Query Users Blocked by Brute Force Protection Using the Management API

rueben.tiow · February 8, 2024, 11:47pm

Problem statement

This article explains how to query users blocked by brute force protection using the management API.

Solution

Users blocked by brute force protection do not have the blocked: true attribute, and therefore, it’s not possible to include these users by using such a filter as well.

To find users blocked by brute force, make a separate request for each user to the Get a user’s blocks endpoint.
- This endpoint will return a response like the following:

{"blocked_for":[{"identifier":"[user.email@domain.com](mailto:user.email@domain.com)","connection":"Username-Password-Authentication","ip":"1.2.3.4"}]}

Note: This will need to make a separate request for each user, so it will take a long time if you have a large number of users.

Another solution would be to set up a log stream with a third-party service.
- Filter for limit_wc events and make a record of blocked users.
- Also, check for ublkdu events so they can be removed once the block is released.
- The main drawback of this approach is it involves a lot more complexity and additional infrastructure.

Topic		Replies	Views
List of locked users Help api	6	2956	March 4, 2022
Find brute-force blocked users in User Management panel Feedback	3	1837	January 24, 2024
Get a list of users blocked by bruteforce Help anomaly-detection , blocked-account , block	4	5208	September 15, 2023
Get a List of Brute Force Blocked Users Knowledge Articles brute-force , blocked-user	1	1087	September 15, 2023
List of blocked users via API Help management-api , users	5	381	May 6, 2024

Query Users Blocked by Brute Force Protection Using the Management API

Problem statement

Solution

Related topics