sim2022
Nov 10, 2022Nimbostratus
ASM Policy that could read response and block source IP
Hi All
Is there a WAF Policy that could be configured to read the response sent by my webserver to the user and block the source IP if the response has "xx" number of unauthenticated occurrences within a specific period of time from the same source IP?
Was wondering if this type of configuration would auto-block the source IP that is attempting an ongoing password-spraying or credential-stuffing attack on the website, considering the ReCaptcha is somehow bypassed.
Does F5's ASM have this capability?
Thanks
Sam