We have a Secure Proxy engine that is exposed to the internet. As such we are subjected to a large number of "probing" login attempts from usernames such as "root", "admin", etc.
All of our login attempts are passed to a Sterling External Authentication server for authentication through LDAP. With the current setup we wind up with tens of thousands of failed login attempts daily, causing load on our SEAS engine and LDAP servers, and also filling the SEAS logs with thousands of lines of garbage errors from these failed login attempts.
It would be useful to be able to restrict login attempts at the Secure Proxy level so that known invalid-ids are not even allowed to attempt authentication. This would reduce load on the authentication / LDAP servers, and also make the product more secure as there would be no chance of a user being able to break into a privileged ID if one happens to exist in LDAP.
Ideally it would be preferable if we could configure a pattern / patterns (perhaps using regex) that an allowed username must match in order to be allowed to attempt authentication. If not, it would at least be helpful to be able to blacklist specific usernames so they would not be allowed past the proxy.