# Tracking Users with Zen Firewall

Zen Firewall by Aikido provides a way to identify and block users who are unwanted or trigger attacks, enhancing your app's security by preventing malicious activity.

### Use Cases <a href="#use-cases" id="use-cases"></a>

* 🔍 **Monitoring active users:** Track user activity to identify and respond to potential threats.
* 🛡️ **Block Malicious Users**: Prevent access from users who have triggered security events

### How to Identify Users <a href="#how-to-identify-and-block-users" id="how-to-identify-and-block-users"></a>

**Step 1:** Configure the Aikido middleware using the provided installation instructions.

{% content-ref url="/pages/XPYb4z9jJ7YgjpJ9DBmC" %}
[Installing Zen Firewall](/zen-firewall/zen-installation-instructions.md)
{% endcontent-ref %}

**Step 2:** Use the `setUser` function to specify the current user in your application's context.

Once set, Aikido will display all active users in the dashboard.

![User management dashboard showing user status and last activity for a demo app.](/files/Xf3NyOFxNPhydLI4Rqdy)

**Step 2:** Identify which user to block and open the Action menu by clicking the triple dots.

![User management table showing "Active" status with a menu option to block a user.](/files/URHMnh4sBMm3CsdGM1Js)

{% hint style="info" %}
Note that user blocking is not immediate; it takes up to a minute for the block to take effect.
{% endhint %}

## Features <a href="#privacy--gdpr" id="privacy--gdpr"></a>

<figure><img src="/files/tetn9J1jSZq3ZdYUzvuA" alt=""><figcaption></figcaption></figure>

### Block a User

You can permanently block a user from accessing your application by clicking on the actions menu of a User and using the "Block User" action.

### Remove Rate Limiting

Disable Rate limiting for a specific user by clicking on the actions menu of a User and using the "Disable Rate Limiting" action. This will disable **ALL** rate limits for this specific user.

## Privacy & GDPR <a href="#privacy--gdpr" id="privacy--gdpr"></a>

Passing the user's name is optional, but it can help you identify the user in the dashboard. You will be required to list Aikido Security as a subprocessor if you choose to share personal identifiable information (PII).


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://help.aikido.dev/zen-firewall/zen-features/blocking-users-with-zen-firewall.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.