Hi Kai_Wilke,
i guess it would be much easier to assign a 100 chars password to the sysadmin?
* it is not in our hand, we want to protect from brute force attacks from external, the sysadmin must be still available because for internal login.
You may either use a [HTTP::collect] or a stream profile based approach to either collect and parse or stream replace contents of the POST request destined to the login page.
* the login page is form based and it is a post request !
To help you with this, you would need to use the developer tools of your browser or HTTP-Proxies like Fiddler to understand the login process. You need to know where the POST request is send to, and which params are used to submit the username and password value. Its also crucial to understand if the username must be used case-sensitive, or if the username supports inCaSeSenSiTive formats too.
* it is a default from based auth, just like an outlook web access from based, the username must be used case-sensitive thats always the same with a default frorm based auth, sysadmin or Sysadmin has to be work !
* If the password it to heavy to change, how about the username ? If I will login vom external with the sysadmin then we change the username sysadmin to hansdampf an the login is not possible for the sysadmin and the systems is telling password or username is worng !
kind regards
(Edited by Leslie Hubertus to tag Kai)