Hugo_Frauches_3
May 07, 2019Nimbostratus
ASM Login Page protection for Basic Authentication without failed string
Hello,
Its possible to create and configure an ASM Login Page for Brute Force protection to a system that uses APM Basic Auth (401) and does not send any String for failed/wrong username? According the F5 Documentation on how to create a Login page, its needs to configure a failed string:
A string that should NOT appear in the responseA string that indicates a failed login attempt and prohibits user access to the authenticated URL; for example, Authentication failed.
So my question is, its possible to configure APM to send 401 with an failed string, so it can be detected by ASM on Brute Force Login Mitigation?
**For the ASM protection on APM VS, im using the layered Virtual Server configuration.