ASM brute force configuration for Exchange EWS

Question

Hello,&nbsp;We want to configure brute force protection on the exchange ews login page https://abc.com/ews/exchange.asmx.&nbsp;When we use in authentication-type HTML and parameters (username&amp;password) in login url, username is not detected and when we test protection it's not working. And it is the same with when we use authentication-type NTLM in the login url, username is not detected and protection is not working.&nbsp;Need help to configure it.&nbsp;Thanks.

boneyard · Answer

how do you determine it is not working?&nbsp;when you normally go to the page do you get a logon page or just NTLM or HTTP Basic single sign on?&nbsp;you do SSL offloading if that is required?&nbsp;which TMOS version? not 11.6 by chance? https://support.f5.com/csp/article/K05113177

Forum Discussion

ASM brute force configuration for Exchange EWS

Recent Discussions

How to Renew F5 Device Certificate

BIG IP LTM - Multiple application on single VIP with multiple ports allowed.

How to export a list of paired external service providers from APM?

Service discovery is not happening in AS3

Statistics ›› Analytics : HTTP : Overview

Related Content

Brute Force protection for single parameter like OTP

HTTP Brute Force Mitigation Playbook: Bot Profile for Brute Force Mitigations - Chapter 5

ASM or AWAF Exchange 2019 OWA Protection against Brute force Attacks!

HTTP Brute Force Mitigation Playbook: BIG-IP LTM Mitigation Options for HTTP Brute Force Attacks - Chapter 3

HTTP Brute Force Mitigation Playbook: Slow Brute Force Protection Using Behavioural DOS - Chapter 6

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS