Does Brute-force block ends active user session from the same IP

Hi,

I’m interesting in one security check case related to brute-force protection : if user was blocked at one specific IP address, should active session from the same IP be ended\blocked?
Or brute-force block will not allow user only to login again without blocking active sessions?

Thanks in advice!

Hi, thanks for reaching out. Currently when Brute Force protection (10 failed logins) is triggered only future logins from that specific IP are affected. No existing sessions are ended with how the feature works currently.

See here: https://auth0.com/docs/anomaly-detection/references/brute-force-protection-triggers-actions

Hey,

Is it possible to block the user for all IP’s instead only one IP?
I see that the blocked_for field in the raw JSON has IP.
Can we put a regex or * in the IP filed using a custom rule to block the user completely from further logins?

"verify_email": false,
"last_ip": "*.*.*.*",
"last_login": "2020-06-03",
"logins_count": 1,
"blocked_for": [
    {
        "identifier": "tetingaccount@gmail.com",
        "connection": "LOGIN-DATABASE",
        "ip": "123.123.123.123"
    }
],
"guardian_authenticators": []

}