I am trying to block ultrasurf proxy bypass software. I have added about 300 IP's to a list and it's continuing to work. It always tries to access a certain set of ip's when it open's up.
I would like to create a rule that will block a client for x number of minutes if they try to access these ip's. Is there a way to make a rule that does this?
Sure this is possible.
Count any request to one of this IPs in a local PDs Variable.
if this number exceeds a threshold block the connection for the client using blockingsession. There you can define how long the client will be blocked.
You may define a blocking page to explain why the client is blocked.
In such case set the PDs Variables counter to zero.