How to stop attacks on my website

My website has been under attack for serval days now, when I noticed the attack I quickly deployed a WAF rule that blocks the IP address, but it seems like the attacker is using a VPN and its IP address is always changing once blocked. I then noticed that the HTTP version is HTTP/1.0, so I updated the rule to block every single request that uses HTTP/1.0.

  1. Is this the correct way to stop an attack? If not, what is a better solution?
  2. How to fully stops this attack? It is still going around every 10 second for a week now.

Hey there, you may want to look through this learning path:

Feel free to ask me if you have any specific questions.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.