Patrick_Legault
Apr 07, 2016Nimbostratus
Anomaly Detection : Brute Force Attack Prevention - not authorizing login page properly
Hello i have a brute force detection configuration but it always fails no matter what i do or try even if i use a valid login like the response bellow which was supposed to PASS
i get this error: Brute Force: Maximum login attempts are exceeded
here is some info
under login page property:
Expected HTTP response status code: 302
Expected validation header name and value (for example, Location header): loginSuccessKey LoginSuccess
HTTP Request:
POST /selectThirdParty.do HTTP/1.1
Host: 192.168.86.201
Connection: keep-alive
Content-Length: 35
Cache-Control: max-age=0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Origin: https://192.168.86.201
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.110 Safari/537.36
Content-Type: application/x-www-form-urlencoded
Referer: https://192.168.86.201/login.do
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.8
Cookie: loginFailure_u110251489=2|1460051387665; loginFailure_u110251488=6|1460051394931; SuccessLogin=root;
X-Forwarded-For: 192.168.254.10
HTTP Response:
HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.4; JBoss-4.2.1.GA (build: SVNTag=JBoss_4_2_1_GA date=200707131605)/Tomcat-5.5
loginSuccessKey: LoginSuccess
Set-Cookie: SuccessLogin=root
Location: https://192.168.86.201/welcome.do?action=entryPoint
Content-Type: text/html;charset=UTF-8
Content-Length: 0
Date: Thu, 07 Apr 2016 18:25:50 GMT
Strict-Transport-Security: max-age= 31536000
X-FRAME-OPTIONS: SAMEORIGIN
Whatever i do, the brute force detection kicks-in and generate an event would you happen to have any ideas or solutions to help me fix it? been at this issue sice last 2 days 😞