In case the EVENT_WR-Y-attack-600
warning (Possible attack - {NUM} blocked requests within {NUM} seconds) appears frequently, this can have the following causes:
- An attack against applications – are all requests coming from the same IP address?
- Missing exception configuration for parameters.
In this case, we do not recommend event adjustment, which could only suppress the symptoms instead of addressing the causes.