Jump to content
Welcome to our new Citrix community!

nFactor Max Login Attempts


Recommended Posts

Is there a feature with Netscaler that could block an IP after a X number of failed login attempts ? I could set this on the gateway virtual server by configuring Max Login Attempts and Failed Login Timeout but it seems it's not effective with nFactor authentication configured.

 

I would like to prevent some kind of brute force, my first factor is only username then group extraction and I don't want someone to be able to guess some usernames by just brute forcing this field, and thereby also by blocking too many requests to the page.

 

Any idea how ?

Link to comment
Share on other sites

I added a responder policy as Johannes suggested and unfortunately it works only when you try to load / refresh the page. If you enter random credentials in the field it doesn't block, I suppose because theme is rfwebui and page is not loaded when credentials are sent. Am I correct ?

 

Any idea how I could fix it ?

 

Thanks !

 

 

Link to comment
Share on other sites

4 hours ago, Philippe Marro1709155269 said:

I added a responder policy as Johannes suggested and unfortunately it works only when you try to load / refresh the page. If you enter random credentials in the field it doesn't block, I suppose because theme is rfwebui and page is not loaded when credentials are sent. Am I correct ?

 

Any idea how I could fix it ?

 

Thanks !

 

 

My trigger is the http post used during logon, so it gets triggered every time, someone posts to vpn/index.html

Link to comment
Share on other sites

  • 2 weeks later...
  • 3 months later...
  • 9 months later...

You can implement blocking for exceeded max logon attempts for particular user using POST parse, like:

 

add stream selector "USER LOGONS LIMITER" "http.req.body(http.req.content_length).typecats_list_t(\'&\').get(0).after_str(\"=\")"

add ns limitIdentifier  LOGON_LIMIT -threshold 3 -timeSlice 120000 -selectorName "USER LOGON LIMITER"

add responder policy LOGIN_LIMIT_POLICY "http.req.url.contains(\"doAuthentication.do\") && SYS.CHECK.LIMIT(\"LOGON_LIMIT\")" DROP 

 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...