Blocking known threat actors with Zen Firewall

Zen Firewall by Aikido helps you control access to your application based on known malicious actors and threats. This feature enhances your security measures by leveraging CrowdSec's comprehensive IP-based threat intelligence to block various types of malicious actors and activities. Unlike content or pattern-based blocking, this feature focuses solely on IP address lists for efficient and reliable traffic filtering.

Important: Actor blocking operates independently of the global Blocking/Detection Mode setting. When you enable actor blocks, they will always be enforced, even if Zen is in Detection Mode.

Use Cases

🛡️ Block Malicious Botnets: Prevent access from known botnet infrastructure
🔒 Stop Brute Force Attacks: Protect against credential stuffing and password attacks
⚔️ Prevent DoS Attacks: Block known HTTP DoS attackers
🚫 Reduce Exploitation Risk: Block traffic from known HTTP exploit actors
🕵️ Control Anonymous Access: Manage traffic from known proxy/VPN services
🔍 Prevent Scanning: Block reconnaissance from known internet scanners
🛑 WordPress Protection: Block known WordPress attackers

How to block known threat actors

Select a specific app and continue to the Firewall tab. Click the "Manage Threat Actors" next to "Block IPs used by known threat actors" to configure known threat actors blocking.

Use the Known Threat Actors dropdown to select the lists you want to enable and click on "Block Threat Actors"

Not all lists are available on all plans. Contact our support team if you have any questions about list availability for your subscription.

Note that threat actors blocking is not immediate; it takes up to a minute for the block to take effect.

Available threat actor lists

Botnet Actors
Bruteforce Attackers
HTTP DoS Attackers
HTTP Exploit Attackers
Proxy/VPN
Public Internet Scanners
WordPress Attackers

Blocking Bot traffic with Zen Firewall

Blocking traffic by country with Zen Firewall