Set Attacker IP Punishment

最終更新日:2024-06-13 16:41:15

The Attacker IP Punishment  can penalize the client IP that has reached a certain threshold of interceptions by the WAF rule. During the punishment time, all requests from the client IP will be intercepted, regardless of whether the request hits the WAF rule. It is typically used in the following scenarios:

Directly blocking scanner IP to prevent website vulnerabilities from being exposed, meeting regulatory compliance requirements.

Blocking malicious attackers from continuous penetration, preventing unknown website vulnerabilities from being exploited.

Go to WAF > Attacker IP Punishment

  1. Log in to the CDNetworks Console, find the security product in use under Subscribed Products.
  2. Go to Security Settings > Policies.
  3. Find the hostname for which you want to configure security policies, click [Feature Upgrade] Advanced Access Control.
  4. Go to WAF > Attacker IP Punishment tab. If this policy is off, turn it on.

Enable Attacker IP Punishment

  • Before enabling the Attacker IP Punishment, the WAF protection mode must first be configured to “Block”.
  • Set the path for the Attacker IP Punishment:
    • All Paths, enabled for all paths under the current hostname.
    • Specific Path, enable Attacker IP Punishment for specific paths. The path starts with “/” and does not include hostname and parameter. For example, if the request is https://www.test.com/common/ecs/channel?code=1&type=2, then the path is /common/ecs/channel. Then select:
      • equals, then input the path, the input is case sensitive, and supports multiple values.
      • contains, then input the path, supports multiple values.
  • Set Trigger Condition:
    • Select the type of rule to be statistically analyzed.
    • Set the threshold for the number of requests blocked by WAF built-in rules from the client IP within the statistical period.
    • Set the Action Expiration Time, which determines the penalty time for the client IP.
  • Set the Action to Deny.
  • Click Publish Changes to make the configuration take effect.

Disable Attacker IP Punishment

  • Select the following action: Not Used.
  • Click Publish Changes to make the configuration take effect.