Use the Search IP Address report to dig deeper into offending IP addresses attempting to access your site. The report allows you to search for a specific IP address you may have seen in your web security logs and research additional information associated with the IP address, such as:
- Country of origin
- Name of violations
- Total violations
NOTE: This report does not search for IP addresses in your Bot Defense for API logs.
Use the data shown in this information to research specific reasons why a request triggered a violation. For example, the IP address 188.8.131.52 appears in your logs, and you can see Distil served the IP address with a CAPTCHA test while it was attempting to access a specific path for your domain (e.g., /ajax/bulklist). You can then search the IP address 184.108.40.206 in the Search by IP Address report and review specific reasons the CAPTCHA test was triggered, which helps you debug issues and/or tweak the strictness of threat policies.
Accessing the Search IP Address Report
Access the Search IP Address report by following the steps below:
- Log in to the Distil Portal.
- Select a domain from your Domain Dashboard.
- Click the Report dropdown menu, and then select Search IP Address.
Reviewing the Search IP Address Report
The Search IP Address report shows information regarding IP addresses having violations against your domains, including:
- Date Filter – Specific time range highlighted by the Search by IP report. Choose either Last 24 hours or Last 48 hours.
- Search – Search for a specific IP address found in your Bot Defense for Web security logs.
NOTE: This field does not search for IP addresses in your Bot Defense for API logs.
If the IP address has ever been associated with a violation against your domain, then the report shows the IP Address, Country, Organization, and Total Bad Requests.
If the IP address has a violation against your domain within the past 48 hours, then the report also shows the violations table.
NOTE: The violations table will not appear unless the IP address has been triggered a violation within the past 48 hours.
The violations table includes violation information, such as:
- Violation – The name of the violation.
- Count of Requests – Total number of requests associated with the violation.