Why are some threats detected and some blocked?

Created at:

Each site you add to Incapsula has its own action settings for when a threat is detected.

The available actions for the different threat detection rules are:

Alert Only, Block Request, Block User, Block IP and Do Nothing.

When Alert Only is selected you will only get a notification when a threat is detected.

Only rules that are configured with one of the block options will block a detected threat.


If you want to block the detected threats for a certain rule:

1)      Go to the site settings tab

2)      Click on WAF

3)      Set one of the block options as the desired action (if you don’t know which one to choose to go for the Block Request)


For additional information, see also: How Incapsula Handles Threats

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request


Powered by Zendesk