Dynamic IP Blocking settings

Applies to Identity Platform version 20.06 or later

Dynamic IP Blocking is a feature that protects your resources by blocking IP addresses from password spraying and other online password attacks. Password spraying is an attack that attempts to log in, using different usernames with a few commonly used passwords.

SecureAuth blocks the originating IP address after failed login attempts using different usernames for a specified amount of time. Instead of locking user accounts, it blocks login attempts coming from that IP address.

There are two parts to setting up Dynamic IP Blocking:

  • Use IP Filtering rule to set the length of time to block the IP address after a set number of failed attempts, and add allowed IP addresses. This setting applies to all policies.

  • Add the Dynamic IP Blocking rule in each policy.

  1. On the left side of the Identity Platform page, click IP Filtering.

    The settings you define here apply to all policies.

    60569228.png
  2. Set the length of time to block associated IP addresses after a specified number of failed login attempts. (The numbers in the line after the Block button are clickable links.) Options are:

    • Length of time – 12, 24, 36, 48, or 72 hours

    • Number of failed login attempts – 5, 10, 15, 20, and 25

  3. To allow certain IP addresses, click the Set IP addresses link and enter IP addresses, separated by a comma.

    IP addresses can only be in IPv4 format.

  4. Save your changes.

Next steps

Open a policy and go to the Blocking Rules tab and add Dynamic IP Blocking as a new rule.