In case the EVENT_WR-Y-attack-600 warning (Possible attack - {NUM} blocked requests within {NUM} seconds)
appears frequently, this can have the following causes:
- Possible attack against applications. Check if the requests are coming from the same IP address.
- Missing exception configuration for parameters.
This event is generated when 5 or more requests are blocked within 2 minutes due to filter rules.
The frequency and number of the log messages required for the event to be generated can be customized. See Customizing events for more information.