CDNetworks will automatically ban the repeatedly attacking IP at the L3/4 and record it in the L3/4 Banned IPs logs.
On the L3/4 Banned IPs page, if a legitimate client’s IP is identified as an malicious IP and blocked, which is a false positive, you can check and confirm through this log and make corresponding security policy adjustments.

Since the “Deny Connection” works at the L3/4, its effectiveness granularity is the mitigation node IP + attack IP, not the hostname. The L3/4 Banned IPs logs for the exclusive IP and its query will only be generated when you have purchased the exclusive IP value-added service. Therefore, this page is not open by default. If you have purchased the exclusive IP, please contact technical support to open it.

Go to L3/4 Banned IPs page:

1. Log in to the CDNetworks Console, find the security product in use under Subscribed Products.
2. Go to Security part, Analysis & Logs > L3/4 Banned IPs.

1. Filter data

1. Specify the time period.
2. Client IP: not required, multiple separated by;.
3. Node IP: not required, multiple separated by;. It refers to the IP of the CDNetworks distributed edge nodes accessed by the client.

2. View query results

After clicking “Search”, the total number of hit logs and logs will be displayed. The log information includes: Time, Client IP, Node IP, Policy Name, Rule Name, Action, Explanation (expand to view), Request Information (expand to view).

3. Download logs

Supports downloading the query results filtered by the query conditions to a CSV file for viewing.