Set Attacker IP Punishment

최신 업데이트:2024-06-13 19:18:18

The Attacker IP Punishment  can penalize the client IP that has reached a certain threshold of interceptions by the WAF rule. During the punishment time, all requests from the client IP will be intercepted, regardless of whether the request hits the WAF rule. It is typically used in the following scenarios:

Directly blocking scanner IP to prevent website vulnerabilities from being exposed, meeting regulatory compliance requirements.

Blocking malicious attackers from continuous penetration, preventing unknown website vulnerabilities from being exploited.

Go to WAF > Attacker IP Punishment

  1. Log in to the CDNetworks Console, find the security product in use under Subscribed Products.
  2. Go to Security Part, Configurations > Policies.
  3. Find the hostname for which you want to configure security policies, click China Premium Service控制台自助配置功能上线.
  4. Go to WAF > Attacker IP Punishment tab. If this policy is off, turn it on.

Enable Attacker IP Punishment

  • Before enabling the Attacker IP Punishment, the WAF protection mode must first be configured to “Block”.
  • Set the path for the Attacker IP Punishment:
    • All Paths, enabled for all paths under the current hostname.
    • Specific Path, enable Attacker IP Punishment for specific paths. The path starts with “/” and does not include hostname and parameter. For example, if the request is https://www.test.com/common/ecs/channel?code=1&type=2, then the path is /common/ecs/channel. Then select:
      • equals, then input the path, the input is case sensitive, and supports multiple values.
      • contains, then input the path, supports multiple values.
  • Set Trigger Condition:
    • Select the type of rule to be statistically analyzed.
    • Set the threshold for the number of requests blocked by WAF built-in rules from the client IP within the statistical period.
    • Set the Action Expiration Time, which determines the penalty time for the client IP.
  • Set the Action to Deny.
  • Click Publish Changes to make the configuration take effect.

Disable Attacker IP Punishment

  • Select the following action: Not Used.
  • Click Publish Changes to make the configuration take effect.
이 문서의 내용이 도움이 되었습니까?
아니오
정상적으로 제출되었습니다.피드백을 주셔서 감사합니다.앞으로도 개선을 위해 노력하겠습니다.