Forum Discussion
NimbostratusASM- Brute Force Mitigation Dynamic
Hello Aaron.
Have you enabled the clientside integrity defense checks in your prevention policy? These options do not perform rate limiting but only turns away non-browsers or bots.
Prevention policy methods do not engage simultaneously but in order as long as the attack continues. This could be why it is taking longer to reach the rate limiting options.
You could try removing the integrity check options and if this does not provide the consistency you are looking for please let us know the settings you are using.
NimbostratusHello Taunan,
Thanks for replyin.. I didnt enable the integrity defense options and what it have is "source-ip based" and "Url-based" rate limiting... the problem is when it started applying mitigation, it always doin "URL-based" as the top priority, but i thought it will do "source ip based" bcz thats the order.. also most of the time it did detects the attacks and capture in the bruteforce attack log & the log says prevention policy applied:--> "URL based mitigation" but no connection is dropped out /no ip's is in the ip list as well. The version am using is 11.6. dynamic Settings as below
Traffic Detection Criteria Minimum Failed login attempts5Per second Failed login Attempts Increased by500Per second Failed login attempt reached6Per second
suspicious Criteria (Per ip address) Failed Login attempts increased by500 Failed Login attempt rate reached1Per second
Prevention Policy Source Ip-based Rate LimitingTicked URL-based rate limitingTicked
Prevention Duration Unlimited
