Hi Nicholas,
I'll try to explain with details why I'm asking you the Ref. new feature:
SCENARIO:
- I have already enabled the WAF 'admin directory' and 'secret parameter'
- The most often exceptions reports I'm daily receiving are 'Admin Directory' resulting till up to 4 email warnings by IP each time... A lot!
- The 90% of those 'Admin Directory' (correctly filtered by ATPro) exception attempts arrived from Turkey and IP range from IP 78.160.1.1 to IP 78.191.255.255 owned by ISP: Turk Telekomunikasyon Anonim Sirketi (AS9121).
- As you surely know, to GeoBlock turkey origin, don't stop the mentioned 'Admin directory' access attempts.
- Temporarily, I could IP blacklist the mentioned IP range 78.160.1.1-78.191.255.255 but that's not a good solution knowing the IP's may be changed randomly but very often.
FEATURE REQUEST:
I would like to have the option to 'mark' to have immediately blacklisted its corresponding origin IP as soon as a specific exception is being detected (the 'Admin Directory' exception under my today scenario).
Of course, this new feature rules could need to override the default WAF 'Auto-ban repeat Offenders' ones that I have set by default as 'Block after 3 attacks, in 1 minutes that are not able to block the mentioned ones but are very useful to block other exceptions.
Your comments will be always very welcome.
Hoping this feat. request could be welcome at your side, too
Rgrds,
Note: Going now to update AT to the new 3.0.2 Pro version. Thanks!
I'll try to explain with details why I'm asking you the Ref. new feature:
SCENARIO:
- I have already enabled the WAF 'admin directory' and 'secret parameter'
- The most often exceptions reports I'm daily receiving are 'Admin Directory' resulting till up to 4 email warnings by IP each time... A lot!
- The 90% of those 'Admin Directory' (correctly filtered by ATPro) exception attempts arrived from Turkey and IP range from IP 78.160.1.1 to IP 78.191.255.255 owned by ISP: Turk Telekomunikasyon Anonim Sirketi (AS9121).
- As you surely know, to GeoBlock turkey origin, don't stop the mentioned 'Admin directory' access attempts.
- Temporarily, I could IP blacklist the mentioned IP range 78.160.1.1-78.191.255.255 but that's not a good solution knowing the IP's may be changed randomly but very often.
FEATURE REQUEST:
I would like to have the option to 'mark' to have immediately blacklisted its corresponding origin IP as soon as a specific exception is being detected (the 'Admin Directory' exception under my today scenario).
Of course, this new feature rules could need to override the default WAF 'Auto-ban repeat Offenders' ones that I have set by default as 'Block after 3 attacks, in 1 minutes that are not able to block the mentioned ones but are very useful to block other exceptions.
Your comments will be always very welcome.
Hoping this feat. request could be welcome at your side, too
Rgrds,
Note: Going now to update AT to the new 3.0.2 Pro version. Thanks!
