Massive authentications from SP GoogleApps
fox at washington.edu
Tue Sep 3 12:23:58 EDT 2019
> It could also be handled in a lot of other ways at lower layers like the web server itself and that's probably more appropriate.
We have an F5 in front of our IdP. It blocks a source address on 20 hits
in 5 seconds, or 50 in 10 seconds, something like that. After a minute
the address is re-permitted. It needs no supervision and I've never
gotten any complaints.
More information about the users