Block IP after it tries for GET/autodiscover/autodiscover.json

Steve Hoyer

• May 19, 2023 17:14

I noticed this in my log

I don't see any reason to allow this IP address to connect to our server again. Is there a way for me to block an IP after it tries the "GET /autodiscover/autodiscover.json" gambit? 

 

0

• 

  Jeff Scott

  Product Support

  • May 19, 2023 18:03

  Hi Steve,

  Thanks for reaching out.  There is no way to block an IP based off of a specific command.  If you have auto-blocking enabled, they would be blocked based off of your settings.  You can read more about the automatic threat blocking here: https://support.cerberusftp.com/hc/en-us/articles/115001954410-Automatic-Threat-Blocking  

  0
• 

  Steve Hoyer

  • May 19, 2023 20:37

  I do have Auto-Blocking  and DoS Protection enabled, but they didn't try to log in, just tried to run the GET command right off after connecting. They also didn't try to hit the server enough times to elevate to DoS. I checked and their IP is not in the auto block list.

  0
• 

  Jeff Scott

  Product Support

  • May 22, 2023 15:24

  Thanks for the feedback, Steve.  In a scenario like this, you would need to manually add the IP address.  I can open an internal ticket to investigate if it is possible to create an enhancement based off of your feedback for blocking based off of the specific command.  I apologize for any inconvenience that this causes.  

  0

Please sign in to leave a comment.