BRUTE FORCE ATTACK
Brute Force Attack Policy Settings
[POLICY] > (Select Domain Group) > [SET POLICY] > URL POLICY > (Select URL) > [BRUTE FORCE ATTACK]
This policy detects and responds to automated attacks (Brute-Force) that send an abnormally large number of requests to a specific page within a short period. It is effective in blocking acts such as random password guessing on login pages or unauthorized crawling attempts to map the website structure.
DeepFinder automatically blocks access from the corresponding client (IP) for a certain period when excessive requests exceeding the configured threshold are detected.
How to Configure: 1. Select the URL to protect (e.g., login page) from the 'Policy URL List' on the left. 2. Select [BRUTE FORCE ATTACK] from the tab menu on the top right. 3. Enter the monitoring duration (Collection Time), allowed number of requests (Collection Count), and block duration (Connection Block Time). 4. Select the action and click [SAVE] to activate the policy.
| Item | Description |
|---|---|
| Collection Time (sec) | Sets the reference time (seconds) to count the number of requests. (Default: 0) |
| Collection Count | Sets the maximum allowable number of requests (threshold) during the set 'Collection Time'. |
| Connection Block Time (sec) | Sets the duration to block access from the client if detected as an attack. • The unit is applied in 'Minutes'. • Maximum input is 6000 minutes. (Default: 0) |
| ACTION | Select the action to take upon threshold violation (Brute-force attempt). • NONE: Does not apply the policy. • DENY: Immediately blocks the session and disallows access for the set 'Connection Block Time'. • DETECT: Records a detection log only and allows access. |
| LOG TYPE | Select the detail level of the log to be recorded upon detection. (NONE / LOW / FULL) |
Info
After changing settings, you must click the [SAVE] button on the top right for the policy to be applied to the system.