Wallarm nodes can operate in detection only (aka monitoring) or blocking modes. With a recent change in UI, every malicious request from the traffic is displayed with an explicit status detailing whether it was blocked or reached the application. Designed to be especially helpful for teams using individual modes for different applications and APIs.

With previous console versions, teams had to pay attention to each status code returned to the client. A 403 was the default status code if an incoming request was blocked by Wallarm node. Now, an explicit status of whether a malicious request was blocked is shown in the console. The same data is provided for attacks (groups of malicious request related to each other).