The security level of the Astra firewall defines what actions Astra takes on malicious IP addresses & users. There’s an internal algorithm that determines the ‘attack intensity’ and takes appropriate actions based on many factors such as attack consequence level, attack frequency, attacker reputation, etc.
- Login to your dashboard and navigate to settings. Scroll down and you’ll find the “Security Level” tab there.
- You’ll find a drop-down menu with options – High, Medium and Low next to it.
- A “High” security level would mean if there is even one attack performed from a single IP, the attacker’s IP gets blocked directly.
- Similarly, in the “Medium” mode if there are 5-10 attacks that are performed from a single IP, the attacker’s IP gets blocked for 100-300 minutes.
- Whereas in the “Low” mode, if there are 2-5 attacks from the IP, their IP gets blocked for 10-15 minutes.
Hence, the Security level decides the blocking duration. Each WAF rule also has an impact score attached to it. The Security levels have a threshold impact score on the basis of which it identifies and blocks threats.
For example, a basic SQL injection probing such as xyz.com?s=1’ has an impact score of 15, then in ‘low’ mode, the request may not be blocked, whereas in the ‘High’ mode an impact score of 15 is huge and the attacker’s IP gets blocked.
In case of any further queries, you can reach out to us through the support tab in your dashboard. We’ll be happy to help! 🙂