12/17/2012 by Andrew Hodgson
I am investigating using brute-force protection on a forgotten password page of an application to aid in preventing brute-force attacks for a short-term period until the system is modified. I started configuring this on my lab, however, it appears that I need to set the relevant page up as a login page, with specific parameters. This page is not a login page as such, and I don’t want to treat it like this in the APM. What I really want to just do is to say that if a specific IP address access the page over a set number of times within a given period, block access to the page for a set time.
Is this possible?