For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

jban_198207's avatar
jban_198207
Icon for Cirrus rankCirrus
Nov 17, 2015

Brute force detection with custom HTML form

I have Web server that requires authentication with Username and password, but it’s not classic let say IIS Form.

 

Basically, in Fiddler I don’t see WebForms in /Login/ UR, after I enter username and password site is redirected /somedir/Login with POST command where you have something like param1=username&param2=password, … and then it comes back to /Login/

 

F5 with AutoBuilder don’t see /somedir/Login that I have in Fidler?

 

How can I create Brute Force detection for this situation.

 

BIG-IP
security

2 Replies

  • melcaniac's avatar
    melcaniac
    Icon for Cirrus rankCirrus
    Nov 17, 2015

    What does a failed /Login/ response look like? I would focus on their distinction from a good /Login/ response. Do you have a Fiddler Trace?

     

  • jban_198207's avatar
    jban_198207
    Icon for Cirrus rankCirrus
    Nov 17, 2015

    Solved, Thank you. I review difference between good and bad and find some difference in JavaScript code that gives me good String. : )