Forum Discussion

Nimbostratus

Sep 24, 2022

AWAF Brute Force protection not working for HTML Web application

Hi Team, I have configured login page and Brute force protection for my web application but it is not working: The content-type of the request is Content-Type: application/x-www-form-urlencoded be...

security

Mohamed_Salah_

MVP

Sep 25, 2022

Hello Ahmed,

Please make sure that the brute force settings in the learning and blocking settings is enabled, (blocked).

and modify the brute force profile and select the login page created in the ASM policy inside the brute force protection. if you have finished these steps, you can start changing the login condition:

for example try expected status code "302" as the response was 302.
or unexpected status code, for example "200"
Or unexpected string in the response and check for a string that shows when you login with wrong credntials, for example "login failed".

All of these results (expected and unexpected) can be found in the developer tool inside the response and headers tab.

Forum Discussion

AWAF Brute Force protection not working for HTML Web application

Recent Discussions

iRule resulting in too many redirects

ASM cookie, modifying "domain" field

URL

service profile HTTP in LTM v16.1?

Azure SAML - F5 APM

Related Content

aWAF DOS Protection Licensing

SSH proxy not working

HTTP::redirect doesn't work for multiple conditions, URL redirect doesn't work using iRule

Routing application traffic through management interface

How to protect Contact Form from spam?