Using brute-force protection in APM to aid against directory harvesting attacks

Hi,

 

I am investigating using brute-force protection on a forgotten password page of an application to aid in preventing brute-force attacks for a short-term period until the system is modified. I started configuring this on my lab, however, it appears that I need to set the relevant page up as a login page, with specific parameters. This page is not a login page as such, and I don’t want to treat it like this in the APM. What I really want to just do is to say that if a specific IP address access the page over a set number of times within a given period, block access to the page for a set time.

 

 

Is this possible?

 

Thanks.

 

Andrew.