I was wondering if there is a way to prevent DOS from one rouge client IP.
For example, if I set up a script to keep entering wrong credentials into a SM protected application for say 200-300 times within a minute or two.
Is there any way to detect this at the webagent layer and stop it?
Or will it have to be done at the network layer?
I believe you are referring to (DDoS)
Denial-of-service attack - Wikipedia, the free encyclopedia
If that the case, Siteminder has no way to prevent it from happen. SM cannot stop end users from submitting credentials. This need to be control via the network latyer (ie: firewall, switches) to act as the first guard to prevent the request hit the server.
Hope this helps.
That's what I thought. I was wondering if we can do some flimsy line of defense in the FCC.
However, you can make use of the existing .loginfcc @smretries. This parameter specify how many times user can try to submit the credentials.
For example, if you specify
This means end user can retry two times for the credentials submit. Once it exceed, it will show message as per in login.unauth
Your credentials are not valid for <Target resource>
Please contact your Security Administrator or Help Desk.
Does it serve your objective?
If the web server is IIS, check following if the IIS module helps to achieve your request.
IIS 8.0 Dynamic IP Address Restrictions : The Official Microsoft IIS Site
For Apche, you can check this module.
mod_evasive on Apache - Linode Guides & Tutorials
I think the web server should take a leading role to prevent the DDoS but not web agent.