TsgcWebSocketFirewall › Properties › BruteForce
Tracks failed authentication attempts per IP and bans addresses that exceed a configurable threshold within a time window.
property BruteForce: TsgcFirewallBruteForce read FBruteForce write SetBruteForce;—
Set BruteForce.Enabled to True and call RegisterFailedAttempt from the server's authentication handler whenever credentials are rejected. When an IP accumulates more than MaxAttempts failures within TimeWindowSec seconds, the firewall bans it for BanDurationSec seconds and raises OnViolation with type fvBruteForce. If BanEscalation is enabled, the actual ban duration is derived from its Levels list instead of BanDurationSec. Defaults: MaxAttempts=5, TimeWindowSec=60, BanDurationSec=300.
sgcWebSocketFirewall1.BruteForce.Enabled := True;
sgcWebSocketFirewall1.BruteForce.MaxAttempts := 3;
sgcWebSocketFirewall1.BruteForce.TimeWindowSec := 60;
sgcWebSocketFirewall1.BruteForce.BanDurationSec := 600;
// Report failed logins from the authentication handler
procedure TForm1.ServerAuthentication(Connection: TsgcWSConnection;
aUser, aPassword: String; var Authenticated: Boolean);
begin
Authenticated := ValidateCredentials(aUser, aPassword);
if not Authenticated then
sgcWebSocketFirewall1.RegisterFailedAttempt(Connection.IP);
end;