Forum Discussion

sim2022's avatar
sim2022
Icon for Nimbostratus rankNimbostratus
Nov 10, 2022

ASM Policy that could read response and block source IP

Hi All Is there a WAF Policy that could be configured to read the response sent by my webserver to the user and block the source IP if the response has "xx" number of unauthenticated occurrences wit...
security
Mohamed_Ahmed_Kansoh's avatar
Mohamed_Ahmed_Kansoh
Icon for MVP rankMVP
Nov 10, 2022

Hi sim2022 , 

> To log server responses , you can do as  below Article : 

 https://techdocs.f5.com/kb/en-us/products/big-ip_asm/manuals/product/asm-implementations-12-1-0/14.html

> to block number of specific of unauthenticated  trials at specific time slots , configure a brute force attack protection , follow the below articles: 

- https://support.f5.com/csp/article/K54335130

- https://support.f5.com/csp/article/K18650749

Note : you have to define your "login page" , with its parameters well , after that proceed in brute force protection profile. 

> I recommend to use brute force protection profile because you able to monitor and see unauthenticated user behavior well , also collect statistics if there is a brute force attack from ASM reporting.

I hope this helps you. 

Regards