Forum Discussion

Nimbostratus

May 07, 2019

ASM Login Page protection for Basic Authentication without failed string

Hello, Its possible to create and configure an ASM Login Page for Brute Force protection to a system that uses APM Basic Auth (401) and does not send any String for failed/wrong username? According...

apm login page

application delivery

ASM Advanced WAF

BIG-IP Access Policy Manager (APM)

brute force

security

nathe

Cirrocumulus

May 07, 2019

Hugo Frauches,

What about adding a positive string for when the user successfully logs in? Does APM send back a specific string, http response code etc. when a successful logon happens? You can add this. If the ASM doesn't see this then it will conclude it's a failed login.

HTH,

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

ASM Login Page protection for Basic Authentication without failed string

Recent Discussions

Background Tasks

APM with EntraID as idP / request signed

Should config via cli rather than gui?

APM Modern Customization - modify Header in user-common.js and form in user-logon.js

Which process is consuming higher CPU

Related Content

ForgeRock with F5 Distributed Cloud (XC) Account Protection and Authentication Intelligence

L7 DoS Protection with NGINX App Protect DoS

Beyond REST: Protecting GraphQL

F5 BIG-IP Access Policy Manager (APM) - Google Authenticator and Microsoft Authenticator

Managing NGINX App Protect WAF for Beginners

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS