Advanced Logging
Published a year ago
Published a year ago
GamingForLiveYT
Updated a year ago
0
Due to recent attacks that ive gotten that partially werent blocked id love to have the option to specify what gets logged for example via a threshold of request count or time or when something could be an attack but the waf isnt quiet shure to log those so that we can improve our rules to make the protection more effective
Carrie
Updated a year ago
0
Could you provide some examples of the attacks that were not fully blocked?
Was it that the payloads were not detected by SafeLine, or were they only logged without being blocked?
GamingForLiveYT
Updated a year ago
0
Unfortunately not as i only noticed the attack by the ammount of requests that i got, and safeline didnt seem to have a single one that didnt fit a leaking or geoip block list detectet however as im expecting these attacks to continue i have eabled the error and acces logs for the attacked application to be able to provide some more intel
Carrie
Updated a year ago
Yes, you can improve custom rules by analyzing the access logs. The threshold of request count you mentioned can be implemented through rate limiting. Would that meet your needs?
Carrie
Updated a year ago
0
You can also DM me your rate limit config and logs if you’re okay with that — we’ll take a look to see if the rules were hit and working as expected.