Brute force Outlook mail

Question

We have brute force enabled for exchange login url and few users who has multiple mail accounts configured in single device are getting blocked with "Brute Force: Maximum login attempts are exceeded ". As per my understanding ASM Brute force is only looking for failed login attempts against the configured URL. But user account is valid and using right credentials. How F5 is tracking it as failed logins?&nbsp;
BF settings&nbsp;
Detection Period 60 Minutes
Maximum Prevention Duration 60 Minutes
Username Trigger:  After 10 failed login attempts
Action: Alarm and Captcha &nbsp;
User who have 3 mail boxes configured in a single device is having trouble since the connection  initiating from a single IP address.&nbsp;
Any thoughts ?&nbsp;

yuova · Answer

hello ,can you please share the configuration it doesn't work to me for owa .i put the authentication login as " [ HTTPS] POST&nbsp;/owa/auth.owa "

Forum Discussion

Brute force Outlook mail

Recent Discussions

ip x-forwarding

F5 ASM API-Protection Policy

ports are showing open on online scanning tool

Upgrade F5 BIGIP

DNS HM Probe issue

Related Content

Brute Force protection for single parameter like OTP

HTTP Brute Force Mitigation Playbook: Bot Profile for Brute Force Mitigations - Chapter 5

HTTP Brute Force Mitigation Playbook: BIG-IP LTM Mitigation Options for HTTP Brute Force Attacks - Chapter 3

HTTP Brute Force Mitigation Playbook: Slow Brute Force Protection Using Behavioural DOS - Chapter 6

HTTP Brute Force Mitigation Playbook: Overview - Chapter 1

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS