Cloudmersive Reverse Proxy Server can be used to protect Salesforce Sites. This article documents recommended best practices for such configurations:

1. Add a Transform Redirect policy. Set the Match Host to the fully-qualified domain name (FQDN) of your salesforce site, e.g. mysite.my.site.com. Set the New Host property to the fully-qualified domain name (FQDN) of your Cloudmersive Reverse Proxy Server or Managed Instance.

2. Add a Response Content Replace policy. Under Target Content to Match, set the fully-qualified domain name (FQDN) of your salesforce site, e.g. mysite.my.site.com. Set the Replacement Content to the fully-qualified domain name (FQDN) of your Cloudmersive Reverse Proxy Server or Managed Instance.

3. Configure Site Level Settings and enable the option to Remove Cookie Domains (if set). Also enable these checkboxes:

• Disable X-Forwarded-For Header
• Disable X-Forwarded-Host Header
• Disable X-Forwarded-Proto Header

4. Add a Response Content Replace policy. Under Target Content to Match, set test.salesforce.com. Set the Replacement Content to the fully-qualified domain name (FQDN) of your Cloudmersive Reverse Proxy Server or Managed Instance.

5. Add a Set Request Header with Header Name to Referer and set its value to https://mysite.my.site.com/

6. Add a Set Request Header with Header Name to Origin and set its value to https://mysite.my.site.com

Be sure to set all Transform Policies Transform Mode to Complete

These policies server to ensure that redirects and forms do not go to the original site.com domain, but instead go to the Cloudmersive Reverse Proxy Server.

Advanced Virus Scanning

To enable Advanced Virus Scanning, add a Virus Scan File Upload Request (multipart/form-data) - Advanced Scan policy. Optionally configure Restrict File Formats to use Cloudmersive Advanced Content Verification technology to verify uploads comply with the allowed list of file types by verifying file contents.

Add an API key and include the appropriate Base Path for your Cloudmersive Private Cloud or Cloudmersive Managed Instance API endpoint.

IP Whitelisting

It is recommended, though not required, that you lock down your Salesforce application by enabling IP whitelisting and setting this set of IPs to be equal to the Cloudmersive Reverse Proxy server static IP(s), as well as any other IPs that need direct access to the origin application.

Optional Redirect

You can also add a Response Redirect on Request Path Transform Policy with Match Path (Exact) set to / and the New Path (Full Path) set to something like /my-actual-site/s/. This way traffic to the root domain goes to your application. You can set Clear Response Content Body on Redirect (Recommended) to checked.

Optional Logging

You can also enable Cloudmersive Log Analytics or other logging policies for additional observability.