F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

2funky_105078's avatar
2funky_105078
Icon for Cirrus rankCirrus
Aug 21, 2017

Brute-force prevention on specific URLs

Hi,   I see ASM DOS profile can protect "by URL" but we cannot specify which one, why?   On the other hand, under "Session tracking" menu we can list the login pages, but we cannot apply CAPTCH...
ASM Advanced WAF
security
samstep's avatar
samstep
Icon for Cirrocumulus rankCirrocumulus
Aug 23, 2017

Thanks for raising an RFE - I never understood why F5 never made username/password parameters on the Login Page an existing parameters from the policy which would have allowed you to define wildcards.

 

Re: DOS protection for specific URL - you can always create a SEPARATE ASM policy with just DOS profile which triggers on specific URLs only and assign it to virtual server separately - it makes it easier to manage.

 

Related Content