Simplified configuration of bruteforce protection
It's now easier to configure protection against API abuse, bruteforce or dirbusting attacks. Use an updated interface of Triggers:
- The Bruteforce trigger defines classic bruteforce attack protection against specific URI based on the number of incoming requests.
- The Forced browsing trigger forced browsing attacks allows to protect your apps against dirbusting (based on application 404 response codes)
In the simplest case, it is enough to enter the URI when creating the trigger. Wallarm will collect statistics from all the distributed Wallarm nodes deployed across your whole infrastructure.
When required, you can also use regular expressions (for example. wildcard URLs) or specify specific request headers (such as cookies) using the advanced view. Read more in our documentation.
Note: There is no need to edit your existing rules. However, previous rules “Add forced browsing attack tag to requests”, “Add brute force attacks tag to requests” will no longer be visible in the Rules section.