Forum Discussion

Altostratus

Jun 25, 2025

Brute Force Protection – Credentials in Nested JSON

Hello,

I am trying to configure brute force protection. In our case, the username and password are transmitted to the application through a JSON parameter called p-json.

How does F5 detect parameters that are nested inside another parameter? As shown below, the values of the username and password are stored under the "v" field:

I would appreciate your guidance on how to handle this case properly with F5.

application delivery

security

2 Replies

Hamza_derbali
Altostratus
Jun 26, 2025
UP
- Hamza_derbali
  Altostratus
  Jul 02, 2025
  Dear Mr. Amine_Kadimi
  I hope you are doing well.
  Could you please assist me ? Your expertise would be greatly appreciated.

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Brute Force Protection – Credentials in Nested JSON

2 Replies

Jonathan - March 2026 Featured Member

F5 AppWorld 2026 Las Vegas - iRules Contest Winners!

2026 F5 DevCentral MVP Announcement

Recent Discussions

F5 DNS Logs in JSON Format

APM - Portal access - Issue

How to configure ssh access by key on F5OS

ASM/AWAF declarative policy

Help with an iRule to disconnect active connections to Pool Members that are "offline"

Related Content

AppSec Made Easy: Credential Protection

Overview of MITRE ATT&CK Tactic : TA0006-Credential Access

L7 DoS Protection with NGINX App Protect DoS

Runtime API Security: From Visibility to Enforced Protection

OWASP Automated Threats - Credential Stuffing (OAT-008)

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS