There are different vulnerability scanners or tools that make multiple requests to a host; for each request using different user agents. I want to block that behavior (that the same IP makes multiple requests in a period of time with multiple user agents).
I have checked on the docs and in the interface different combinations of expressions and counting expressions, but I haven’t seen something like this:
Expression:
(http.host eq "mycompany.com"
If the same IP address makes X number of requests with Y different number of user agents in 1,5, 10 minutes, then block the requests for 5, 10, 60 minutes.
Is this possible somehow or is it a feature request? if it is the latter, how can I request it?