Follow

Abusive Clients Report

The tutorial video below covers the same topics as this article.

The Abusive Clients Report in the Distil Networks Portal lists all malicious IP addresses targeting your API. You can group violations into categories, sort by the total number of malicious requests, and determine the highest offending IP addresses attempting to access your APIs. You can also blacklist or whitelist them using your access control list.  (ACL).  For more information on using your Access List to block specific organizations, check out our blog post on Dissecting the Dynamic Nature of IP Access Control Lists (ACL).

Accessing the Abusive Clients Report

Follow these steps to access the Abusive Clients report:

  1. Log in to the Distil Networks Portal.

  2. Click API Security on the banner menu.

  3. Click Reports on the left panel.

  4. Click Abusive Clients.

Reviewing the Abusive Clients Report

The Abusive Clients Report includes:

         

  • Date Filter (upper right corner) – Select a specific date range to view.
  • Violation Filter – Select a violation category from the dropdown menu: All Violation Categories, Blacklisted, Token Management, and Rate Limiting.

Click any of the following column headers to sort violations by that criterion:

        

  • Violation – Violation triggered by abusive requests.
  • Category – Category associated with the violation.
  • Total Requests – Total number of requests associated with the violation.

Top 5 Violations by No. of Requests – Shows a graphical representation of the top violations associated with abusive requests.

Top 10 IPs by Abusive Requests – Displays a tabular view of most abusive IP addresses targeting your APIs.

Select any record from the Summary of Violations table to single out IP addresses
that are most harmful to your APIs.

Blacklisting IPs via the Abusive Clients Report

Now that you have identified a troublesome IP address(es) from the Abusive Clients report, you can use Access Controls to blacklist them and stop future attempts:

  1. Click a violation record from the Summary of Violations table to open the Top 10 IPs by Abusive Requests table.

  2. Select an IP to open the Access Controls dialog box.
    NOTE: You can optionally select a Domain and Security Setting Rule to target a specific domain. Do not make a selection if you wish to blacklist the IP from all of your protected API domains.
  3. Click [Blacklist].
  4. Click Blacklist {IP}  to save the settings, thereby blacklisting the IP address from making future attempts.
    NOTE: You can also whitelist any IP address using the Access Controls options. Whitelisted IPs are never blocked, despite any traps they may trigger. This option can be especially useful to allow internal tool access, such as automation test tools, which can be mistaken as malicious bots. To do so, follow the steps above, but click [Whitelist] in step 2.
Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments