In line with our mission to make it easier to manage Application Security, we have added the ability to remove a client that has been blocked and locked out of an application by its IP address or fingerprint as a Follow Up Action in the Violation Responses.

This is particularly useful if you have inadvertently triggered Brute Force or Bot Protection policies while testing your application security, without the need to open a support ticket asking the DevSecOps team to clear these on your behalf, which of course takes time to do.

To use this, you will find a new page Manage Locked Out Clients under the Violation Responses menu:

You can then see clients locked out by their IP address, by a fingerprint and also clients that are deemed to be suspicious. You can remove individual clients OR use the Clear all button.

As ever, if you have any questions or feedback on this new feature (or any aspect of WAF-as-a-Service), please let us know.