fix: brute force docs #161
Conversation
✅ Deploy Preview will be available once build job completes!
|
Co-authored-by: Alan Dooley <a.dooley@f5.com>
Co-authored-by: Alan Dooley <a.dooley@f5.com>
Co-authored-by: Alan Dooley <a.dooley@f5.com>
Co-authored-by: Alan Dooley <a.dooley@f5.com>
Co-authored-by: Alan Dooley <a.dooley@f5.com>
Co-authored-by: Alan Dooley <a.dooley@f5.com>
| @@ -655,15 +655,43 @@ claims['address'] = "{ \"address\": { .... } }" # JSON structs can be accessed u | |||
|
|
|||
| ### Overview | |||
|
|
|||
| Brute force attacks are attempts to break in to secured areas of a web application by trying exhaustive, | |||
| Brute force attacks are attempts to break in to secured areas of a web application by trying exhaustive, | |||
| with enforced brute force protection. When brute force patterns are detected, | ||
| the WAF policy considers it to be an attack if the failed logon rate increased significantly or | ||
| if failed logins reached a maximum threshold. | ||
| To prevent brute force attacks, NGINX App Protect WAF monitors IP addresses, usernames, and the number of failed login attempts beyond a maximum threshold. |
There was a problem hiding this comment.
"...and the number of failed login attempts per each one of them. Once the number of attempts crosses a configured maximum threshold, a brute force attack is assumed. (remove "beyond a maximum threshold").
| if failed logins reached a maximum threshold. | ||
| To prevent brute force attacks, NGINX App Protect WAF monitors IP addresses, usernames, and the number of failed login attempts beyond a maximum threshold. | ||
| When brute force patterns are detected, the NGINX App Protect WAF policy either trigger an alarm or block the attack if the failed | ||
| login attempts reached a maximum threshold for a specific username or coming from a specific IP address. |
There was a problem hiding this comment.
Replace "When brute force patterns...IP address" with:
"The detected brute force attack will trigger an alarm, that is, a violation reported in the security logs and may also block any further attempt to login, coming from the IP address that exceeded the login attempt threshold. Note that if it was the username that crossed the threshold then it will not be possible to block because you would not like to lock the legitimate username owner out of his account".
| ### Brute force policy example | ||
|
|
||
| Example1: A single brute force configuration is applied universally to all login pages. |
There was a problem hiding this comment.
Add: "If you configured more than one login page, then the attempts of the same source IP address or username across all the login pages are counted".
Proposed changes
Write a clear and concise description that helps reviewers understand the purpose and impact of your changes. Use the
following format:
Problem: Give a brief overview of the problem or feature being addressed.
Solution: Explain the approach you took to implement the solution, highlighting any significant design decisions or
considerations.
Testing: Describe any testing that you did.
Please focus on (optional): If you any specific areas where you would like reviewers to focus their attention or provide
specific feedback, add them here.
If this PR addresses an issue on GitHub, ensure that you link to it here:
Closes #ISSUE
Checklist
Before merging a pull request, run through this checklist and mark each as complete.
README.mdandCHANGELOG.md)Potentially sensitive changes include anything involving code, personally identify information (PII), live URLs or significant amounts of new or revised documentation.
Please refer to our style guide for guidance about placeholder content.