How Incapsula Handles Threats

Created at:

Incapsula provides several alternatives for handling threats such as bad bots or SQL injection attacks.

Alert Only: Incapsula will issue an alert for every threat but will not block it. The alerts are visible in the Site Dashboard and in the Traffic tab under the Site Dashboard.

Block Request: Incapsula will block any request that poses a threat to your website and issue an alert.

Block User: Incapsula will block any user that attacked your website. The user will be blocked, starting from the first request that poses a threat.

Block IP: Incapsula will block any IP that attacked your website. The IP will be blocked for 10 minutes, starting from the first request that poses a threat. When an IP is blocked, Incapsula will also block the user to prevent the same user from executing attacks using other IPs.

Ignore: Incapsula will take no action when detecting a threat.


Note: The default threat handling behavior is set to Block Request

For more information: Web Protection - WAF Settings

Was this article helpful?
6 out of 6 found this helpful
Have more questions? Submit a request


  • Avatar

    How are you identifying individual users?

  • Avatar

    Many aspects of the user are involved, both passive as connection attributes and more dynamic as the client side environment.

    Users are tagged through a set of persistent identifiers. You can think of it as Cookies.

  • Avatar

    How long is a user blocked for?  Is that for 24 hours?

  • Avatar

    ... incapsula... folks are still waiting for answers to this... in fact 3 yrs

Powered by Zendesk