Hi Good Morning
Unfortunately, every environment have your particular issue. For those that don´t have the ATO license, I normally create A Manual Rate-Limit Rule on specific Login page, however, an motivated attacker can lower their rate and bypass your Rate-Limit. (That´s Why the ATO feature to me is a "must have"). the values of rate-limit depends in how many requests do you see per minute.
PS: I use the "exact" string on login endpoint, some customer here, use the same endpoint after logged in, if you use "contains" the counter is still running even a successful authentication causing unwanted blocks.
For API , be aware with OPTION method. they normally flood the Log because most devs don´t specify them on API Specifications. otherwise you can put the same filters above on TOKEN request/authentication. The secret is coordinate with customer to check the best approach of user logins/ some marketing campaign and a real situation of Brute Force.
You life will be more easier with ATO or even a well configured ABP.
If you can, add a 2FA
Regards
------------------------------
Roberto Junior
Technical User
ETEK Novared Brasil Ltda
São Paulo
------------------------------
Original Message:
Sent: 07-19-2023 15:20
From: osmar murillo
Subject: Best practices Policy Cloud Imperva
Hi everybody please would like to known some experience about the rules or policiy that must have for protection a portal login web and api.
#CloudWAF(formerlyIncapsula)
------------------------------
osmar murillo
Security TI
BOL - Banco Ganadero
Santa Cruz
------------------------------