Forum Discussion
sim2022
Nimbostratus
NimbostratusASM Policy that could read response and block source IP
Hi All
Is there a WAF Policy that could be configured to read the response sent by my webserver to the user and block the source IP if the response has "xx" number of unauthenticated occurrences within a specific period of time from the same source IP?
Was wondering if this type of configuration would auto-block the source IP that is attempting an ongoing password-spraying or credential-stuffing attack on the website, considering the ReCaptcha is somehow bypassed.
Does F5's ASM have this capability?
Thanks
Sam
Hi sim2022 ,
> To log server responses , you can do as below Article :
> to block number of specific of unauthenticated trials at specific time slots , configure a brute force attack protection , follow the below articles:
- https://support.f5.com/csp/article/K54335130
- https://support.f5.com/csp/article/K18650749
Note : you have to define your "login page" , with its parameters well , after that proceed in brute force protection profile.
> I recommend to use brute force protection profile because you able to monitor and see unauthenticated user behavior well , also collect statistics if there is a brute force attack from ASM reporting.
I hope this helps you.
Regards
