AMS brute force protection Dynamic

Brute force protection requires the identification of a login page that you wish to protect. The brute force protection mechanism counts failed login attempts, not simply requests per second. Are your curl requests aimed at a login page? If not, try using web scraping bot detection. It sounds like that's what you are after.

Actually, after re-reading your question, it sounds like you have identified a login page. There are a few settings for each login URL that need to be checked against your curl command. What authentication type are you using for the page? If there are parameters such as username and password, are those correctly placed inside curl? What access validation have you selected? Make sure that your access validation is getting triggered by the curl command.

Hi mherman31, Did you enable BF via Default profile or via profile for certain login URL? If "Default" do not forget to set "Brute Force Protection" checkbox explicitly.

Dynamic BF needs a bit time to detect attack and apply mitigation 10 requests may be not enough. So please continue sending failed login attempts a bit longer with RPS>3 to let Dyn BF detect attack and mitigate it.