Ability to Whitelist Internal IP Address against Brute Force Countermeasures

Service Center

As part of the brute-force countermeasures against IP attacks (https://success.outsystems.com/Documentation/10/Managing_the_Applications_Lifecycle/Secure_the_Applications/Protection_against_Brute_Force_Attacks), OutSystems displays the message "too many failed login attempts" if there are multiple failed authentication attempts from the same IP address (https://success.outsystems.com/Support/Enterprise_Customers/Troubleshooting/%E2%80%9CToo_many_failed_login_attempts%E2%80%9D_error).

This approach is great for external users where a wide range of IP addresses are used, but is overly restrictive for internal users who all use the same IP address to contact OutSystems. On a Monday morning after a good weekend, 10% of users have forgotten their password, and they then manage to block everyone else from accessing the system.

We need the functionality to be able to add internal IP addresses to a whitelist, so they are exempt from the brute-force detection in the Users module.

Created on 18 Jun 2018
Comments (1)

Changed the category to Service Center