How Incapsula Handles Threats


By Marc Gaffan
Follow

Incapsula provides several alternatives for handling threats such as bad bots or SQL injection attacks.

Alert Only: Incapsula will issue an alert for every threat but will not block it. The alerts are visible in the Site Dashboard and in the Traffic tab under the Site Dashboard.

Block Request: Incapsula will block any request that poses a threat to your website and issue an alert.

Block User: Incapsula will block any user that attacked your website. The user will be blocked, starting from the first request that poses a threat.

Block IP: Incapsula will block any IP that attacked your website. The IP will be blocked for 10 minutes, starting from the first request that poses a threat. When an IP is blocked, Incapsula will also block the user to prevent the same user from executing attacks using other IPs.

Ignore: Incapsula will take no action when detecting a threat.

 

The default threat handling behavior is set to Alert Only. Once you feel comfortable with the service it is recommended that you change the configuration to Block Request. Changing the way Incapsula handles threats can be done through the Settings tab in the Site Dashboard.

Was this article helpful?
6 out of 6 found this helpful
Have more questions? Submit a request

Comments

  • Avatar
    ASP

    How are you identifying individual users?

  • Avatar
    echai

    Many aspects of the user are involved, both passive as connection attributes and more dynamic as the client side environment.

    Users are tagged through a set of persistent identifiers. You can think of it as Cookies.

  • Avatar
    ASP

    How long is a user blocked for?  Is that for 24 hours?

  • Avatar
    Lee

    ... incapsula... folks are still waiting for answers to this... in fact 3 yrs

Powered by Zendesk