Protect my login

Hello,

I’ve enabled rate limiting for pro account.With this option enabled I see “Protect my login” as a feature… I did added my login url in the box that pops up once one clicks “Protect my login” and saved config… Nothing happens when I go over 5 requests to login from same ip… I do have other features enabled in the firewall, page rule tabs and I’m thinking that I have some conflicts. Any suggestions where to look or how to make it work? Thanks.

It’s quite possible you’re testing from a whitelisted IP address. If you posted the URL, we can test it.

https://ro.exchange/signin

If you use the generic “Protect My Login” feature, it is only looking for POST requests. If those hits are GET requests, this feature won’t work. You would need to create a custom rate limiting rule. Granted, it’s limited in how long it tracks hits (per 1 minute max), but it will block GET requests.

How fast are the custom rate rules propagating? Thanks.

The custom rate limiting rule works for GET requests…Should I enable the generic “Protect my login” for POST requests? Any conflicts possible having them both enabled? Thanks.

If you’re allowed more than one rate limiting rule, then both would be good.

This topic was automatically closed after 30 days. New replies are no longer allowed.