For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

writemike's avatar
writemike
Icon for Nimbostratus rankNimbostratus
Aug 05, 2014

APM 11.5 Built-in Captcha Setup

Hello, I'm trying to find some documentation for the built-in "Captcha Configuration" Option under Access Profiles without much luck (APM 11.5.1 HF3). What I would like to do is have the captcha...
BIG-IP Access Policy Manager (APM)
deployment
design
security
ben_wyatt_12961's avatar
ben_wyatt_12961
Historic F5 Account
Sep 27, 2015

So in the APM Captcha settings the "Display CAPTCHA After Number of Logon Attempts Equals" actually means that the login attempt must be rejected by the auth server. I think "logon attempt" in this instance means "until failure" - so the entire attempt to logon - not just the first username and password entry.

 

So if the "Display CAPTCHA After Number of Logon Attempts Equals" setting is set to 1 then the user will need to see the "Your session could not be established" page once - i.e. their Logon Attempt fails/is rejected, and then when the user clicks on "To open a new session, please click here" in order to start a second Logon Attempt they will then see the captcha displayed.

 

If the APM Captcha "Display CAPTCHA After Number of Logon Attempts Equals" setting is set to 2, then the user will need to see the "Your session could not be established" page twice before the captcha appears - ie be rejected twice by the auth server.