For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Muhammad_Faroo1's avatar
Muhammad_Faroo1
Icon for Nimbostratus rankNimbostratus
Oct 14, 2021

Brute Force Prevention For Mobile Applicaiton

Hi dev community,   BF Protection works like a charm for Web applications . I have a very specific requirement to configure bf protection for mobile applications. What are possibilites we can pr...
Daniel_Wolf's avatar
Daniel_Wolf
Icon for MVP rankMVP
Oct 15, 2021

Hi ,

 

what kind of brute force attacks do you expect on this authentication method?

You could configure the BIG-IP to validate the JWT token. I am guessing now - is the mobile app accessing some kind of API and the JWT is used for authentication? Then maybe you want to look at APM and API Protection. You can do token validation and rate limiting with API Protection.

Link: API Protection Concepts

 

Another good read on JWT is this one: JWT: A How Not to Guide

 

I hope this is a good starting point for you.

 

KR

Daniel