Problem statement
There is a tenant log showing that a user has been blocked through Brute Force Attack Protection, however there are additional logs showing that this user has still been able to log in successfully.
Cause
If the Successful Login log entries for this user are showing a different IP Address than the log that indicated they have been blocked, the Account Lockout setting for Brute Force Protection is likely disabled.
In the Brute Force Protection settings page in the Dashboard, under Block Settings , check if the Account Lockout setting is enabled. If it is not, this will trigger blocks for the username irrespective of IP address.
Only when this setting is enabled and a user consecutively attempts and fails to login, future attempts to log in from that user from any IP address will be blocked. By default, the Account Lockout toggle is disabled.
Solution
To trigger blocks for the username irrespective of IP address:
- In the Dashboard, go to Attack Protection > Brute Force Protection.
- Under Block Settings, enable the Account Lockout setting.