Query Users Blocked by Brute Force Protection Using the Management API

Problem statement

This article explains how to query users blocked by brute force protection using the management API.

Solution

Users blocked by brute force protection do not have the blocked: true attribute, and therefore, it’s not possible to include these users by using such a filter as well.

  • To find users blocked by brute force, make a separate request for each user to the Get a user’s blocks endpoint.
    • This endpoint will return a response like the following:
{"blocked_for":[{"identifier":"[user.email@domain.com](mailto:user.email@domain.com)","connection":"Username-Password-Authentication","ip":"1.2.3.4"}]}

Note: This will need to make a separate request for each user, so it will take a long time if you have a large number of users.

  • Another solution would be to set up a log stream with a third-party service.
    • Filter for limit_wc events and make a record of blocked users.
    • Also, check for ublkdu events so they can be removed once the block is released.
    • The main drawback of this approach is it involves a lot more complexity and additional infrastructure.