IBM Sterling Ideas

Submit new product ideas for IBM Sterling solutions. Before you submit, please review existing ideas; if an idea close to yours already exists, it's better to add comments or vote on the existing idea. We will review your ideas and use them to help prioritize our product development. Best of all, the portal will automatically update you when the status of your idea has been changed.

IBM is transforming its request for enhancement (RFE) process. The purpose of the transformation is to provide a more consistent experience for you to submit requests and to enable IBM product owners to respond to your requests more quickly. For more information click here.

Connect with IBM experts and your peers on the Supply Chain Collaboration Community and the Order Management Interest Group

Block users from attempting authentication at the Secure Proxy level

We have a Secure Proxy engine that is exposed to the internet. As such we are subjected to a large number of "probing" login attempts from usernames such as "root", "admin", etc.

All of our login attempts are passed to a Sterling External Authentication server for authentication through LDAP. With the current setup we wind up with tens of thousands of failed login attempts daily, causing load on our SEAS engine and LDAP servers, and also filling the SEAS logs with thousands of lines of garbage errors from these failed login attempts.

It would be useful to be able to restrict login attempts at the Secure Proxy level so that known invalid-ids are not even allowed to attempt authentication. This would reduce load on the authentication / LDAP servers, and also make the product more secure as there would be no chance of a user being able to break into a privileged ID if one happens to exist in LDAP.

Ideally it would be preferable if we could configure a pattern / patterns (perhaps using regex) that an allowed username must match in order to be allowed to attempt authentication. If not, it would at least be helpful to be able to blacklist specific usernames so they would not be allowed past the proxy.
  • Avatar32.5fb70cce7410889e661286fd7f1897de Guest
  • Jan 8 2018
  • Delivered
What is the idea priority? Medium
DeveloperWorks ID DW_ID100885
Link to original RFE
  • Attach files
  • Admin
    VIJAY CHOUGULE commented
    14 Mar, 2019 03:28pm

    The Proxy blacklisting feature is implemented in IBM Secure Proxy 6.0 release which is Generally available now.

  • Avatar40.8f183f721a2c86cd98fddbbe6dc46ec9
    Guest commented
    12 Oct, 2018 01:47pm

    When can we expect this RFE part of product functionality  ?