Attackers are evolving — rotating IPs, spreading abuse across multiple requests, and bypassing traditional defenses. In this environment, simply detecting attacks is not enough. Security teams need precise tools to stop attacks without breaking customer experiences.

With the introduction of session-based blocking, Wallarm gives customers surgical control over active attacks. This capability allows teams to terminate compromised API sessions in real time, even when attackers switch IPs or distribute activity, while keeping legitimate users unaffected.

Wallarm now offers three advanced options for active attack mitigation:

• Block Individual Requests — Instantly shut down malicious requests such as SQL injection, RCE, and path traversal exploits.
• Block IP Addresses — Eliminate abusive IPs proactively or reactively when needed.
• Block Compromised Sessions (New) — Target and terminate malicious sessions to neutralize sophisticated, multi-request API abuse.

Unlike traditional IP-based blocking, session-based blocking focuses on attacker behavior, not network location. It enables security teams to stop ongoing attacks with granular precision, preserving user experience while strengthening API defenses.

Users can enable API session blocking in their API Abuse Prevention profiles and in specific Mitigation Controls. 

You can read more about using session-based blocking in the Wallarm documentation.