Forum Discussion

Altocumulus

Jan 22, 2020

help custom policy brute force attack asm!!

hello I have problems thinking about how to make a restriction for the search of a value, in a form I have a field called account number and a search button, you want to limit that search to only 3 a...

Noctilucent

Jan 22, 2020

Hello Omar.

You need to configure Brute Force Protection.

Depends on your release, you have this:

13.0 or higher - https://support.f5.com/csp/article/K18650749
12.1 - https://techdocs.f5.com/kb/en-us/products/big-ip_asm/manuals/product/asm-implementations-12-1-0/6.html

Another example of configuration

REF - https://clouddocs.f5.com/training/community/waf/html/class8/module2/lab2.html

In your approach, I would use "email" field as username and "account" as password (check your html tags)

Use the access validation to let the application knows when someone introduce one field just for testing (maybe one specific field in the server response).

Let me know if it helps.

KR,

Dario.

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)