put https://{hostname}/appsec/v1/configs//versions//security-policies//penalty-box
Modifies the penalty box settings for a security policy. When the penalty box is enabled for a policy, clients that trigger a WAF Deny action are placed in the penalty box. There, the action you select for penalty box (either Alert or Deny) continues to apply to any requests from that client for the next 10 minutes. Products: All.