For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Frank_Schuhmach's avatar
Frank_Schuhmach
Icon for Altostratus rankAltostratus
Aug 06, 2014

Brute Force Protection Configuration, Access Validation match sucessfull logons with Location Header, Syntax ?

I have a problem with ASM in the Brute Force Protection Configuration, Access Validation match sucessfull logons. The response of the logon page is only a redirect ( no further content ), here in cas...
ASM Advanced WAF
deployment
security
Frank_Schuhmach's avatar
Frank_Schuhmach
Icon for Altostratus rankAltostratus
Aug 14, 2014

After several tests it seems that the ASM cannot work with wildcards or regex in the expected validation header name and value field. So i found a solution writing iRule inserting an additional header in the server response. The iRule inserts the header before the ASM inspects the response. ASM now checks Expected validation header name and value field for "Login: succeeded"

when HTTP_REQUEST {
     check if request is /shop/login.do , setting is_logon as flag 
    if { [HTTP::uri] equals "/shop/login.do" } {
        set is_logon true
    } else { set is_logon false }
}

when HTTP_RESPONSE {
     check if response is a Redirect and my flag is_logon set
    if { [HTTP::is_redirect] && $is_logon } {
           if { [HTTP::header Location] ends_with "/shop/viewLoginForm.do" } {
             HTTP::header insert Login failed
           }
           elseif { [HTTP::header Location] ends_with "/shop/viewUserHome.do" || [HTTP::header Location] ends_with "/shop/initiateOrder.do" } {
             HTTP::header insert Login succeeded
           }
     }
}
  • David_Martin's avatar
    David_Martin
    Icon for Nimbostratus rankNimbostratus
    Mar 21, 2019

    Great idea!, thanks for sharing