Forum Discussion
omar_padilla
Altocumulus
Altocumulushelp custom policy brute force attack asm!!
hello I have problems thinking about how to make a restriction for the search of a value, in a form I have a field called account number and a search button, you want to limit that search to only 3 a...
Dario_Garrido
Noctilucent
NoctilucentHello Omar.
You need to configure Brute Force Protection.
Depends on your release, you have this:
- 13.0 or higher - https://support.f5.com/csp/article/K18650749
- 12.1 - https://techdocs.f5.com/kb/en-us/products/big-ip_asm/manuals/product/asm-implementations-12-1-0/6.html
Another example of configuration
REF - https://clouddocs.f5.com/training/community/waf/html/class8/module2/lab2.html
In your approach, I would use "email" field as username and "account" as password (check your html tags)
Use the access validation to let the application knows when someone introduce one field just for testing (maybe one specific field in the server response).
Let me know if it helps.
KR,
Dario.
