Forum Discussion
2funky_105078
Cirrus
CirrusBrute-force prevention on specific URLs
Hi,
I see ASM DOS profile can protect "by URL" but we cannot specify which one, why?
On the other hand, under "Session tracking" menu we can list the login pages, but we cannot apply CAPTCH...
samstep
Cirrocumulus
CirrocumulusThanks for raising an RFE - I never understood why F5 never made username/password parameters on the Login Page an existing parameters from the policy which would have allowed you to define wildcards.
Re: DOS protection for specific URL - you can always create a SEPARATE ASM policy with just DOS profile which triggers on specific URLs only and assign it to virtual server separately - it makes it easier to manage.
