Forum Discussion
Aaron_Chandra_3
Nimbostratus
NimbostratusBrute force detection- JSON Parameters
Hi All,
I would like to know the possibilities to protect an website,against brute force attempts, the site uses JSON parameters. we are using ASM version: 11.6) ,i know v-12 got json authentic...
It appears that there two options. Ideally, upgrade to 12.x and use the JSON brute force mitigation. On 11.x, you would have to either build a custom iRule to handle this. A quick search on devcentral shows:
https://devcentral.f5.com/codeshare/protecting-login-pages-against-brute-force-attack-v1
You could use this as starting point. If you are unable to customize this please check https://f5.com/support/professional-services/consulting-services/irules-ondemand
Alternatively, you could try to detect the brute force login attempts using DOS by limiting the number of Requests from a given source ip.
