Auto-ban tab:
- IP blocking of repeat offenders: Yes
- Block IP after this many blocked requests: 3
- Time period: 5
- Unit of time measurement: Minutes
- Block duration: 15
- Unit of time measurement for block duration: Minutes
This blocks an IP for 15' if there are any 3 blocked requests in a 5 minute period. I would actually change that to 3 blocked requests in 1 minute, but that's ultimately up to you; I am just adapting my reply to your stated parameters.
Then, we can proceed with permanently blocking IPs which keep triggering the protection:
- Add persistent offenders to the IP Disallow List: Yes
- Permanently disallow IP after this many automatic blocks: 3
This will block that IP if it gets temporarily blocked three times.
Also make sure that in the Logging & Reporting tab the "Do not log these reasons" does NOT have 404 Shield in it. Otherwise, 404 Shield blocked requests will not be logged, therefore the "IP blocking of repeat offenders" feature will not count them towards the limit to block an IP address temporarily. The "IP blocking of repeat offenders" feature works against the contents of your log.
For the same reason, if you have set up automatic deletion of older blocked requests please make sure that you allow at least 1000 blocked requests to stay, otherwise these features might not pick up that the same IP is getting repeatedly blocked requests, i.e. it will never be temporarily or permanently blocked.
Finally, do note that the IP must be an exact match to be blocked. If the blocked requests come from similar but not identical IP addresses they will not be automatically blocked. You can, however, block entire ranges of IP addresses manually in this case.
Nicholas K. Dionysopoulos
Lead Developer and Director
🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!
