Threat Score HTTP Attack

I have problems with HTTP attack, i make a firewall rules with Threat Score,i block all 20+, and challenge 10-20, and they pass, but i block over 20.000 connection, how i block the connection how passed? I block from +10?

:wave: @madalin.fxf,

Rate limiting, bot management, country and ASN or characteristics of the ‘bad’ request such as UA based rules requiring captcha or JS Challenge would probably be a better method than Threat Score. Thread score is based on IP reputation which is not necessarily the best signal as a stand-alone for making block/ allow decisions.

— OG

2 Likes

If you can learn me to do this, because i m new, and i dont now to protect from HTTP Attack, with DDoS i fixed, but HTTP working… they attack my apps when is online with 20.000-50.000 ips from all world in same time, and my apps is droped.

I would recommend starting here:

I read, but i can fix the problem, the HTTP attack still working.

Instead of trying to challenge all IPs, ASNs, countries etc where the attackers are coming from, you may want to try to challenge anyone who is NOT in a group of approved countries, ASNs, IPs etc.

So:

If NOT a known bot AND
If country is NOT in {US FR UK etc countries where most of your legit visitors come from} AND
If ASN is NOT in {list ASNs from Facebook and other services you want to have access} AND
If IP is NOT in {list IPs from GTMetrix etc}

then

Challenge (in this case Challenge/Captcha is better than block)

1 Like

@floripare, if i turn on the “Under Attack Mode” firewall rules still working?

Yes. The Firewall Rules will apply first, and then all requests that pass these rules would still have to wait 5 seconds for the UAM to work.

1 Like

Oki, thank you, i leave replay if all works fine.