BRUTE FORCE LOGIN

Feature Value
Type Protection
Risk OWASP A2
Covered by Library

An attacker tries to guess a correct password, or the key which is typically created from the password, making a brute-force attack.

More information

How to solve it

Hdiv can be configured to allow a maximum number of requests to the login page at a given time. Once this number is exceeded, Hdiv registers the IP from which the requests were generated and blocks all subsequent requests that are made from that source.

Whenever necessary, it is possible to exclude a list of IPs with a whitelist on which the Brute Force Login protection will not take effect, allowing them to make all the requests to the login page that they wish.