Protect my Login on a subdomain not working

Website, Application, Performance Security
1

Hello

I try to configure the rate limiting to protect my login page but I should do it wrong as I’m never blocked.
It’s supposed to be blocking a URL like : https://demo.mywebsite.com/site/login
I checked the DNS zone and the “demo” A type seems to be properly configured (there is no CName configure, I don’t if it should)

I configured 2 rules : 1 is the standard “Protect my Login” form, the other was limiting 10 request within 1 minute. None of them ever blocked me.

Any ideas ?
Thanks!

Laurent

2

I just tried to log into your https://demo.mywebsite.com/site/login equivalent and after the 10th failed login attempt I was given the error below:

12
121846×444 44.6 KB

Right now, your rules apply to a specific URL, do they need to apply to a path?

login
or login*

3

Thanks cscharff, yes it’s was working after a while, I guess it was DNS propagation or something :slight_smile:

Now I have an additionnal questions: how can I configure protection for more sub-domains ? Is there a way to have more than 3 Rate limiting rules ?

4

Sorry, I just noticed you already replied to this new question actually :slight_smile:
I discovered you can use wildcard in your path, so I tried *.mydomain.com/site/login and it’s working now on all my subdomain. Great :slight_smile:

1 Like
5

This topic was automatically closed after 14 days. New replies are no longer allowed.