><br><i>Ray ID: 1234567890-DFW<\/i><br><i>Your IP Address: 123.45.67.890<\/i><br><i>Error reference number: 522<\/i><br><i>Cloudflare Location: DFW<\/i><\/pre>\n\n\n\n<p>This error indicates the request timed out when trying to establish an initial connection to the WP Engine origin server. There are several conditions which could cause this error to appear:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Your WP Engine server is overloaded with traffic, and could not respond to the connection request<\/li>\n\n\n\n<li>Cloudflare requests have been denied by your website via a security plugin or firewall<\/li>\n\n\n\n<li>Website has disabled Keep-Alive headers<\/li>\n\n\n\n<li>Faulty network routing<\/li>\n<\/ul>\n\n\n\n<p>If the first or last scenario is true, try again in a few minutes to see if your request is successful, as the high traffic or routing issue may be temporary. If you continue to see this error, contact WP Engine Support via 24\/7 Live Chat in your <a href=\"https:\/\/my.wpengine.com\/\">User Portal<\/a> for more help troubleshooting this issue.<\/p>\n\n\n\n<p>If the second or third scenario, check security settings for your firewall or security plugin, and ensure it is not denying Cloudflare IP addresses, or that it hasn\u2019t disabled Keep-Alive headers, which Cloudflare requires to make connections to your WP Engine server.<\/p>\n\n\n\n<p><strong>Origin is Unreachable<\/strong><\/p>\n\n\n\n<p>This section will help you if you encounter the following error:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><em><b>Origin is unreachable<\/b><\/em><br><i>The origin web server is not reachable.<\/i><br><i>Ray ID: 1234567890-DFW<\/i><br><i>Your IP Address: 123.45.67.890<\/i><br><i>Error reference number: 523<\/i><br><i>Cloudflare Location: DFW<\/i><\/pre>\n\n\n\n<p>This error is very rare, and typically indicates a network route to your WP Engine origin server is unavailable. This can happen if your WP Engine IP address has been null-routed, which is an extremely rare scenario. If you encounter this error, first check your DNS settings to ensure you are pointed to the correct CNAME for the Global Edge Security network. If all looks correct, please contact WP Engine Support for more help via 24\/7 Live Chat in your <a href=\"https:\/\/my.wpengine.com\/\">User Portal<\/a>.<\/p>\n\n\n\n<p><strong>A Timeout Occurred<\/strong><\/p>\n\n\n\n<p>This section will help you if you encounter the following error:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><em><b>A timeout occurred<\/b><\/em><br><i>The origin web server timed out responding to the request. <\/i><br><i>Ray ID: 1234567890-DFW<\/i><br><i>Your IP Address: 123.45.67.890<\/i><br><i>Error reference number: 524<\/i><br><i>Cloudflare Location: DFW<\/i><\/pre>\n\n\n\n<p>WP Engine institutes a 60-second timeout for long-running page requests. On top of this, Cloudflare institutes a 100-second timeout of a similar nature. If a connection was established but no response was sent for over 100 seconds, this error will occur. Most often this error occurs because of long-running requests (cron jobs or imports), or because of very long database operations. We recommend batching your imports or long-running cron jobs into smaller requests so they do not exceed the timeout. If you need more help identifying the source of this issue, please contact WP Engine Support via 24\/7 Live Chat in your <a href=\"https:\/\/my.wpengine.com\/\">User Portal<\/a>.<\/p>\n\n\n\n<p><strong>SSL Handshake Failed<\/strong><\/p>\n\n\n\n<p>This section will help you if you encounter the following error:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><em><strong>SSL handshake failed<\/strong><\/em><br><i>Cloudflare is unable to establish an SSL connection to the origin server<\/i><br><i>Ray ID: 1234567890-DFW<\/i><br><i>Your IP Address: 123.45.67.890<\/i><br><i>Error reference number: 525<\/i><br><i>Cloudflare Location: DFW<\/i><\/pre>\n\n\n\n<p>WP Engine\u2019s Cloudflare configuration uses \u201cFull\u201d SSL settings, meaning it will try to connect to the WP Engine origin server with SSL encryption. This error will occur if the SSL certificate does not exist or was removed on the WP Engine origin server. If your DNS is pointed to our Legacy DNS Network, to resolve this error, simply <a href=\"\/support\/ssl\/\">add a free Let\u2019s Encrypt SSL certificate<\/a> for your domain in the WP Engine User Portal. If you need more help troubleshooting this error, contact WP Engine Support via 24\/7 Live Chat in your <a href=\"https:\/\/my.wpengine.com\/\">User Portal<\/a>.<\/p>\n\n\n\n<p><strong>Invalid SSL Certificate<\/strong><\/p>\n\n\n\n<p>This section will help you if you encounter the following error:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><em><b>Invalid SSL certificate<\/b><\/em><br><i>The origin web server does not have a valid SSL certificate<\/i><br><i>Ray ID: 1234567890-DFW<\/i><br><i>Your IP Address: 123.45.67.890<\/i><br><i>Error reference number: 526<\/i><br><i>Cloudflare Location: DFW<\/i><\/pre>\n\n\n\n<p>This error indicates the SSL certificate on the WP Engine server is not valid. If you encounter this error, check the SSL certificate showing in your User Portal for your website. Make sure the certificate is not expired, has not been revoked, and is not self-signed. If your DNS is pointed to our Legacy DNS Network, to resolve this error you can add a free Let\u2019s Encrypt SSL certificate from the WP Engine User Portal for your domain. If you need more help troubleshooting this error, contact WP Engine Support via 24\/7 Live Chat in your <a href=\"https:\/\/my.wpengine.com\/\">User Portal<\/a>.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-css-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">Disable GES<\/h2>\n\n\n\n<p>To disable Global Edge Security: switch network types to the Advanced Network in the User Portal, then update DNS to point to the the Advanced Network instead. This process should be repeated for each domain where GES is enabled.<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li><strong>Switch to the Advanced Network:<\/strong>\n<ul class=\"wp-block-list\">\n<li>From the <a href=\"https:\/\/my.wpengine.com\/sites\">Sites page<\/a>, select the environment name where the domain has been added<\/li>\n\n\n\n<li>Select <strong>Domains<\/strong><\/li>\n\n\n\n<li>Locate the domain name, and open the <strong>three dot menu<\/strong> icon to the right<\/li>\n\n\n\n<li>Select <strong>Switch Network<\/strong><\/li>\n\n\n\n<li>Confirm that this domain will be switched to Advanced Network<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"580\" src=\"https:\/\/wpengine.com\/support\/wp-content\/uploads\/2024\/07\/switch-network-1024x580.png\" alt=\"Screenshot of the Domains page in the WP Engine User Portal showing where to Switch Network for a domain\" class=\"wp-image-125254\" srcset=\"https:\/\/wpengine.com\/support\/wp-content\/uploads\/2024\/07\/switch-network-1024x580.png 1024w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2024\/07\/switch-network-300x170.png 300w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2024\/07\/switch-network-768x435.png 768w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2024\/07\/switch-network-1536x870.png 1536w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2024\/07\/switch-network-1500x850.png 1500w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2024\/07\/switch-network.png 1654w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<ol start=\"2\" class=\"wp-block-list\">\n<li><strong>Update DNS:<\/strong>\n<ul class=\"wp-block-list\">\n<li>On the Domains page, locate the domain then open the <strong>three dot menu<\/strong> icon to the right<\/li>\n\n\n\n<li>Select <strong>View DNS Details<\/strong><\/li>\n\n\n\n<li>Use this new CNAME\/IP address when <a href=\"https:\/\/wpengine.com\/support\/point-domain\/\">updating DNS<\/a> at your DNS provider<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" src=\"https:\/\/wpengine.com\/support\/wp-content\/uploads\/2023\/05\/view-dns-details.png\" alt=\"\"\/><\/figure>\n\n\n\n<p>That&#8217;s it! Once DNS updates, this domain will no longer use the Global Edge Security network.<\/p>\n\n\n\n<p>GES is enabled for each domain, be sure to repeat this process for each domain that needs GES disabled.<\/p>\n\n\n\n<p>To learn more about the Advanced Network, and how to switch and update DNS, <a href=\"https:\/\/wpengine.com\/support\/advanced-network\/\">see the Advanced Network guide here<\/a>.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<p><strong>NEXT STEP: <a href=\"https:\/\/wpengine.com\/support\/ges\/\">Learn how to connect to SSH Gateway<\/a><\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Global Edge Security is a security and performance suite partnered with Cloudflare. Learn how to setup your DNS for us with GES services.<\/p>\n","protected":false},"featured_media":126216,"template":"","support-categories":[14,6,16],"support-tag":[129,42,60,17],"class_list":["post-71764","support","type-support","status-publish","has-post-thumbnail","hentry","support-categories-account","support-categories-platform","support-categories-security-3","support-tag-cloudflare","support-tag-dns","support-tag-performance","support-tag-security"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v26.7 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Global Edge Security (GES) - Support Center<\/title>\n<meta name=\"description\" content=\"Global Edge Security is a security and performance suite partnered with Cloudflare. Learn how to setup your DNS for us with GES services.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/wpengine.com\/support\/ges\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Global Edge Security (GES) - Support Center\" \/>\n<meta property=\"og:description\" content=\"Global Edge Security is a security and performance suite partnered with Cloudflare. Learn how to setup your DNS for us with GES services.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/wpengine.com\/support\/ges\/\" \/>\n<meta property=\"og:site_name\" content=\"Support Center\" \/>\n<meta property=\"article:modified_time\" content=\"2025-10-06T16:34:09+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/wpengine.com\/support\/wp-content\/uploads\/2019\/12\/wp-engine-featured-image.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"630\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"14 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/wpengine.com\/support\/ges\/\",\"url\":\"https:\/\/wpengine.com\/support\/ges\/\",\"name\":\"Global Edge Security (GES) - Support Center\",\"isPartOf\":{\"@id\":\"https:\/\/wpengine.com\/support\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/wpengine.com\/support\/ges\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/wpengine.com\/support\/ges\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/wpengine.com\/support\/wp-content\/uploads\/2019\/12\/wp-engine-featured-image.png\",\"datePublished\":\"2019-02-05T17:09:13+00:00\",\"dateModified\":\"2025-10-06T16:34:09+00:00\",\"description\":\"Global Edge Security is a security and performance suite partnered with Cloudflare. Learn how to setup your DNS for us with GES services.\",\"breadcrumb\":{\"@id\":\"https:\/\/wpengine.com\/support\/ges\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/wpengine.com\/support\/ges\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/wpengine.com\/support\/ges\/#primaryimage\",\"url\":\"https:\/\/wpengine.com\/support\/wp-content\/uploads\/2019\/12\/wp-engine-featured-image.png\",\"contentUrl\":\"https:\/\/wpengine.com\/support\/wp-content\/uploads\/2019\/12\/wp-engine-featured-image.png\",\"width\":1200,\"height\":630,\"caption\":\"WP Engine\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/wpengine.com\/support\/ges\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/wpengine.com\/support\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Support Posts\",\"item\":\"https:\/\/wpengine.com\/support\/support\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Global Edge Security (GES)\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/wpengine.com\/support\/#website\",\"url\":\"https:\/\/wpengine.com\/support\/\",\"name\":\"Support Center\",\"description\":\"WP Engine&#039;s Support Center\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/wpengine.com\/support\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Global Edge Security (GES) - Support Center","description":"Global Edge Security is a security and performance suite partnered with Cloudflare. Learn how to setup your DNS for us with GES services.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/wpengine.com\/support\/ges\/","og_locale":"en_US","og_type":"article","og_title":"Global Edge Security (GES) - Support Center","og_description":"Global Edge Security is a security and performance suite partnered with Cloudflare. Learn how to setup your DNS for us with GES services.","og_url":"https:\/\/wpengine.com\/support\/ges\/","og_site_name":"Support Center","article_modified_time":"2025-10-06T16:34:09+00:00","og_image":[{"width":1200,"height":630,"url":"https:\/\/wpengine.com\/support\/wp-content\/uploads\/2019\/12\/wp-engine-featured-image.png","type":"image\/png"}],"twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"14 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/wpengine.com\/support\/ges\/","url":"https:\/\/wpengine.com\/support\/ges\/","name":"Global Edge Security (GES) - Support Center","isPartOf":{"@id":"https:\/\/wpengine.com\/support\/#website"},"primaryImageOfPage":{"@id":"https:\/\/wpengine.com\/support\/ges\/#primaryimage"},"image":{"@id":"https:\/\/wpengine.com\/support\/ges\/#primaryimage"},"thumbnailUrl":"https:\/\/wpengine.com\/support\/wp-content\/uploads\/2019\/12\/wp-engine-featured-image.png","datePublished":"2019-02-05T17:09:13+00:00","dateModified":"2025-10-06T16:34:09+00:00","description":"Global Edge Security is a security and performance suite partnered with Cloudflare. Learn how to setup your DNS for us with GES services.","breadcrumb":{"@id":"https:\/\/wpengine.com\/support\/ges\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/wpengine.com\/support\/ges\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/wpengine.com\/support\/ges\/#primaryimage","url":"https:\/\/wpengine.com\/support\/wp-content\/uploads\/2019\/12\/wp-engine-featured-image.png","contentUrl":"https:\/\/wpengine.com\/support\/wp-content\/uploads\/2019\/12\/wp-engine-featured-image.png","width":1200,"height":630,"caption":"WP Engine"},{"@type":"BreadcrumbList","@id":"https:\/\/wpengine.com\/support\/ges\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/wpengine.com\/support\/"},{"@type":"ListItem","position":2,"name":"Support Posts","item":"https:\/\/wpengine.com\/support\/support\/"},{"@type":"ListItem","position":3,"name":"Global Edge Security (GES)"}]},{"@type":"WebSite","@id":"https:\/\/wpengine.com\/support\/#website","url":"https:\/\/wpengine.com\/support\/","name":"Support Center","description":"WP Engine&#039;s Support Center","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/wpengine.com\/support\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"}]}},"_links":{"self":[{"href":"https:\/\/wpengine.com\/support\/wp-json\/wp\/v2\/support\/71764","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/wpengine.com\/support\/wp-json\/wp\/v2\/support"}],"about":[{"href":"https:\/\/wpengine.com\/support\/wp-json\/wp\/v2\/types\/support"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/wpengine.com\/support\/wp-json\/wp\/v2\/media\/126216"}],"wp:attachment":[{"href":"https:\/\/wpengine.com\/support\/wp-json\/wp\/v2\/media?parent=71764"}],"wp:term":[{"taxonomy":"support-categories","embeddable":true,"href":"https:\/\/wpengine.com\/support\/wp-json\/wp\/v2\/support-categories?post=71764"},{"taxonomy":"support-tag","embeddable":true,"href":"https:\/\/wpengine.com\/support\/wp-json\/wp\/v2\/support-tag?post=71764"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}