Redirect sslvpn_logon.shtml to localhost
(12.11.1) We have disabled the sslvpn_logon page and in the logs we see a lot of:
2025-03-09 10:38:08 wrapper nginx: 2025/03/09 10:38:08 [error] 5291#0: *29966 open() "/usr/share/web/none/sslvpn_logon.shtml" failed (2: No such file or directory), client: -removed-, server:
Is it possible to auto-block the offending IP for x number of hours or, even better, redirect them back to localhost on their own machine?
0
Sign In to comment.
Comments
Have you reviewed this article?
Detect and mitigate brute force attacks that target Mobile VPN with SSL (SSLVPN)
https://techsearch.watchguard.com/KB?type=Article&SFDCID=kA16S000000BcPmSAK&lang=en_US
Hi @AlGilson
If you have any older SSLVPN clients (e.g., not 12.11) they may try to pull down the SSLVPN profile via the old SSLVPN splash page. If the client has already connected, it has a copy of that profile cached.
If you're not already running the 12.11 client, please consider upgrading to that. You can find it at software.watchguard.com
-James Carson
WatchGuard Customer Support