Deceive attackers attempting account takeovers
To help defend your web applications from Account Takeover (ATO) attacks (e.g., credential stuffing), you can now add rules that use the new Deception action and the Invalid Login Response deception type. When the Next-Gen WAF identifies POST requests to login forms that match these rules, the WAF prevents the requests from accessing your origin and returns an invalid credentials page. This response tricks attackers into believing their attack failed due to incorrect credentials, when in reality the WAF actually blocked them. The deception response discourages attackers from continuing their account takeover attempts to save resources and time.
To use the deception action you must be on the Premier platform and have an Edge WAF deployment.
