Hello
Do you plan to make a rule to block bruteforce requests to wp-login.php (wordpress) and /administrator (joomla)?
id “212100” COMODO WAF: Failed login attempt - this rule are logged only but does not lock.
And I would like to block requests?
Ok, we will try to block this requests. I’ll report back.
Highly appreciated. But it would require some sort of customizable number of logins from a single IP and as the pattern of this kind of attack is changing it would also be nice to have a limited number of domains that a single IP can access. Do you think this is doable at all?
Any news on this issue?