For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

toneman172_1806's avatar
toneman172_1806
Icon for Nimbostratus rankNimbostratus
Nov 22, 2017

Brute Force Protection

Hello, When configuring brute force protection on v12.1.2, it seems session-based protection overrides dynamic protection since a user will be blocked after the 'Login Attempts From The Same Client' ...
ASM Advanced WAF
security
nathe's avatar
nathe
Icon for Cirrocumulus rankCirrocumulus
Nov 24, 2017

Toneman172,

 

Session and dynamic based are mitigating two different scenarios so won't necessarily compete with each other.

 

Session based centres on cookies with a malicious user repeatedly attempting to login with same browser session on the same client.

 

Dynamic is more relevant to tool based attacks which don't use cookies so won't trigger session based attacks. Here asm is looking for high threshold attacks, most like from different IPs.

 

Also, session will send a blocking page in a http response so is a client mitigation and not one simply blocking an IP address.

 

Hope this helps,

 

N

 

Related Content