Understanding the WAF block screen


When you're navigating through your site and encounter the screen below, it's an indication that our WAF is active and working to protect the site against potentially malicious activities, and for some reason, it has interpreted it as such. The block screen is not a sign that something is wrong with your device, site, or connection, but rather a security measure implemented to protect your application.

blocked

Understanding the block screen

You will find three pieces of information on the block screen, which are:

Unique ID: This is the unique ID of the block that occurred on your request, and if it's a false positive, you will need to send this ID so our team can analyze the block and make the necessary rule correction.
Your IP: This is your IP address.
URI: Here you will find the URI (https://domain.tls/URI) that was requested and blocked.

Common reasons for receiving a WAF block screen

Suspicious activities: Your request may contain patterns that our WAF identifies as suspicious, common in attacks like SQL injection, cross-site scripting (XSS), or attempts to exploit known vulnerabilities.
High request rate: An abnormally high number of requests coming from your IP may be interpreted as a brute-force attack or a DDoS (Distributed Denial of Service) attempt, leading the WAF to temporarily block access.
False positive: For some reason, the WAF interpreted your activity as malicious even though it wasn't, in this case, you will need to send this ID so our team can analyze the block and make the necessary rule correction.

Related Articles