Is there anyway to lock an IP address when Secure Sockets Layer (SSL)login has been wrongly entered for a certain times?
No. There's no way built into IIS. There are a couple of alternatives that may meet your needs.
The simplest is to have Web users authenticate to NT4 or Windows 2000 user accounts, and enable password lockouts. After x number of unsuccessful authentication attempts, the password will be locked out. This solution doesn't block a user's IP address, however, so it doesn't completely meet your needs.
It's also possible to create an ISAPI filter that intercepts incoming HTTP requests and counts the number of times requests from a given IP address include authentication information. If a specific address is attempting a brute-force attack, this ISAPI filter could manipulate the IIS metabase and institute Source-IP Filtering for that address. This meets your needs, but you'll have to do some coding.
Dig Deeper on Windows Server and Network Security
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.