This document describes Web Application Firewall (WAF) attacking IP penalty, which can quickly block malicious attack source IPs and defeat attacks and threats from malicious scanners, proxies and webs to improve defensive efficiency.
Attacking IP penalty can automatically block repeated web attacks the client IP suffered in a short period of time. You can view attack logs for attack details.
- You have purchased a WAF package and added the protected domain name, which is in normal protection.
- Intelligence IP blocking is now in beta. To use it, please contact us for a free trial. After official launch, you will be charged on the published prices.
- Log in to the WAF Console, and select IP Management > IP Blocking Management on the left sidebar.
- Configure the attacking IP penalty settings.
Field and operation descriptions:
- Blocking Switch: specifies whether to enable attacking IP penalty. It is disabled by default.
- Web Attacks: specifies the number of web attacks triggered by the attack source IP (which will trigger rules engine excluding AI engine, custom strategies, and CC attacks) within a period of time. Default: 20.
- Detection Duration: specifies the detection duration of the attack source IP. Default: 20 minutes.
- Blocking Duration: specifies the blocking duration of the attack source IP. Default: 20 minutes.
- Operation: edits the default setting. You can click Settings in the top right corner of the attacking IP penalty page.