Admin Tools can be configured (in the Configure WAF page) to send out emails when an attack is blocked. You can configure the contents and layout of these email messages using this page.
Editing an email template
Each email template consists of the following elements:
The kind of attack this email template applies to. If no specific email template is found, Admin Tools will use the one with its reason set to "All".
The subject line of the email message you will be receiving. You can use certain variables (see below).
Only the email templates with Published set to Yes will be taken into account.
Select the language of the email template. If an email template is not found for the currently active site's language when an email is about to be sent out Admin Tools will use the one with its language set to "All". If such a template is not found, Admin Tools will look for a template with its language set to "English (United Kingdom)".
When the "Enable blocked requests email throttling" option is enabled in the Configure WAF page these options will define the maximum number of emails you are going to receive. You can set the number of emails and the amount of time. For example setting 5 emails in 1 hour means that if 5 emails for this Reason have been sent in the last 1 hour Admin Tools will not send out any more emails about it.
The body text of the email message. You can use full HTML and certain variables (see below).
The variables you can use are enclosed in square brackets and are always in uppercase. The available variables are:
[IP] Blocked IP address
[LOOKUP] Direct link to the ip lookup service
[REASON] The detected kind of the attack
[DATE] Date and time of the attack
[URL] Attacked URL. THIS IS POTENTIALLY UNSAFE. You are advised to NOT include this in your emails to avoid attackers triggering Cross Site Scripting (XSS) attacks.
[USER] Username of the attacker (if the user is logged in)
[COUNTRY] -- This item is no longer available and should not be used
[CONTINENT] -- This item is no longer available and should not be used
[UA] User agent of the attacker. THIS IS POTENTIALLY UNSAFE. You are advised to NOT include this in your emails to avoid attackers triggering Cross Site Scripting (XSS) attacks.
[SITENAME] The name of your site.