Website Migration Notice: SafePoint is now operated by CyberServal.Learn more →
DiscussionSLA
Sign inSign up

Feature Request: Application-level HTTP Flood Detection & Mitigation

Published 5 months ago

# SafeLine WAF
# 💡 feature

Published 5 months ago

profile_photo

tuxoai

Updated 5 months ago

0

We would like to formally propose a feature enhancement regarding HTTP Flood detection and mitigation.

In our real-world use case, we operate multiple independent applications behind the same WAF account, serving different business functions, traffic patterns, and user groups. Treating an IP as globally malicious across all applications once it triggers an HTTP Flood rule on a single application is not always appropriate for our environment.

Key concerns with the current behavior:

A legitimate user or shared IP (e.g., NAT, ISP gateway, corporate proxy, mobile carrier) may generate high traffic to one specific application.

Once this IP triggers HTTP Flood detection, it becomes blocked or challenged across all applications, even though traffic to other applications is normal and legitimate.

This can unintentionally impact unrelated services, degrade user experience, and create operational risk for our business.

Requested enhancement:

We strongly recommend supporting application-level (per-site) HTTP Flood detection and mitigation, similar to how Anti-Bot Challenge is currently scoped.

Specifically, we propose:

Allowing HTTP Flood rules to be scoped per application / per site

Isolating flood counters, thresholds, and mitigation actions per application

Ensuring that an IP triggering HTTP Flood on Application A does not automatically affect Application B, unless explicitly configured

Benefits:

More accurate protection aligned with real traffic patterns

Reduced false positives for shared or high-traffic IPs

Greater flexibility for enterprises operating multi-application environments

Improved balance between security and availability

We believe this feature would be extremely valuable for enterprise customers and significantly improve the usability of HTTP Flood protection in complex production environments.

Thank you for considering this request. We would be happy to provide more detailed scenarios or participate in further discussions if needed.

profile_photo

Carrie

Updated 3 months ago

0

We're looking for more requests on this feature from other users.We’re seeking more feedback from users on this feature.

Related Posts
#
Webhook Response
#
Load Balancing to two upstream servers.
#
Adding the Ability to Create Users with LDAP/Active Directory
#
Access log viewer
#
Safari - Challenge Not Work