In the DDOS Protection > L7 DDoS Protection > Managed Protection, the managed rules with the action of “Deny Connection” is used to protect the mitigation infrastructure during ultra-large-scale L7 DDoS attacks. The Cloud Security 2.0 platform will automatically ban the repeatedly attacking IP at the L3/4 and record it in the L3/4 Banned IPs logs.

On the L3/4 Banned IPs page, you can:

• If a legitimate user’s IP is false positive, you can also check and confirm through this log and make corresponding security policy adjustments.

Since the “Deny Connection” works at the L3/4, its effectiveness granularity is the mitigation node IP + attack IP, not the hostname. The L3/4 Banned IPs logs for the exclusive IP and its query will only be generated when you have purchased the exclusive IP value-added service. Therefore, this page is not open by default. If you have purchased the exclusive IP, please contact technical support to open it.

Entering the L3/4 Banned IPs page:

1. Log in to the CDNetworks Console, find the security product in use under Subscribed Products.
2. Go to  Analytics & Logs > L3/4 Banned IPs。

Filter data

1. Specify the time period.
2. Client IP: not required, multiple separated by;.
3. Node IP: not required, multiple separated by;. It refers to the IP of the CDNetworks distributed edge nodes accessed by the client.

View query results

After clicking “Search”, the total number of hit logs and logs will be displayed. The log information includes: Time, Client IP, Node IP, Policy Name, Rule Name, Action, Explanation (expand to view), Request Information (expand to view).

Download logs

Supports downloading the query results filtered by the query conditions to a CSV file for viewing.