Massive authentications from SP GoogleApps

Jim Fox fox at
Tue Sep 3 12:23:58 EDT 2019

> It could also be handled in a lot of other ways at lower layers like the web server itself and that's probably more appropriate.

We have an F5 in front of our IdP.  It blocks a source address on 20 hits 
in 5 seconds, or 50 in 10 seconds, something like that.  After a minute 
the address is re-permitted.  It needs no supervision and I've never 
gotten any complaints.


More information about the users mailing list