Variable | Description | Default |
<brute-force-login_name> | Type the name of a new or existing brute force login attack sensor. The maximum length is 35 characters. To display a list of the existing sensor, type: edit ? | No default. |
severity {High | Medium | Low} | Select the severity level to use in logs and reports generated when a violation of the rule occurs. | High |
trigger <trigger-policy_name> | Type the name of the trigger to apply when this policy is violated (see “config log trigger-policy”). The maximum length is 35 characters. To display the list of existing trigger policies, type: set trigger ? | No default. |
access-limit-standalone-ip <rate_int> | Type the rate threshold for source IP addresses that are single clients. Request rates exceeding the threshold will cause the FortiWeb appliance to block additional requests for the length of the time in block-period <seconds_int>. The valid range is from 0 to 9,999,999,999,999,999,999. To disable the rate limit, type 0. | 1 |
access-limit-share-ip <rate_int> | Type the rate threshold for source IP addresses that are shared by multiple clients behind a network address translation (NAT) device such as a firewall or router. Request rates exceeding the threshold will cause the FortiWeb appliance to block additional requests for the length of the time in the block-period <seconds_int>. The valid range is from 0 to 9,999,999,999,999,999,999. To disable the rate limit, type 0. Note: Blocking a shared source IP address could block innocent clients that share the same source IP address with an offending client. In addition, the rate is a total rate for all clients that use the same source IP address. For these reasons, you should usually enter a greater value for this field than for access-limit-share-ip <rate_int>. | 1 |
block-period <seconds_int> | Type the length of time for which the FortiWeb appliance will block additional requests after a source IP address exceeds a rate threshold. The block period is shared by all clients whose traffic originates from the source IP address. The valid range is from 1 to 10,000 seconds. | 1 |
<entry_index> | Type the index number of the individual entry in the table. The valid range is from 1 to 9,999,999,999,999,999,999. | No default. |
host <allowed-hosts_name> | Type the name of a protected host that the Host: field of an HTTP request must be in order to match the sensor. The maximum length is 255 characters. This setting is applied only if host-status is enable. | No default. |
host-status {enable | disable} | Enable to require that the Host: field of the HTTP request match a protected hosts entry in order to be included in the brute force login attack sensor’s rate calculations. Also configure host <allowed-hosts_name>. | disable |
ip-port-enable {enable | disable} | Enable to apply the limit of login attempts specified by access-limit-standalone-ip or access-limit-share-ip per TCP/IP session. When the value is disable, the limit is applied per source IP. Tip: If you need to cover both possibilities, create two members. | disable |
request-file <url_str> | Type the literal URL, such as /login.php, that the HTTP request must match to be included in the brute force login attack sensor’s rate calculations. The URL must begin with a slash ( / ). Do not include the name of the web host, such as www.example.com, which is configured separately in host <allowed-hosts_name>. The maximum length is 255 characters. | No default. |