Set Attacker IP Punishment

Last update:2024-06-13 19:18:18

The Attacker IP Punishment  can penalize the client IP that has reached a certain threshold of interceptions by the WAF rule. During the punishment time, all requests from the client IP will be intercepted, regardless of whether the request hits the WAF rule. It is typically used in the following scenarios:

Directly blocking scanner IP to prevent website vulnerabilities from being exposed, meeting regulatory compliance requirements.

Blocking malicious attackers from continuous penetration, preventing unknown website vulnerabilities from being exploited.

Go to WAF > Attacker IP Punishment

  1. Log in to the CDNetworks Console, find the security product in use under Subscribed Products.
  2. Go to Security Part, Configurations > Policies.
  3. Find the hostname for which you want to configure security policies, click CDNetworks海外新节点上线.
  4. Go to WAF > Attacker IP Punishment tab. If this policy is off, turn it on.

Enable Attacker IP Punishment

  • Before enabling the Attacker IP Punishment, the WAF protection mode must first be configured to “Block”.
  • Set the path for the Attacker IP Punishment:
    • All Paths, enabled for all paths under the current hostname.
    • Specific Path, enable Attacker IP Punishment for specific paths. The path starts with “/” and does not include hostname and parameter. For example, if the request is https://www.test.com/common/ecs/channel?code=1&type=2, then the path is /common/ecs/channel. Then select:
      • equals, then input the path, the input is case sensitive, and supports multiple values.
      • contains, then input the path, supports multiple values.
  • Set Trigger Condition:
    • Select the type of rule to be statistically analyzed.
    • Set the threshold for the number of requests blocked by WAF built-in rules from the client IP within the statistical period.
    • Set the Action Expiration Time, which determines the penalty time for the client IP.
  • Set the Action to Deny.
  • Click Publish Changes to make the configuration take effect.

Disable Attacker IP Punishment

  • Select the following action: Not Used.
  • Click Publish Changes to make the configuration take effect.
Is the content of this document helpful to you?
Yes
I have suggestion
Submitted successfully! Thank you very much for your feedback, we will continue to strive to do better!