Mohamed_Lrhazi
Aug 10, 2019Altocumulus
Brute force protection for an API endpoint (no login page)?
Hello,
Configuring Brute force protection entails declaring the login page(s).. Is it possible to use this protection on a site where every page is a login page, in a sense? It's an API endpoint and each request includes http authentication header, and can succeed or fail based on the provided credentials.
Can the ASM track failures on such site? Any documentation or clues on how to go about it highly appreciated.
Thanks a lot.