Techniques are provided for blocking forgiveness in a system that mitigates distributed denial of service (DDoS) attacks on a network. A user's network address can be blocked as a result performing human behavior analysis on network resource request activity from the user's address. The system can block an address temporarily based on their behavior, classifying legitimate human users as a malicious attacker performing a DDoS attack. But subsequent behavioral analysis of network resource requests can identify that the user should not have been blocked. The system can automatically unblock the user's address, and allow further network resource requests. Previously blocked requests can also be unblocked. The number of infractions (e.g., action classified as malicious) can be tracked and compared to a threshold. If the number is less than the threshold, then that address is not blocked, thereby allowing forgiveness of a certain number of infractions.
展开▼