I have set the dictionary attack filter to a setting of 2. I check the system log and see that it is actually working as advertised. I have several questions:
1. When I analyze the sys log and create an HTTP report, I see no mention of closed connections. Can these be added to the HTTP report?
2. Is the connection to the rejected IP address cached for any amount of time?
3. Can you get a list by IP number of the number of times a connection was closed?
4. Can the system be configured to add an IP to a real-time blacklist after so many closed connections?
Mike Odryna
