Can Blocked Clients in TR7 WAF be Blacklisted?

Step > 1

First, open the WAF Management screen of the related vService by following "Monitor Mode > Relevant vService > WAF Management" steps. In the opened screen, click the pencil icon next to "Checks" and verify that "Blacklist Protection" is enabled.

Step > 2

Then, go to the "Logs" tab and find the log of the client that made a malicious request to the related vService in blocking mode. The IP of the related client can be manually added to the blacklist on TR7 WAF. To do this, click on the relevant log, then click the "Actions" button to add the IP to the vService-specific or the general IP Intelligence table.

Step > 3

Click on the relevant log. In the panel that opens on the right, click the "Actions" button next to "Attacker IP" to add the IP to the vService-specific or general IP Intelligence blacklist table.

An IP added to the vService table will be blocked only by the related service, whereas an IP added to the IP Intelligence table will be blocked by all vServices where "Blacklist Protection" is enabled and WAF is in blocking mode.