{{sidenavigation.sidenavigationExpandLabel}}
{{getMsg('Help_YouAreHere')}}: {{page.title}} {{page.title}}
{{$root.getMsg("downLoadHelpAsPdf")}} {{helpModel.downloadHelpPdfDataStatus}}

Web Server Defender

The Web Server Defender protects against DoS and account hacking using brute force. The following options are available:

Maximum sessions per address

Defines the maximum number of session an attacker can create within 30 minutes, before the address is being blocked. The HTTP status code 429 will be sent, once the address was blocked.

Each session - defined by a session cookie - consumes some memory on the server side, usually only a few kilobytes per session. An attacker could easily create an out of memory situation, paralyzing the server, without having a session limit set.

The session counter is reset after a server restart or saving the value 0.

Note: The check can be disabled by setting the value to 0.

  • Default value: 1000

Number of login errors without delay

Defines the number of login errors before a delay will be used to stop brute force attacks to find out a users password. The delay in seconds can be calculated using the following formula:

delayInSeconds = max(0, (X - N)²)

# X = number of failed login
# N = configured number of erroneous logins before delay

Note: A value that is less than 0 disables the delay behaviour

  • Default value: 10
i-net Clear Reports
This application uses cookies to allow login. By continuing to use this application, you agree to the use of cookies.


Help - Web Server Defender