Forum Discussion
NimbostratusAMS brute force protection Dynamic
Hi All,
I have problem with configuring AMS brute force protection on logon page on 11.6.0 HF5
I'm configuring clear ASM with checked "block" in "Brute Force: Maximum login attempts are exceeded" option and "Dynamic Brute Force Protection - Operation Mode alarm and block"
When I'm using browser "Session-based Brute Force Protection" works good.
When I'm using script to generate 10 curl requests per sec "Dynamic Brute Force Protection" not works even not logging suspicious requests
My configuration:
Do You have any idea what i doing wrong ?
3 Replies
Erik_NovakEmployee
Brute force protection requires the identification of a login page that you wish to protect. The brute force protection mechanism counts failed login attempts, not simply requests per second. Are your curl requests aimed at a login page? If not, try using web scraping bot detection. It sounds like that's what you are after.
- Erik_Novak
Actually, after re-reading your question, it sounds like you have identified a login page. There are a few settings for each login URL that need to be checked against your curl command. What authentication type are you using for the page? If there are parameters such as username and password, are those correctly placed inside curl? What access validation have you selected? Make sure that your access validation is getting triggered by the curl command.
Hi mherman31, Did you enable BF via Default profile or via profile for certain login URL? If "Default" do not forget to set "Brute Force Protection" checkbox explicitly.
Dynamic BF needs a bit time to detect attack and apply mitigation 10 requests may be not enough. So please continue sending failed login attempts a bit longer with RPS>3 to let Dyn BF detect attack and mitigate it.
