ASM login url validation header name and value (BruteForce)

Question

Hi Team,&nbsp;
We are trying to configure bruteforce attack detection, but unable to understand how to configure login page url validation header name and value. we would like to validate based on location URL. for that we tried below option&nbsp;
Location: https://xyz.com/abc
"Location: https://xyz.com/abc"
"Location" = "https://xyz.com/abc"
"Location"="https://xyz.com/abc"
"location" equals "https://xyz.com/abc"&nbsp;
but these are not working. Any f5 documents also dont have single example for this.&nbsp;
Thanks, Sachin&nbsp;

nathe · Answer

I've tested this (very crudely) and just entered in:&nbsp;
Connection Keep-Alive&nbsp;
No quotes, or colons and a space between the header and value.&nbsp;
This worked for me.&nbsp;
In your case it might be&nbsp;
Location https://xyz.com/abc&nbsp;
I'd checked the output of curl, or httpfox to confirm the Location header/value - as I imagine you have.&nbsp;
Hope this helps,&nbsp;
N&nbsp;

Forum Discussion

ASM login url validation header name and value (BruteForce)

1 Reply

F5 Container Ingress Services (CIS) and using k8s traffic policies to send traffic directly to pods

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

F5 Software Downgrade from version 17.x.x to 15.x.x

Error diskmonitor

CPU utilization of F5OS on r2600

sslprovide (--f5 ssl) does not generate CLIENT/SERVER_TRAFFIC_SECRET on server-side TLS traffic

Hardware replacement i2800 to r2600

Related Content

Host Header Validation

POC: Validate JWT with iRule

Modernizing F5 BIG-IP Synchronized HA Pairs with Ansible Validated Content

Redirect Location header validator

Strict header Insertion

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS