Forum Discussion
omar_padilla
Altocumulus
Altocumulushelp custom policy brute force attack asm!!
hello I have problems thinking about how to make a restriction for the search of a value, in a form I have a field called account number and a search button, you want to limit that search to only 3 attempts, think of the brute force policy attack but there is a login, ie a username and password and depending on that applies the policies, in my case I do not want a login because I have only one parameter, when I make 3 attempts to block the page for 60 min or something Like the brute force attack policy, could you guide me how can I do that?
Hello Omar.
You need to configure Brute Force Protection.
Depends on your release, you have this:
- 13.0 or higher - https://support.f5.com/csp/article/K18650749
- 12.1 - https://techdocs.f5.com/kb/en-us/products/big-ip_asm/manuals/product/asm-implementations-12-1-0/6.html
Another example of configuration
REF - https://clouddocs.f5.com/training/community/waf/html/class8/module2/lab2.html
In your approach, I would use "email" field as username and "account" as password (check your html tags)
Use the access validation to let the application knows when someone introduce one field just for testing (maybe one specific field in the server response).
Let me know if it helps.
KR,
Dario.
omar_padillaThat functionality if tested, works well for the login but in this case just fill in a field to find the number of accounts, in the url login of the f5 require 2 login and passwprd parameters, if I add the account number parameter and the other I leave it empty it doesn't work
Yes, you need to identify the user someway.
If you cannot do it with the email or another field in the form, I recommend you to modify the html to include a hidden field with information of the user (maybe cookie or something else).
Let me know if this helps.
KR,
Dario.
BTW, if you only want to block attempts by source IP you can do it using an iRule (counting the number of attempts and include those source IPs in a blacklist).
