"HTTP- Brute search attempt" attack with "accepted" action



  • Hi,
    i defined a policy for “HTTP- Brute search attempt” with “close client” action. traffic match with this policy (i can see the log in the log viewer) but for many connections match with this rule, logs shows the “accepted” action instead of “close client” .  it seems “close client” action apply randomly.
    i’m not sure it’s because of screenos (my device is ISG2000+IDP) bug or some miss configuration.

    thanks
    Hedyeh


 

20
Online

38.4k
Users

12.7k
Topics

44.5k
Posts