Forum Discussion
ASM Login Page protection for Basic Authentication without failed string
Hello,
Its possible to create and configure an ASM Login Page for Brute Force protection to a system that uses APM Basic Auth (401) and does not send any String for failed/wrong username? According the F5 Documentation on how to create a Login page, its needs to configure a failed string:
A string that should NOT appear in the responseA string that indicates a failed login attempt and prohibits user access to the authenticated URL; for example, Authentication failed.
So my question is, its possible to configure APM to send 401 with an failed string, so it can be detected by ASM on Brute Force Login Mitigation?
**For the ASM protection on APM VS, im using the layered Virtual Server configuration.
- natheCirrocumulus
Hugo Frauches,
What about adding a positive string for when the user successfully logs in? Does APM send back a specific string, http response code etc. when a successful logon happens? You can add this. If the ASM doesn't see this then it will conclude it's a failed login.
HTH,
N
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com