If I configure an Active Directory Lockout Policy, then someone can use repeated bad login attempts to lock users out.
How do I block an IP if enough bad login attempts come from it?
Can I do this through IIS or do I need something else?
I am running Exchange 2010 with Outlook Web access using IIS 7.5 on Windows 2008 Server Standard R2.
Best Answer
You may be able to do this through an add-on IIS component, but most places do it with an IDS/IPS device. The device sits on the network and sniffs traffic, and it should know a bit about the application. When it sees repeated bad login attempts, it should block or rate-limit the attacker IP address.