Forum Discussion
MR.Freddy,
I'm not sure you can with the Login Page configuration by default, and I haven't got up to date versions available to check if things have changed. However, I have seen this work in older versions using Data Guard. I wish I had the details to share more fully but here's an overview, which may be enough, or something which other DCers can help with and chip in on.
Firstly, create a Data Guard configuration with a custom pattern of whatever is returned after a failed login i.e. when a user enters in an incorrect SSN Number. Enforce this on a URL, i.e. the logon page, again in the DG config. Enable the block for Data Guard in the violations list (or Alarm to test). This should block on each failed attempt.
To allow for 3 attempts we would need to do session tracking, set the Associated Violation to Data Guard, set a blocking period and then add an IP Address Threshold for 3. Also enable block (or alarm) for the violation around disallowed IP address.
See if this helps with your requirement, and please feedback. I must admit this was v10 or v11 about 5 years ago so forgive me for faded memory and out of date configuration advice on this one.
HTH,
N
Hello Nathe,
Thank you for your feedback.
I am agree with you for that and we was thinking for the same but actually we want to protect the login page from brute force attack as more attackers always trying to login with fake SSN number which will lead to service outage on the application.