There is a DDoS attack on the site and as a result all regular users are blocked. In event I found a rule that blocks regular users, it turned out to be “Service: HTTP DDoS”, by “rule id” I found this particular rule, it turned out to be under “DDoS L7 ruleset configuration” rule “HTTP requests with unusual HTTP headers or URI path (signature #55).”, this rule has the property “Read only” and I can’t disable it, what to do?
1 Like
It appears that the DDoS protection feature is doing its job in protecting your site from a potential DDoS attack. However, if it’s causing issues with your legitimate users, the DDoS protection settings may be too aggressive. While you cannot disable this specific read-only rule, you can try adjusting the “Security Level” under Firewall → Settings. Lower the level if it’s set too high. If you identified specific user IP addresses that are being incorrectly blocked, you can manually allow them by adding them to the “IP Access Rules”. Be cautious not to open your site up to attacks while making these adjustments.
This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.