Blocking insecure log-in page

Ben,

 

 

Appreciate the answers, but neither of the 2 I tried (a and c) worked for me. Option b is a bit more difficult -- ASM is on 3 stand-alone 8800's, configured in a pool, in which the Load-Balancing LTM 8800's send traffic. All of this traffic is from one http class per site -- I can hit the Load-Balance team up to do what you're suggesting, but I'd rather do it on the ASM's.

 

 

I created the parameter as a static -- and checked all the Access, Length and Input Violations on the blocking settings. It never alarmed, and subsequently, was never blocked. I didn't try it as a flow parameter, but that will be next. I've never done a Flow-based object parameter, and need to research it a little further.

 

 

Option c just didn't work -- and after I applied the signature globally, it wasn't blocking on any site's login URL, so I may have done something wrong. My signature was simple: uricontent:"/store/user/login.jhtml"; I also tried "headercontent", which didn't work either. I had turned off staging, and I was checking for violations in the log -- nothing.

 

 

Any further ideas? I'm still pretty stumped.

 

 

Thanks for your help!

 

 

Joel