f5 asm login pages / brute force detection header value

Question

Hello,&nbsp;
I am trying to configure brute-force prevention and login pages.
I have a header value that is set when the login fails on the specified login URL: 
"login-failed: true".&nbsp;
When the login succeeds there is no header like "login-failed: false" or "login-successful: true"&nbsp;
The problem is that the signon page is used for many different apps and this is the only thing that is in common for them all when the login fails.&nbsp;
&nbsp;
Seems the "String that should not appear" is only scanning for body text so detecting failed logins is not working.&nbsp;
Are the only ways to make this work to tell the application guys to add "login-failed: false" or "login-succesful: true" header?&nbsp;

chris_grant · Answer

The application would need to have a header or string that signified a successful login for you to be able to use a header. We support the use of a header to signify success, but not to signify failure. We tend to assume failure until shown success. You can always open a support case and make a Request For Enhancement (RFE). We can send that to PD and request this feature, but can't guarantee when it might be implemented (or even if).

Forum Discussion

f5 asm login pages / brute force detection header value

Recent Discussions

Help needed with iRule (connection closed log )

AS3 Limitations

Use of SSL Decryption.

VLAN Failsafe Functionality

FTP PASV mode to Extended Passive mode

Related Content

SSL Orchestrator Advanced Use Cases: Detecting Generative AI

Bidirectional Forwarding Detection (BFD) Protocol Cheat Sheet

(HTTP) Redirection via Arbitrary Host Header

Bypass Azure Login Page by adding a login hint in the SAML Request

Operationlizing Online Fraud Detection, Prevention, and Response

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS