With a brute force prevention. How can you set the rate limit

In v12.1.0, you can enforce a brute force protection based on the deviceID which is more accurate than just the IP address.

 

In general, you have 3 settings to specify :

 

• Minimum Failed Login Attempts
• Failed Logins Attempts increased by
• Failed Login Attempts Rate reached

When the first condition and one of the second/third condition is met, the system detect an attack.

 

You also have "Source IP-Based Client-Side Integrity Defense" setting that inject a javascript on the client side to look for non-browser behavior if an IP address is detected as suspicious.

 

In v12.1.0, you can create an effective Brute force protection automatically. The system detects and mitigates brute force attacks based on statistical analysis of failed login attempts

 

In v12.1.0, you can enforce a brute force protection based on the deviceID which is more accurate than just the IP address.

 

In general, you have 3 settings to specify :

 

• Minimum Failed Login Attempts
• Failed Logins Attempts increased by
• Failed Login Attempts Rate reached

When the first condition and one of the second/third condition is met, the system detect an attack.

 

You also have "Source IP-Based Client-Side Integrity Defense" setting that inject a javascript on the client side to look for non-browser behavior if an IP address is detected as suspicious.

 

In v12.1.0, you can create an effective Brute force protection automatically. The system detects and mitigates brute force attacks based on statistical analysis of failed login attempts