IntruderIPAttempts

Minimum version required

This directive requires EZproxy 3.6c GA (2006-03-10) or later. This directive replaced the IntruderAttempts and IntruderTimeout directives.

Overview

IntruderIPAttempts is a position-independent config.txt/ezproxy.cfg directive that typically appears toward the top. This directive is used to enable intruder detection based on source IP address to enhance EZproxy security.

Sample Usage

IntruderIPAttempts -interval=5 -expires=15 20


In this example, if someone tries to log in to EZproxy with invalid information more than 20 times within a 5 minute interval from the same IP address, EZproxy will start evading further login attempts and will note the intrusion attempt to messages.txt/ezproxy.msg. If 15 minutes pass with no further login attempts, EZproxy clears the intrusion status and allows users to log in from this IP address again.

IntruderIPAttempts -interval=5 -expires=15 -reject=100 20


This example extends the first by adding a rejection level. In this example, if the number of attempts from an IP address reaches 100 within the 5 minute interval, the IP address will be treated as a RejectIP addresses, blocking further access from that address. Unlike the intrusion level, when the rejection level is reached, the restriction does not clear automatically but rather must be manually cleared from the /admin EZproxy administration page option to view and clear intrusion attempts.

Advanced Example

An example of how to combine all of the security features of EZproxy appears at Securing Your EZproxy Server .

See also

Audit IntruderUserAttempts RejectIP