For security reasons an Nginx host sits in front of the CI server and a read-only archive of its UI is created. The contents of this archive are served when the https://ci.gpii.net URL is visited. This has protected the Jenkins server but has resulted in inconsistent URLs in notification emails, parts of the UI not getting archived, etc. all causing delays when people are trying to troubleshoot build issues. Using a web application firewall such as ModSecurity can provide another layer of security and more direct access than the current method.