The plugin redirects to the Joomla default error page if an attack is detected and this feature is enabled. If it´s disabled, the attacker gets the code in the Blocked IPs message field.
For example, suppose an attacker modifies the url “http://mysiteurl/” to “http://mysiteurl?page=../../../../../../../etc/ passwd” With this feature set to “Yes” and redirect options to “Joomla default error page”, we see something like this:
If redirect option is set to My own page, then the url below will be used to redirect the attacker:
If it´s set to “No”, the plugin drops the connection and the attacker gets the code of the Blocked IPs message: