Documentation

Alert Configuration

Set per-domain attack alert thresholds. Configure email notifications with cooldown periods.

1. How Alerts Work

CloShield monitors blocked request rates per domain. When blocked requests exceed your configured threshold within a time window, an email alert is sent. Alerts include: domain name, current block rate, top attacking IPs, top countries, timestamp.

2. Configuring Thresholds

Set per-domain in domain settings → Alerts tab. Parameters: threshold (blocked requests per minute), time window, cooldown period (minutes between alerts). Defaults: 100 blocked/min, 5-minute cooldown. Adjust based on your normal traffic patterns.

3. Cooldown Periods

Prevents alert fatigue. After an alert fires, no more alerts for that domain until cooldown expires. Default: 5 minutes. Adjustable from 1 to 60 minutes.

4. Email Notifications

Alerts sent to account email. Contains: attack summary, top 10 attacking IPs with countries, recommended actions. SMTP must be configured by admin for delivery.

Admin must configure SMTP settings for email delivery. Without SMTP, alerts are logged but not delivered.

5. Alert History

View past alerts in the dashboard. Filter by domain and date range. Each alert shows full context including IPs and resolution.