The three most valuable features that I noticed are the geo-localization of the user, the IP reputation, and the compartmental analysis. When browsing the website, the WAF can follow all of the activities of a user and continuously adjust the rate. If a user is identified as an attacker then the WAF is able to send a captcha or a two-factor authentication key to the user to solve. If answered correctly then the user can continue surfing on the website. Otherwise, they can be temporally or permanently blocked, depending on the granularity setting.