blog: Add PortSwigger lab walkthrough (Broken brute-force protection, IP block)

[Wryhder]

@kingthorin I tried to add callouts/admonitions (called alerts in the Hugo docs) like this to match the look in the Notion doc, but it doesn't seem to work:

> [!NOTE]
> Useful information that users should know, even when skimming content.

Can I add a template for alerts as shown in the docs here?

[psiinon]

Checkmarx One – Scan Summary & Details – 63d47ee5-1de3-4037-84ae-564fb9a3b40c

Great job, no security vulnerabilities found in this Pull Request

[kingthorin]

I'm fine with that being added.

@psiinon, @thc202 do we want those in a separate PR then rebase the blog on top after accepted/merged??

[Wryhder]

Leaving a comment here about force-pushed changes. I added the sign-off trailer.

EDIT: @kingthorin I don't remember being prompted to sign the CLA when I created this PR. Do I need to create a PR to the CLA repo?

[kingthorin]

Nope you're good, CLA isn't enabled for this repo. Thanks for checking though.

[Wryhder]

@kingthorin I was working through a different lab and realized I got some details in this walkthrough mixed up with details from another lab. I'll correct the inaccuracies and let you know when this is ready for review again.

[kingthorin]

Thanks for the heads up. I hadn't gone to look at the lab at all, so we easily could have missed that.....

[psiinon]

Thanks for this! As you've probably noticed we've got another Portswigger lab PR outstanding #2973 so we'll aim to get that one published first and then focus on this one 😁

[kingthorin]

This can be rebased now

[Wryhder]

I'll try to do a thorough review of the text and details over the next few days.

Alright, thank you!

[kingthorin]

To address the DCO requirement you'll need to sign-off the commit(s):

• https://github.com/zaproxy/zaproxy/blob/main/CONTRIBUTING.md#developer-certificate-of-origin
• https://git-scm.com/docs/git-commit#Documentation/git-commit.txt---signoff

Handle this how you like, but I find it's easiest to collapse all the commits into one and just do the signoff on that one.

[Wryhder]

@kingthorin I've read through your comments (left replies on some). I'll address them within the next few days. Thanks for being so thorough with your review. Appreciate it!

[kingthorin]

No problem at all, thanks for tackling this!

[Wryhder]

@kingthorin I've implemented all feedback from your review. Also fixed the DCO issue (I had the trailer in the previous commits but was modifying it manually and it ended up being invalid).

Didn't squash commits because I wanted to keep the history (initial article vs current one).

[kingthorin]

Assuming that one filename/reference thing is addressed I'm good with this article now.

[Wryhder]

@kingthorin I've made the filename change. Also squashed a few commits.

[Wryhder]

Force-pushed change is more squashing. Done now.

[Wryhder]

@kingthorin My apologies. Missed a couple of spots.

[psiinon]

I've updated the date to today and made some minor tweaks to address @thc202's feedback

[thc202]

Thank you both!

[psiinon]

Thanks @Wryhder and sorry this took so long to get published. Its now live on https://www.zaproxy.org/blog/2025-04-09-portswigger-labs-broken-brute-force-protection-ip-block/ and shared via the usual social media sites 😁

[kingthorin]

Thanks @Wryhder !!

[Wryhder]

@thc202 Thanks a bunch for your review.

Thanks @psiinon for making the changes. Article looks good, thank you! I'll repost.

And thanks again @kingthorin for your help with this.