Apply rate limiting to login pages/portals

Question

Apply rate limiting to login pages/portals

Opened this issue 7 years ago · 0 comments

Draft CIS Benchmark 1.1.9

Description

Login pages should be rate limited to increase resiliency against brute force attempts. This is configured via the following parameters: limit_req limit_req_zone Can further be combined with either the default 'limit_req' and 'limit_req_zone' configurations, or have additional (further limited) values for these login portals

Rationale

Limits the rate of attack on forms that provide system logon capabilities

Remediation

None provided

Audit

None provided