Does Brute-force block ends active user session from the same IP

Hi,

I’m interesting in one security check case related to brute-force protection : if user was blocked at one specific IP address, should active session from the same IP be ended\blocked?
Or brute-force block will not allow user only to login again without blocking active sessions?

Thanks in advice!

Hi, thanks for reaching out. Currently when Brute Force protection (10 failed logins) is triggered only future logins from that specific IP are affected. No existing sessions are ended with how the feature works currently.

See here: Brute-Force Protection

Hey,

Is it possible to block the user for all IP’s instead only one IP?
I see that the blocked_for field in the raw JSON has IP.
Can we put a regex or * in the IP filed using a custom rule to block the user completely from further logins?

"verify_email": false,
"last_ip": "*.*.*.*",
"last_login": "2020-06-03",
"logins_count": 1,
"blocked_for": [
    {
        "identifier": "tetingaccount@gmail.com",
        "connection": "LOGIN-DATABASE",
        "ip": "123.123.123.123"
    }
],
"guardian_authenticators": []

}

I have the same question, did you ever find if it is possible to block a user for all IPs?

Looks like it’s not supported.

@auth0auth @anton-chirkov actually I think they recently released a setting for this, under Security → Attack Protection → Brute-force Protection there is now an option for account lockout which will block the account regardless of IP address if the brute force protection is triggered.

2 Likes

Did you have a fix on this issue? I am facing the same issue last time but no response from anyone. And I am still searching for some proper solution.

official rapidfs