Recommendation for a site with authentication

If the site to be protected uses authentication, it is recommended to enable the following rules to protect against bruteforce attacks:

• Behavioral WAF • Brute-force protection • 2 WAAP Rules: One to identify the authentication URL (optional but can allow for better detection)

One to add a rate limiting on the Login page (thresholds must be adjusted according to your needs)