Hi,

I’m a newbie and pardon my lack of knowledge.

I would like to ask about CWAF login pages bruteforce protection.
I’m mentioning about, Login to WHM–>Comodo WAF–>Userdata–>Login Pages:

Put your login scripts and pathes here. All of them would be protected by bruteforce protection rules.

wp-login.php
login.php
admin.php

I noticed that this protection seems like not working as the wp-login.php always get booted.
I had to resolve to installing a plugin to rename the login url to stop the attacks.
Unfortunately, I did not manage to capture the logs in time for me to provide here.

Is there any way for me to simulate the bruteforce attack and proof that the protection is actually working?
A detailed explanation is highly appreciated as I’m a newbie server-admin and my knowledge may be very limited.

I’m using:
CentOS 7
WHM
Apache

Thanks