limit source ip in fortiweb

Mostafa85 · ‎02-22-2025

Hi everyone,

We are currently using FortiWeb version 7.6.1, and we've noticed multiple requests coming from a specific source IP address in the traffic logs. All these requests are returning a 404 status code.

We have configured DoS protection, imposed limits on HTTP access, and set up a custom rule in the advanced protection settings to restrict these requests. However, it seems that these measures are not effective.

Could anyone provide guidance on how we can implement a rate-limiting rule to block requests from this IP address after 10 occurrences of a 404 response, and then enforce a block for 1 minute?

Thank you for your assistance!

AEK · ‎02-22-2025

Hi Mostafa

Use this page to check if the IP is bad bot.

https://www.fortiguard.com/services/botnet

If so then you can use bot mitigation or IP reputation to deny access to bad IP addresses.

Otherwise I personally don't know a method to block an IP after 10 occurrences of a 404 response.

AEK

Mostafa85 · ‎02-24-2025

Thank you for your response!

We have a published service, and we noticed that possible clients are receiving a 404 error code for their requests. We would like to implement a system to block a client ID if multiple erroneous requests are detected on our web service.

Any suggestions on how to best approach this?

shafiq23 · ‎02-25-2025

Hello @Mostafa85 ,

Would this meet your requirement? You may fine tune the occurrences accordingly.

Thanks.

Regards,

Shafiq

AEK · ‎02-25-2025

Nice! I don't know why but I always forget the power of custom policy.

AEK

limit source ip in fortiweb

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website