Problem statement
This article explains how to query users blocked by brute force protection using the management API.
Solution
Users blocked by brute force protection do not have the blocked: true attribute, and therefore, it’s not possible to include these users by using such a filter as well.
- To find users blocked by brute force, make a separate request for each user to the Get a user’s blocks endpoint.
- This endpoint will return a response like the following:
{"blocked_for":[{"identifier":"[user.email@domain.com](mailto:user.email@domain.com)","connection":"Username-Password-Authentication","ip":"1.2.3.4"}]}
Note: This will need to make a separate request for each user, so it will take a long time if you have a large number of users.
- Another solution would be to set up a log stream with a third-party service.
- Filter for
limit_wcevents and make a record of blocked users. - Also, check for
ublkduevents so they can be removed once the block is released. - The main drawback of this approach is it involves a lot more complexity and additional infrastructure.
- Filter for