Brute Force Protection

against brute force attacks, you can restrict user authentication attempts on http proxy with the following parameters http proxy max failed logins http proxy max failed login wait seconds you must set the above parameters with the desired values under the u01/http proxy/conf/http proxy properties file the values you assign determine when and for how long the ip address will be blocked if authentication attempts from the same ip address fail http proxy max failed logins maximum number of failed login attempts to block the client ip the client can try to authenticate again after http proxy max failed login wait seconds elapse defaults to 10 http proxy max failed login wait seconds duration in seconds to wait before retrying login after the http proxy max failed logins value is reached defaults to 600 seconds (10 minutes) http proxy max requests per second you can determine how many requests can be made per second from the same ip address value <= 0 means no limit defaults to 0 http proxy max requests action you can determine the http proxy action after the maximum request limit is exceeded with this parameter as follows o wait pages will be loaded gradually whenever an available request slot is found from http proxy max requests per second it might slow down the page’s loading time, but the pages will load eventually this might be useful in limiting the bandwidth to be used per ip o block block is the default value pages will stop loading immediately as soon as the http proxy max requests per second threshold is reached this may cause the page to be partially loaded