Forum Discussion

omar_padilla's avatar
omar_padilla
Icon for Altocumulus rankAltocumulus
Jan 22, 2020

help custom policy brute force attack asm!!

hello I have problems thinking about how to make a restriction for the search of a value, in a form I have a field called account number and a search button, you want to limit that search to only 3 a...
application delivery
ASM Advanced WAF
LTM
security
omar_padilla's avatar
omar_padilla
Icon for Altocumulus rankAltocumulus

That functionality if tested, works well for the login but in this case just fill in a field to find the number of accounts, in the url login of the f5 require 2 login and passwprd parameters, if I add the account number parameter and the other I leave it empty it doesn't work

Dario_Garrido's avatar
Dario_Garrido
Icon for MVP rankMVP
Jan 22, 2020

Yes, you need to identify the user someway.

If you cannot do it with the email or another field in the form, I recommend you to modify the html to include a hidden field with information of the user (maybe cookie or something else).

 

Let me know if this helps.

 

KR,

Dario.

  • Dario_Garrido's avatar
    Dario_Garrido
    Icon for MVP rankMVP
    Jan 23, 2020

    BTW, if you only want to block attempts by source IP you can do it using an iRule (counting the number of attempts and include those source IPs in a blacklist).

  • omar_padilla's avatar
    omar_padilla
    Icon for Altocumulus rankAltocumulus
    Jan 23, 2020

     

    I find it interesting to do it by irule, I am trying to think in the appropriate way to do it, I understand that the http protocol is stateless so I suppose that for each search of an account a new connection is initiated, I know that I must call the http_request event to to be able to use the logic of finding the resource that I want to limit.

    but how can I save in a variable that counts the number of queries to that resource, if in each request a new CLIENT_ACCEPTED event is executed {, will I have to validate it with the coockie?