LogoLogo
  • Welcome
  • Landing in Transparent Edge
  • Sign up process
  • Getting Started
    • Basics concepts
      • Glosary
        • API
        • Brotli Compression
        • Cache-Control
        • Cache key
        • Caching
        • CNAME
        • Cloud Computing
        • Cloud Computing Architecture
        • Cloud Services
        • DASH
        • Data Center
        • Edge Server
        • ETag
        • GSLB
        • HLS (HTTP Live Streaming)
        • HTTP/2
        • Infrastructure as a Service (IaaS)
        • Internet Exchange Point
        • Last-Modified
        • Load Balancing
        • MultiCDN
        • NoSQL (not only SQL)
        • Origin
        • Origin Shield
        • OTT (Over The Top)
        • Platform as a Service (PaaS)
        • PoP (Point of Presence)
        • Private CDN
        • Private Cloud
        • Public Cloud
        • Purge
        • Query String
        • Reverse Proxy
        • RTT (Round-trip Time)
        • SaaS (Software as a Service)
        • SDS (Software Defined Storage)
        • Smooth Streaming
        • Status Code
        • TCP (Transmission Control Protocol)
        • TLS Acceleration
        • TLS (Transport Layer Security)
        • TTFB (Time-to-first-byte)
        • TTL (Time-to-live)
        • Virtual Machine
        • VPS (Virtual Private Server)
        • Web Services
      • Let's start at the beginning
      • Things to consider
      • Houston, we have a problem
      • HTTP, How does it work?
      • Invalidating methods
      • DNS Pointing
      • Log formats
      • Predefined headers
      • Default headers
        • geo_country_code
        • X-Device
        • Vary
        • Cache headers
        • Age
        • TP-Cache
        • True-Client-IP and X-Forwarded-For
      • Forcing No-Cache
      • Architecture
        • Transparent Edge’s IP addresses
        • Locations and PoP
        • Cache layers
      • Cache effectiveness
      • SSL
      • HTTP 5xx Error Codes
      • Features
        • Protection against origin failures
        • Rate Limit
        • Geolocation and geoblocking
        • Prefechting
        • Refetching
        • Fast purging
        • HTTP Redirects
        • Caching static vs. dynamic objects
        • Rewriting of headers
        • Device detection
    • Dashboard
      • Historic
      • Analytics
      • Invalidating content
      • Content invalidation by tags
      • Prefetching Cache
      • Log shipping
      • Provisioning
        • Initial configuration
        • Backends
        • Sites
        • Configuration deployments
        • Network ACLs
        • TLS/SSL Certificates
      • User management
  • Configuration
    • VCL Reference
      • Default Functions
      • VCL Objects
      • Callable Functions
      • Security restrictions
      • Varnish book
    • Network Access Control List
      • Initial configuration
      • Auto generated lists
      • Manage lists via API
    • i3
      • Quality adjustment
      • Cache timing allocation for transformed images
      • Conversion to grayscale
      • Conversion to WebP
      • Blurring
      • Inclusion of graphics in the footer (strip)
      • Automatic resizing
      • Definition of the maximum size (content-length)
    • Transcoding
      • Relaunch or requeue jobs
      • Create a transcode job
      • Get job information
      • Dashboard usage
    • OpenAPI de TransparentCDN
  • Security
    • HTTPS
    • Blocking User-Agent
    • Blocking by IP Address
    • Blocking Requests Geographically
    • Avoiding Hotlinking
    • Bot Mitigation
    • WAF
      • Configuration
      • CAPTCHA
      • Content protected by token
      • Rate limit
    • Anomaly Detection
      • Detection Types
      • Automatic Reactions
      • Detection History
    • Under attack mode
    • Global Whitelists
  • Integrations
    • Wordpress plugin
    • Google Cloud Platform
    • Amazon Web Services
  • GUIDES AND TUTORIALS
    • How to do things
    • Edge Computing
      • ESI Tags
    • Acting on the Query String
    • Working with cookies
    • Making decisions based on HTTP headers
    • Web Application Gateway
    • Configure your servers to send cache headers
    • Caching a version per device
    • True-Client-IP in the origin
    • A/B Testing
    • Routing traffic to different backends
    • JSON Web Tokens
    • Debug codes
    • Streaming logs
    • API
      • Authentication
      • Invalidation
Powered by GitBook
On this page
  • Reactions Types
  • Reaction notification

Was this helpful?

Export as PDF
  1. Security
  2. Anomaly Detection

Automatic Reactions

PreviousDetection TypesNextDetection History

Last updated 3 months ago

Was this helpful?

The automatic reactions feature allows for a more agile response to a potential vulnerability or attack on your site, such as when you are experiencing a Distributed Denial of Service (DDoS) attack. To configure them, it will be necessary to define a condition based on a threshold. Once established, the reaction will trigger when the value entered in the threshold is exceeded.

Reactions can only be configured if you have previously set up monitoring for your site. Then you will find the 'Reactions' button in the site dropdown menu.

Once the automatic reactions modal is open, you can select the type of anomaly for which you want the reaction and define the threshold at which that reaction will occur.

Reactions Types

  • Block IP: If an IP is causing any anomaly, this reaction will block that IP and automatically include it in the blacklist.

  • Under attack mode: If the threshold set for the chosen anomaly is exceeded at any time, the 'Under Attack' mode will be activated.

  • Callback to URL: A call to the URL provided in the reaction will be made when the specified threshold is exceeded.

  • Email notification: Notifications will be sent via email to the specified email addresses. Only emails of company users can be entered.

  • Slack notification: A notification will be sent to any Slack-compatible chat system. You just need to enter the webhook address and the channel where you want to send the notification.

  • Captcha: If an IP is causing any anomaly, this reaction will force a captcha to be performed for every request from that IP and automatically include it in the captcha list.

  • JS Challenge: If an IP is causing any anomaly, this reaction will force a js challenge to be performed for every request from that IP and automatically include it in the js-challenge list.

  • Add to list: If an IP is causing any anomaly, this reaction will include that IP to any of the network ACL lists specified in the configuration

Reaction notification

When the Email Notification Reaction is enabled, all designated users will receive detailed information about detections based on the monitoring system that was triggered. Additionally, if other reactions are activated, they will also be included in the email notification.

  • Requests per Minute Threshold: The reaction will be triggered if the number of requests per minute from an IP address exceeds the predefined threshold value.

  • Total Requests Threshold: The reaction will also be triggered if the total number of requests from an IP address during the detection period exceeds 2.5 times the threshold value.

For the type, reactions that involve actions against IP addresses (such as Block IP, Captcha, JS Challenge, or Add to List), will be executed based on the following two parameters:

Remember that to receive alert notifications, you must activate them in your .

notification panel
Crawler IPs detection
Creation of new reactions