A10 aFlex: Temporary blacklist clients based on failed logins

I was asked if i could find a way to temporary blacklist clients after x failed logins. The reason was to avoid lockout in AD when users changed their passwords, but forgot to change the password in their phones connected through ActiveSync.

If a phone connects to ActiveSync with the wrong password, resulting in a error 401, i should be able to catch that and save the IP in a table. If it re-occurs 4 times or more in less then 10 minutes than the A10 should remember this and drop the traffic, resulting in request not being sent to the mail server and the AD account not being locked out.

Thats the theory. Below is my current solution, very much in POC state but my initial testing looks promising 🙂 But i’m sure there are many aFlex/TCL gurus out there to correct me. I’m certainly not one of them!

A few notes:

  • Because i write failed attempt to temp-table, the blacklist is 10 minutes after the last failed logins. This is probably longer than needed.
  • maxfadiledrequests is set to 5, because it always start at 2 for me.. and i’m not sure why. I did expect it to start at 1 since the initial status from server is 401, but not 2.
  • holdtime is the the in seconds the address is blocked
  • You should probably not write to log in a production environment


Leave a Reply

Your email address will not be published. Required fields are marked *