I'm under attack only filter half DDOS attack, what can I do?

As per image, only half got classified as HTTP DOS, the other half got classified as Security Level, therefore the server is load is still to heavy, making it inaccessible.

How can I create a rule to filter out this bots?

Hi @ems2

You can use the Events page to view what traffic is not being stopped by the WAF and use characteristics such as IP addresses, countries, User Agents, ASN, etc. and create a Custom rule to block traffic that meets the DoS attack’s patterns.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.