Brute Force Protection

Question

Hello,
When configuring brute force protection on v12.1.2, it seems session-based protection overrides dynamic protection since a user will be blocked after the 'Login Attempts From The Same Client' threshold has been exceeded.  Is dynamic protection still acting on brute force attempts even after session-based protection has blocked that session?  One more question... can anyone conform for me that session-based protection does NOT block by IP address?
Thanks!!&nbsp;

nathe · Answer

Toneman172,&nbsp;
Session and dynamic based are mitigating two different scenarios so won't necessarily compete with each other. &nbsp;
Session based centres on cookies with a malicious user repeatedly attempting to login with same browser session on the same client. &nbsp;
Dynamic is more relevant to tool based attacks which don't use cookies so won't trigger session based attacks. Here asm is looking for high threshold attacks, most like from different IPs. &nbsp;
Also, session will send a blocking page in a http response so is a client mitigation and not one simply blocking an IP address. &nbsp;
Hope this helps,&nbsp;
N&nbsp;

Forum Discussion

Brute Force Protection

Recent Discussions

In Radius auth, how to allow second attempt of token input when the first input is incorrect?

Submenus missing in ASM Security Tab

XC Bot defense question

LTM Rule, iRule, or Brute Force Configuration to Limit URL Access

NetScaler to F5 Migration

Related Content

Brute Force protection for single parameter like OTP

HTTP Brute Force Mitigation Playbook: Slow Brute Force Protection Using Behavioural DOS - Chapter 6

HTTP Brute Force Mitigation Playbook: Bot Profile for Brute Force Mitigations - Chapter 5

HTTP Brute Force Mitigation Playbook: BIG-IP LTM Mitigation Options for HTTP Brute Force Attacks - Chapter 3

iRule for Brute Force Password Guessing Attacks

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS