Incapsula provides several alternatives for handling threats such as bad bots or SQL injection attacks.
Alert Only: Incapsula will issue an alert for every threat but will not block it. The alerts are visible in the Site Dashboard and in the Traffic tab under the Site Dashboard.
Block Request: Incapsula will block any request that poses a threat to your website and issue an alert.
Block User: Incapsula will block any user that attacked your website. The user will be blocked, starting from the first request that poses a threat.
Block IP: Incapsula will block any IP that attacked your website. The IP will be blocked for 10 minutes, starting from the first request that poses a threat. When an IP is blocked, Incapsula will also block the user to prevent the same user from executing attacks using other IPs.
Ignore: Incapsula will take no action when detecting a threat.
Note: The default threat handling behavior is set to Block Request.
For more information: Web Protection - WAF Settings