Create a Post
Showing results for 
Search instead for 
Did you mean: 

Brute Force Attack and IP Ban


We have done some testing with brute force attack, thousands of requests from a single IP.

Most of complex attacks (XSS, Path Traversal, Injection ...) were blocked but the others were classified and let go through by appsec.

Server behind was suffering with the amount of request.

Is there a way for the appsec to handle that kind of thing ? Saying ok, this IP has a bad overall behaviour, too many bad requests so it is banned for an amount of time.

Best regards



0 Kudos
1 Reply


The WAF engine decides to block or not based on indicators we found and additional data we learn.
In case we see new requests, we didn't learn before, the decision will be made based on the indicators and the information we learned so far.

The IP will have a low user reputation as we will recognize it has a lot of malicious requests.

In this case, I can recommend turning on the Rate Limit capability and to set up a limit to the number of requests from a specific source to a specific timeframe.

0 Kudos


Epsum factorial non deposit quid pro quo hic escorol.