Context

After having detecting and mitigating a automation request with Bot Defense, Malicious User (MU) can prevent any further automation request from the same User Identifier. The benefit is that MU doesn't charge mitigated requests but Bot Defense does. Bot Defense can be enabled per PATH, for example the /login page. MU is enabled per LB.

Ask
Could you add the ability to enable Malicious User per PATH?
Or disable Malicious User per PATH (inverse match)?

Benefit
- Have two defense lines with the same scope.
- Have MU Threat map to track Bot locations