wso2-api-managerwso2ibm-api-managementapim

Brute Force in WSO2 carbon

How can prevent wso2 carbon or publisher or store Brute Force??

for example have a captcha or have maximum try for example lock user for 5 fault try

or any thing can prevent Brute Force? I use free wso2 and I don't have WUM , ...

Solution

  • You can lock an account based on the following use cases.

    1. Account locking by failed login attempts
    2. Account locking by an administrative user

    Please refer https://apim.docs.wso2.com/en/latest/install-and-setup/setup/security/user-account-management/#account-locking for more details