"HTTP- Brute search attempt" attack with "accepted" action
hedyeh last edited by
i defined a policy for “HTTP- Brute search attempt” with “close client” action. traffic match with this policy (i can see the log in the log viewer) but for many connections match with this rule, logs shows the “accepted” action instead of “close client” . it seems “close client” action apply randomly.
i’m not sure it’s because of screenos (my device is ISG2000+IDP) bug or some miss configuration.