TsgcWebSocketFirewall › Properties › ThreatScore
Per-IP cumulative risk score that auto-bans addresses once they cross AutoBanThreshold.
property ThreatScore: TsgcFirewallThreatScore read FThreatScoreCfg write SetThreatScore;—
Enable ThreatScore.Enabled to maintain a cumulative risk score for every remote IP. Each violation increases the score by the matching weight: WeightSQLInjection (30), WeightXSS (30), WeightBruteForce (25), WeightFlood (15), WeightRateLimit (10), WeightPathTraversal (25), WeightCommandInjection (35), WeightGeoIP (20) and WeightPayloadSize (15). The score decays by DecayPerHour points per hour of inactivity. Once an IP reaches AutoBanThreshold points it is automatically banned; if BanEscalation is enabled the ban duration is drawn from its Levels list, otherwise the default escalation applies. Current and updated scores are reported via OnThreatScoreChanged, and runtime access is available through ResetThreatScore. Defaults: AutoBanThreshold=80, DecayPerHour=5.
sgcWebSocketFirewall1.ThreatScore.Enabled := True;
sgcWebSocketFirewall1.ThreatScore.AutoBanThreshold := 80;
sgcWebSocketFirewall1.ThreatScore.DecayPerHour := 5;
sgcWebSocketFirewall1.ThreatScore.WeightSQLInjection := 40;
sgcWebSocketFirewall1.ThreatScore.WeightCommandInjection := 50;