PricingGet started

← Docs

Managing your site

Security & threats

The Security tab shows what's being kept away from your site and what's being watched. It's honest about the difference between the two — some layers actively block, one only monitors — so you always know exactly what protection you have.

Security tab showing threats blocked, a bots-vs-humans split, the firewall in monitoring mode, and recently blocked IPs
The Security tab — IPs banned at the edge, your bot-vs-human split, and the firewall watching every request.

The strongest layer is a real block. CrowdSec bans abusive IP addresses at the network layer — an address caught behaving badly (credential-stuffing, hammering login, scanning for exploits) is dropped before its requests reach your site at all. The tab shows the active-ban count, labelled platform-wide because the protection is shared across everyone on Belov Cloud, alongside a list of recently-blocked IPs with the country each came from.

The web-application firewall monitors — it does not auto-block
The OWASP Core Rule Set runs in monitoring mode (DetectionOnly) by default. It inspects requests for web-application attack patterns — SQL injection, cross-site scripting, path traversal — and flags anything suspicious so you can see it, but it does not block those requests on its own. It watches and surfaces; it does not stand in the way. Read the flagged items as signals to investigate, not as attacks that were already stopped.
  1. Open the Security tab
    On the site, click Security. The active-ban count and recently-blocked IPs are the first thing you see.
  2. Read the CrowdSec bans
    These are real network-layer blocks. The count is platform-wide; the recent list shows individual IPs with their country, so you can see who's being turned away right now.
  3. Review what the firewall flagged
    The OWASP rule set lists requests that matched an attack pattern. Remember these were flagged, not blocked — they're a heads-up about what's probing your site, worth watching but not proof of a breach.
  4. Check the bot-vs-human split
    An estimate of how much of your traffic looks automated versus human. It's a heuristic read of the User-Agent each request sent — a useful signal for spotting a bot wave, not a definitive identity check.
Attack traffic is shed before it's billed
DDoS and edge shielding absorb and drop large-scale attack traffic out at the edge, before it reaches your origin — and before it's ever counted toward your bill. A flood that would knock a normal host over is soaked up upstream, so a DDoS attempt costs you nothing and mostly never reaches your site.

← All guides