This document describes Web Application Firewall (WAF) attacker IP penalty, which can quickly block malicious attacker IPs and defeat attacks and threats from malicious scanners, proxies and webs to improve defense efficiency.
Attacker IP penalty can automatically block repeated web attacks the client IP suffered in a short period of time. You can view attack logs for attack details.
- You have purchased a WAF plan.
- You have added a protected domain name, and ensured the domain name is in normal protection. For detailed directions, see Getting Started.
- Currently, IPs can be blocked by domain name. Domain names can have different blocking durations, which are calculated separately.
- Log in to the WAF console and select Configuration Center > Basic Security > Web Security on the left sidebar.
- On the web security page, select the target domain name in the top-left corner and click next to IP blocking to enable IP blocking.
- On the web security page, click next to IP blocking to modify default parameters and click OK.
- Web attacks: It records the number of web attacks from a malicious IP in a specified period. The attacks will trigger the rule engines against web attacks excluding AI engine, custom policies and CC protection.
- Detection duration: It specifies the duration to detect the attacker IP.
- Blocking duration: It specifies the duration to block the attacker IP.