You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: content/nap-waf/v4/configuration-guide/configuration.md
+17-11Lines changed: 17 additions & 11 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -763,13 +763,15 @@ policy:
763
763
action:
764
764
Specifies action that is applied when defined threshold is reached.
765
765
- **alarm**: The system will log the login attempt.
766
-
- **alarm-and-blocking-page**: The system will log the login attempt, block the request and send the Blocking page.
766
+
- **alarm-and-blocking-page**: The system will log the login attempt,
767
+
block the request and send the Blocking page.
767
768
768
769
enabled:
769
770
When enabled, the system counts failed login attempts from IP Address.
770
771
771
772
threshold:
772
-
After configured threshold (number of failed login attempts from IP Address) defined action will be applied when a brute force attack will be detected.
773
+
After configured threshold (number of failed login attempts from IP Address)
774
+
defined action will be applied when a brute force attack will be detected.
773
775
774
776
loginAttemptsFromTheSameUser:
775
777
Specifies configuration for detecting brute force attacks for a specific username.
@@ -782,7 +784,8 @@ policy:
782
784
When enabled, the system counts failed login attempts for a specific username.
783
785
784
786
threshold:
785
-
After configured threshold (number of failed login attempts for a specific username) defined action will be applied when a brute force attack will be detected.
787
+
After configured threshold (number of failed login attempts for a specific username)
788
+
defined action will be applied when a brute force attack will be detected.
786
789
787
790
reEnableLoginAfter:
788
791
Defines prevention period (measured in seconds) for source-based brute force attacks.
@@ -791,13 +794,14 @@ policy:
791
794
Defines detection period (measured in seconds) for source-based brute force attacks.
792
795
793
796
login-pages:
794
-
A login page is a URL in a web application that requests must pass through to get to the authenticated URLs. Use login pages,
795
-
for example, to prevent forceful browsing of restricted parts of the web application, by defining access permissions for users.
796
-
Login pages also allow session tracking of user sessions.
797
+
A login page is a URL in a web application that requests must pass through to get to the authenticated URLs.
798
+
Use login pages, for example, to prevent forceful browsing of restricted parts of the web application,
799
+
by defining access permissions for users. Login pages also allow session tracking of user sessions.
797
800
798
801
accessValidation:
799
802
Access Validation define validation criteria for the login page response.
800
-
If you define more than one validation criteria, the response must meet all the criteria before the system allows the user to access the application login URL.
803
+
If you define more than one validation criteria,
804
+
the response must meet all the criteria before the system allows the user to access the application login URL.
801
805
802
806
authenticationType:
803
807
Authentication Type is method the web server uses to authenticate the login URL's credentials with a web user.
@@ -810,12 +814,14 @@ policy:
810
814
811
815
- **http-basic**: The user name and password are transmitted in Base64 and stored on the server in plain text.
812
816
813
-
- **http-digest**: The web server performs the authentication; user names and passwords are not transmitted over the network, nor are they stored in plain text.
817
+
- **http-digest**: The web server performs the authentication; user names and passwords
818
+
are not transmitted over the network, nor are they stored in plain text.
814
819
815
-
- **ntlm**: Microsoft LAN Manager authentication (also called Integrated Windows Authentication) does not transmit credentials in plain text,
816
-
but requires a continuous TCP connection between the server and client.
820
+
- **ntlm**: Microsoft LAN Manager authentication (also called Integrated Windows Authentication)
821
+
does not transmit credentials in plain text, but requires a continuous TCP connection between the server and client.
817
822
818
-
- **ajax-or-json-request**: The web server uses JSON and AJAX requests to authenticate users trying to access the web application through the login URL.
823
+
- **ajax-or-json-request**: The web server uses JSON and AJAX requests to authenticate users
824
+
trying to access the web application through the login URL.
819
825
For this option, you also need to type the name of the JSON element containing the user name and password.
0 commit comments