Hello,
We are using Symantec Endpoint Protection 12.1.6 on a Windows Server 2008 R2. This is an outward facing web server that runs our Ecomm websites. We use Cloudflare as a CDN which has an acceleration service named Railgun. The Railgun server resides on our network, not Cloudflare.
The way it works is the http request for our websites first go to Cloudflare, their edge servers forward the request to our Railgun server which is hosted on our network. The Railgun server forwards the request to our origin web server, described above. A hacker sends a request to one of our websites which goes to the Railgun server which then goes to the web server. Symantec blocks that request because it sees it as a hack attempt, this is good. Symantec then proceeds to block, for 10 minutes, any further requests that come from our Railgun server whether they are hack requests or legitimate requests. This blocks all traffic for any of our websites for 10 minutes, this is bad.
Is there a way to tell Symantec Endpoint Protection to continue to block those bad requests, from the Railgun server, but also not block the good/legit requests from the Railgun server for 10 minutes?
Any ideas are greatly appreciated.
Joe