Forum Discussion
yosry92_331999
Nimbostratus
Nimbostratushow can i block brute force in 2 separated login parameters in 2 diff pages?
how can i block brute force for 2 separated parameters in 2 diff pages?
the application has username in first page when u enter it it will redirect to password page . can i block brute force in ...
Stanislas_Piro2
Cumulonimbus
CumulonimbusHi,
You can try code like this (not tested)
it capture username in the first request, then store it for next request.
when the user send the password, it insert the username in the payload to allow ASM burteforce protection.
when ASM allowed the request, replace the payload by the previous one (in HTTP_REQUEST_SEND event)
when HTTP_REQUEST {
if {[HTTP::uri] equals "/login"} {
replace the cookie name by the application cookie used to follow the session
set key [HTTP::cookie value mycookie]
if {[HTTP::header exists "Content-Length"] && [HTTP::header "Content-Length"] <= 1048576}{
set content_length [HTTP::header "Content-Length"]
} else {
set content_length 1048576
}
Check if $content_length is not set to 0
if {($content_length > 0)} {
HTTP::collect $content_length
}
}
}
when HTTP_REQUEST_DATA {
if {[set username [URI::query "?[HTTP::payload]" username]] ne ""} {
table set -subtable BruteForceProtection $key $username 300 900
} elseif {[set username [URI::query "?[HTTP::payload]" password]] ne ""} {
set username [table lifetime -subtable BruteForceProtection -remaining $key]
set payload [HTTP::payload]
HTTP::payload replace 0 [HTTP::payload length] "$payload&username=$username"
set plength [HTTP::payload length]
HTTP::release
}
}
when HTTP_REQUEST_SEND {
if {[info exists $payload]} {
HTTP::payload replace 0 $plength "$payload"
unset payload
}
}
