Forum Discussion

SSHSSH_97332's avatar
Icon for Nimbostratus rankNimbostratus
Jan 26, 2012

Forceful Browsing attack

i wanted to show the customer sample of detecting this attack , i have Vs directing to a pool member = ( which is a switch )

i access this switch using its Vs ip :


to simulate forecful browsing attack , i defined allowed URLs to be , then tried to access , but nothing was logged under reports> charts , please advise ?




2 Replies

  • nathe's avatar
    Icon for Cirrocumulus rankCirrocumulus



    I'm not 100% certain on this but in Policy - Blocking - Settings and under Access Violations, do you need to have the boxes for "Login Object Bypassed" ticked e.g. Learn, Alarm or Block?



    Just a thought on this one.



  • Also, if you're new to ASM and want to demo it to one of your customers, you might try talking with your local F5 or partner SE. They should be able to give you some vulnerable applications and sample ASM policies.