feat: Brute force doc fixes (#181)

nginx · Feb 10, 2025 · 1c6176c · 1c6176c
1 parent 96d8185
commit 1c6176c
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 4 deletions.
diff --git a/content/nap-waf/v4/configuration-guide/configuration.md b/content/nap-waf/v4/configuration-guide/configuration.md
@@ -660,7 +660,8 @@ systematic, username/password combinations to discover legitimate authentication
 To prevent brute force attacks, NGINX App Protect WAF monitors IP addresses, usernames, and the number of failed login attempts beyond a maximum threshold. 
 When brute force patterns are detected, the NGINX App Protect WAF policy either trigger an alarm or block the attack if the failed 
 login attempts reached a maximum threshold for a specific username or coming from a specific IP address.
-To enable brute force protection, at least one login page must be created.
+To enable brute force protection, at least one login page must be created. 
+The login page entity is created separately and is not included in the brute force configuration block.
 
 ---
 
@@ -722,7 +723,8 @@ Example1: A single brute force configuration is applied universally to all login
 }
 ```
 
-Example2: Different brute force configurations can be defined for individual login pages.
+Example2: Different brute force configurations can be defined for individual login pages. 
+          With each configuration referencing a specific login page.
 ```json
 {
     "policy": {

diff --git a/content/nap-waf/v5/configuration-guide/configuration.md b/content/nap-waf/v5/configuration-guide/configuration.md
@@ -798,7 +798,8 @@ systematic, username/password combinations to discover legitimate authentication
 To prevent brute force attacks, NGINX App Protect WAF monitors IP addresses, usernames, and the number of failed login attempts beyond a maximum threshold. 
 When brute force patterns are detected, the NGINX App Protect WAF policy either trigger an alarm or block the attack if the failed 
 login attempts reached a maximum threshold for a specific username or coming from a specific IP address.
-To enable brute force protection, at least one login page must be created.
+To enable brute force protection, at least one login page must be created. 
+The login page entity is created separately and is not included in the brute force configuration block
 
 ---
 
@@ -861,7 +862,8 @@ Example1: A single brute force configuration is applied universally to all login
 }
 ```
 
-Example2: Different brute force configurations can be defined for individual login pages.
+Example2: Different brute force configurations can be defined for individual login pages. 
+          With each configuration referencing a specific login page.
 ```json
 {
     "policy": {