New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[建议] 频率限制后仅触发人机验证 #226
Labels
Comments
提示: 创建前请搜索一下是否有重复问题。一个 issue 尽量只描述一个问题。 简洁、准确的描述有助于集中大家的意见,推进问题尽快解决 这个 issue 只讨论 1 。
|
Lorna0
changed the title
[建议] 1.优化CC拦截策略,联动人机交互或验证码,2.增加拦截页面自定义,3.针对不同的域名站点进行不同的策略
[建议] 频率限制后仅触发人机验证
Aug 18, 2023
建议,可以增加动作选项,触发后的动作,观察、拦截、人机验证,每个站点可以单独进行设置 |
强烈建议人机验证结合高频攻击和高频访问 |
+1 |
高频访问添加人机验证 这个功能还是可以的,毕竟正常用户如果被误伤了可以尽可能减少对业务的影响 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
背景与遇到的问题
1.访问频率直接封堵会有部分误挡,影响体验
2.拦截返回页不能自定义
3.所有站点统一策略生效,不够灵活
建议的解决方案
1.CC 联动人机交互验证,首次单位时间内触发CC的,弹出人机交互验证,人机交互验证通过后,再次触发的,按设定阈值进行ip拦截和释放
2.拦截展示页面自定义
3. 每个站点的策略能单独配置,增强策略配置的灵活性
The text was updated successfully, but these errors were encountered: