The Security tab shows what's being kept away from your site and what's being watched. It's honest about the difference between the two — some layers actively block, one only monitors — so you always know exactly what protection you have.
The Security tab — IPs banned at the edge, your bot-vs-human split, and the firewall watching every request.
The strongest layer is a real block. CrowdSec bans abusive IP addresses at the network layer — an address caught behaving badly (credential-stuffing, hammering login, scanning for exploits) is dropped before its requests reach your site at all. The tab shows the active-ban count, labelled platform-wide because the protection is shared across everyone on Belov Cloud, alongside a list of recently-blocked IPs with the country each came from.
The web-application firewall monitors — it does not auto-block
The OWASP Core Rule Set runs in monitoring mode (DetectionOnly) by default. It inspects requests for web-application attack patterns — SQL injection, cross-site scripting, path traversal — and flags anything suspicious so you can see it, but it does not block those requests on its own. It watches and surfaces; it does not stand in the way. Read the flagged items as signals to investigate, not as attacks that were already stopped.
1
Open the Security tab
On the site, click Security. The active-ban count and recently-blocked IPs are the first thing you see.
2
Read the CrowdSec bans
These are real network-layer blocks. The count is platform-wide; the recent list shows individual IPs with their country, so you can see who's being turned away right now.
3
Review what the firewall flagged
The OWASP rule set lists requests that matched an attack pattern. Remember these were flagged, not blocked — they're a heads-up about what's probing your site, worth watching but not proof of a breach.
4
Check the bot-vs-human split
An estimate of how much of your traffic looks automated versus human. It's a heuristic read of the User-Agent each request sent — a useful signal for spotting a bot wave, not a definitive identity check.
Attack traffic is shed before it's billed
DDoS and edge shielding absorb and drop large-scale attack traffic out at the edge, before it reaches your origin — and before it's ever counted toward your bill. A flood that would knock a normal host over is soaked up upstream, so a DDoS attempt costs you nothing and mostly never reaches your site.