Secret Server Cloud: UK - Access Denied when accessing SSC

Incident Overview 

On Monday, March 16, 2026, customers hosted on the Delinea Secret Server Cloud (SSC) UK cluster experienced a service disruption that prevented access to the SecretServer endpoint. The Delinea WAF blocked inbound traffic to the affected endpoint as an automated protective response after regional traffic volumes exceeded predefined DDoS threshold limits. 

• Start Time: February 16, 2026 – 10:03 UTC 

• End Time: February 16, 2026 – 10:57 UTC 

Root Cause 

The incident was caused by abnormally high traffic generated by a single customer Secret Server engine, which exceeded predefined DDoS protection threshold limits in the UK region. 

Key contributing factor: 

• Engine request spike: Traffic from secret-server-engines increased dramatically from a typical baseline of fewer than 100 calls to approximately 27,000 calls, triggering automated DDoS protection mechanisms. 

Preventive Actions 

• The UK site DDoS threshold was temporarily increased to 4500, allowing legitimate but abnormal traffic patterns to be handled while ensuring continued regional protection. 

• Enhance monitoring to identify sharp, customer-specific engine call spikes.