IBM Sterling Ideas

formerly Watson Supply Chain

Submit new product ideas for IBM Sterling solutions. Before you submit, please review existing ideas; if an idea close to yours already exists, it's better to add comments or vote on the existing idea. We will review your ideas and use them to help prioritize our product development. Best of all, the portal will automatically update you when the status of your idea has been changed. Order Management, Store Engagement, Watson Order Optimizer, Inventory Visibility, CPQ and Call Center are now part of Watson Supply Chain

Connect with IBM experts and your peers on the Supply Chain Collaboration Community and the Order Management Interest Group

Block users from attempting authentication at the Secure Proxy level

We have a Secure Proxy engine that is exposed to the internet. As such we are subjected to a large number of "probing" login attempts from usernames such as "root", "admin", etc.

All of our login attempts are passed to a Sterling External Authentication server for authentication through LDAP. With the current setup we wind up with tens of thousands of failed login attempts daily, causing load on our SEAS engine and LDAP servers, and also filling the SEAS logs with thousands of lines of garbage errors from these failed login attempts.

It would be useful to be able to restrict login attempts at the Secure Proxy level so that known invalid-ids are not even allowed to attempt authentication. This would reduce load on the authentication / LDAP servers, and also make the product more secure as there would be no chance of a user being able to break into a privileged ID if one happens to exist in LDAP.

Ideally it would be preferable if we could configure a pattern / patterns (perhaps using regex) that an allowed username must match in order to be allowed to attempt authentication. If not, it would at least be helpful to be able to blacklist specific usernames so they would not be allowed past the proxy.
  • Avatar32.5fb70cce7410889e661286fd7f1897de Guest
  • Jan 8 2018
  • Delivered
How will this idea be used?
What is your industry?
What is the idea priority? Medium
DeveloperWorks ID DW_ID100885
Link to original RFE
  • Attach files
  • Avatar40.8f183f721a2c86cd98fddbbe6dc46ec9
    Guest commented
    October 12, 2018 13:47

    When can we expect this RFE part of product functionality  ?

  • Admin
    VIJAY CHOUGULE commented
    March 14, 2019 15:28

    The Proxy blacklisting feature is implemented in IBM Secure Proxy 6.0 release which is Generally available now.