Feature Suggestion: Header response key/value to trigger a "timeout" for requesting IP?

I noticed that many rules are available for “request” headers, but I don’t believe there are any filters for response headers. I know that we can use the API to create global allow/block rules, but I was wondering if the origin server could return a special response header that would result in a time-limited denial for a requesting IP address that causes abuse that is not caught by Edgio?

For example, a request that contained a Log4J exploit in the user agent slipped through the Edgio WAF. When we detect this, we can block based on the IP address, but we’ve discovered that IPv6 addresses often translated to an internal IPv4 EdgioIP instead of the actual end user’s IPv4 address. We don’t want to penalize Edgio, but would like to let Edgio know that the original requesting IP should be put on a temporary X-minute timeout and prevented from performing additional requests.

Without having to manually add rules or use the API, if a custom response header is returned by the origin server, set a timeout to that many seconds. Here’s a basic response header example for 10 minute penalty.

X-TemporaryDenyIP: 600

I am also evaluating v7, and I agree this would be a good feature.

Better yet customizable block page and customizable captcha page and/or js browser challenge selectable by header would be even better:

Sometime like
X-egdio-block-IP: 600
for IP block lasting 600 seconds

X-edgio-captcha-IP: 600
for catpcha, where a captcha would need to be passed otherwise all IPs are blocked with captcha page for 600 seconds

1 Like